ISCSI
共享快设备
fc-san
需要光钎交换机才能使用[fc - 光钎]
ip-san
tcp/ip 具有独立计算功能
软件形式:
toe
硬件形式:
HBA的存储卡
服务端
先分一个快设备出来用于共享
partprobe /dev/sdb1
贡献度是没有文件系统的裸设备
yum install targetcli #toe
systemctl enable target #开机自启
targetcli
[root@desktop22 ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb34
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> ls
o- / ................................................................................ [...]
o- backstores ..................................................................... [...]
| o- block ......................................................... [Storage Objects: 0]
| o- fileio ........................................................ [Storage Objects: 0]
| o- pscsi ......................................................... [Storage Objects: 0]
| o- ramdisk ....................................................... [Storage Objects: 0]
o- iscsi ................................................................... [Targets: 0]
o- loopback ................................................................ [Targets: 0]
/backstores> block/ create joinlabs /dev/sdb1
Created block storage object joinlabs using /dev/sdb1.
cd iscsi
/iscsi> create iqn.2017-08.com.example:192.168.0.22
Created target iqn.2017-08.com.example:192.168.0.22.
Created TPG 1.
/iscsi> cd iqn.2017-08.com.example:192.168.0.22/
/iscsi/iqn.20...:192.168.0.22> ls
o- iqn.2017-08.com.example:192.168.0.22 ......................................... [TPGs: 1]
o- tpg1 .......................................................... [no-gen-acls, no-auth]
o- acls ..................................................................... [ACLs: 0]
o- luns ..................................................................... [LUNs: 0]
o- portals ............................................................... [Portals: 0]
/iscsi/iqn.20...:192.168.0.22> cd tpg1/
/iscsi/iqn.20...168.0.22/tpg1> ls
o- tpg1 ............................................................ [no-gen-acls, no-auth]
o- acls ....................................................................... [ACLs: 0]
o- luns ....................................................................... [LUNs: 0]
o- portals ................................................................. [Portals: 0]
/iscsi/iqn.20...168.0.22/tpg1> acls/ create iqn.2017-08.com.example:server
Created Node ACL for iqn.2017-08.com.example:server
/iscsi/iqn.20...168.0.22/tpg1> ls
o- tpg1 ............................................................ [no-gen-acls, no-auth]
o- acls ....................................................................... [ACLs: 1]
| o- iqn.2017-08.com.example:server .................................... [Mapped LUNs: 0]
o- luns ....................................................................... [LUNs: 0]
o- portals ................................................................. [Portals: 0
#映射luns设备
/iscsi/iqn.20...168.0.22/tpg1> portals/ create 192.168.0.22
Using default IP port 3260
Created network portal 192.168.0.22:3260.
/iscsi/iqn.20...168.0.22/tpg1> ls
o- tpg1 ............................................................ [no-gen-acls, no-auth]
o- acls ....................................................................... [ACLs: 1]
| o- iqn.2017-08.com.example:server .................................... [Mapped LUNs: 0]
o- luns ....................................................................... [LUNs: 0]
o- portals ................................................................. [Portals: 1]
o- 192.168.0.22:3260 ............................................................. [OK
#设置端口
#create可以使用delte删除,接口需要3260删除
/iscsi/iqn.20...168.0.22/tpg1> set attribute demo_mode_write_protect=0
Parameter demo_mode_write_protect is now '0'.
#关闭样板机写功能
/iscsi/iqn.20...168.0.22/tpg1> set attribute authentication=0
Parameter authentication is now '0'.
#关闭认证
/iscsi/iqn.20...168.0.22/tpg1> set attribute generate_node_acls=1
Parameter generate_node_acls is now '1'.
#把节点打开
上面三步必须的,没有就会出问题
#退出,他会自动保存你的设置
/iscsi/iqn.20...168.0.22/tpg1> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
#防火墙通过iscsi的端口3260
firewall-cmd --add-port=3260/tcp --permanent
客户端
yum install iscsiadm -y
iscsiadm -m discoverry -t sendtargets{st也可以} -p 192.168.0.19
[root@desktop43 ~]# iscsiadm -m discovery -t st -p 192.168.0.22
192.168.0.22:3260,1 iqn.2017-08.com.example:192.168.0.22
[root@desktop43 ~]# iscsiadm -m discovery -t st -p 192.168.0.22 -l
192.168.0.22:3260,1 iqn.2017-08.com.example:192.168.0.22
Logging in to [iface: default, target: iqn.2017-08.com.example:192.168.0.22, portal: 192.168.0.22,3260] (multiple)
Login to [iface: default, target: iqn.2017-08.com.example:192.168.0.22, portal: 192.168.0.22,3260] successful.
登录
[root@desktop43 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 512M 0 part /boot
└─sda2 8:2 0 13.8G 0 part
├─rhel-root 253:0 0 10G 0 lvm /
├─rhel-swap 253:1 0 1G 0 lvm [SWAP]
└─rhel-home 253:2 0 512M 0 lvm /home
sdb 8:16 0 1G 0 disk
sr0 11:0 1 1024M 0 rom
然后成功获取到共享的磁盘
断开iscsi
例子在man中有
可以用在集群中,使用共享的iscsi盘来实现网页内容同步,注意这里的挂载需要用UUID号,盘号在这里极其不稳定
红帽7为_netdev ,系统会认为是一个网络设备使用必须添加(先启动网络再启动这个)
win客户端
可以看到共享成功
防火墙:(firewalld)
firewalld-cmd --state #查看防火墙状态
firewalld 有9个区域
获取默认区域和设置默认区域
[root@desktop22 ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
dmz 隔离区域
drop 丢弃
external 外网
home 内网
public 公共的
查看你的接口属于哪一个区域,接口区域在哪个区域,哪个区域就是启用的
改变接口在哪一个区域
只能查看默认区域
查看所有区域
查看特定区域
添加服务到新区域
防火墙副规则
[root@desktop22 ~]# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.0.22" port port="3260" protocol="tcp" accept' --permanent
允许访问21号机来访问我的3260端口
删除副规则
remove
防火墙的图形化
firewall-config
评论