Implementation of ipsan-based iscsi operations

SAN is short for the storage area network. In the early days, san used fiber channel technology. Later, when the iscsi protocol appeared, to distinguish the two, the ip san and fc san are divided. Because of its high price, fc san has caused many enterprises to leave their homes. As a good replacement product, ip san has become a reality. Currently, most storage devices support TOE-based interfaces and can process TCP/IP protocols based on hardware. This means that the ISCSI Device can process the I/O process at a speed close to GigE and a data transmission rate of about 100 Mb/s, which is comparable to that of FC SAN.

The procedure of ip san is as follows:
Initiator acts as the server to use a lun (logical unit number) on the remote target. A target is a host, and multiple hard disks can be shared with the initiator, each hard disk is called a lun. To use the iscsi protocol, the packets of scsi driven, iscsi driven, and TCP/IP must be encapsulated on the initiator and sent to the target through the network. The target removes these packets and finds the scsi protocol sent by the other party, then it is handed over to the local hard drive for processing. Therefore, you do not need to install scsi hard disks on the target. Traditional sata disks can be used in this architecture. From the user's point of view, it is just as convenient and simple as using a local client.

Here we will complete an ip san experiment:
192.168.1.121 as our initator
192.168.1.122 is used as our target and provides a 10 Gb IDE hard disk and 10 Gb SCSI hard disk output. (You can also create a partition output, but it is not recommended to do so)

The first hard disk:
Disk/dev/sda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065*512 = 8225280 bytes
Sector size (logical/physical): 512 bytes/512 bytes
I/O size (minimum/optimal): 512 bytes/512 bytes
Disk identifier: 0x00000000

The second Hard Disk:
Disk/dev/sdc: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065*512 = 8225280 bytes
Sector size (logical/physical): 512 bytes/512 bytes
I/O size (minimum/optimal): 512 bytes/512 bytes
Disk identifier: 0x00000000

The procedure of 192.168.1.122 is as follows:
# Yum install scsi-target-utils
# Rpm-ql scsi-target-utils (you can view some package information)
# Service tgtd restart
# Chkconfig tgtd on
# Tgtadm-lld iscsi -- mode target -- op new -- tid 1 -- targetname iqn.2014-05.com. qiguo. node: target1
Explanation: -- lld specifies the driven, -- mode specifies the mode, -- op specifies the mode operation, and -- tid specifies the target_id, -- targetname specifies the target name. The iqn naming method is used here, here is a new target, and target_id is 1, the target name is iqn.2014-05.com. qiguo. node: target1
# Tgtadm -- lld iscsi -- mode logicalunit -- op new -- tid 1 -- lun 1 -- backing-store/dev/sda
Explanation: Here, A lun is added to the target_id of 1. Its value is 1, the backend storage device is/dev/sda, and a target can store up to 32 Luns.
# Tgtadm -- lld iscsi -- mode logicalunit -- op new -- tid 1 -- lun 2 -- backing-store/dev/sdc
# Tgtadm -- lld iscsi -- mode target -- op show
Explanation: You can view the current target information and lun information.
# Tgtadm -- lld iscsi -- mode target -- op bind -- tid 1 -- initiator-address 192.168.1.121
Explanation: If target_id is 1, access from this host with the IP address 192.168.1.121 is allowed.

The procedure for 192.168.1.121 is as follows:
# Yum install iscsi-initiator-utils
# Echo "InitiatorName = 'iscsi-iname-p iqn.2013-05.com. qiguo. initiator1'"> initiatorname. iscsi # generate the initiator name
# Iscsiadm-m discovery-t st-p 192.168.1.122: 3260 # when used, the iscsid process is automatically started. Port 3260 of 192.168.1.122 is used to search for iscsi target devices of the sendtargets type.
Display content: 192.168.1.122: 3260,1 iqn.2014-05.com. qiguo. node: target1
# Iscsiadm-m node-d 2-T iqn.2014-05.com. qiguo. node: target1-p 192.168.1.122: 3260-l #-d shows the debug level.-T specifies the targetName of the remote host, and-l selects to log on to the remote host.
# Fdisk-l

If you see two new hard disks, it proves that the login is successful, you can partition them.

Use iscsiadm-m node-T iqn.2014-05.com. qiguo. node: target1-p 192.168.1.122: 3260-u when the client does not want to use this iscsi Device. However, this is only valid currently. After restart, the client will still see this device as long as the server continues to share the device. In this case, you need to delete the database information. The Discovery Device information in/var/lib/iscsi/sent_targets can be deleted using iscsiadm-m node-T iqn.2014-05.com. qiguo. node: target1-p 192.168.1.122: 3260-o delete. The device information will not be available when the device is restarted again.

When the server does not want to share the iscsi Device with a host, you can use tgtadm -- lld iscsi -- mode target -- op unbind -- tid 1 -- initiator-address 192.168.1.121; if you do not want to provide a lun, you can use tgtadm -- lld iscsi -- mode logicalunit -- op delete -- tid 1 -- lun 2; if you do not want to provide target, you can use tgtadm -- lld iscsi -- mode target -- op delete -- tid 1.

Iscsi can not only use ip-based Authentication, but also user Authentication. It uses CHAP (Challenge Handshake Authentication Protocol) to Challenge the try-to-shake Authentication Protocol. Iscsi supports two levels of CHAP authentication by default. Initiator-based authentication and target-based authentication. Initiator-based authentication means that when initiator connects to the target, initiator needs to provide an account and password for the target to authenticate. This account is called the incoming account; target-based authentication means that when the initiator connects to the target, the target needs to provide an account and password for the initiator to authenticate. This account is called The outcoming account. Initiator authentication can be used independently, while target authentication must use initiator authentication at the same time. Next we will configure a two-way authentication process. The host is still the above host.

The operations on the target are as follows:
# Tgtadm -- lld iscsi -- mode account -- op new -- user qiguo -- pass qiguo create an incoming account
# Tgtadm -- lld iscsi -- mode account -- op new -- user qiguoin -- pass qiguoin to create an outcomming account
# Tgtadm -- lld iscsi -- mode account -- op bind -- tid 1 -- user qiguo
# Tgtadm -- lld iscsi -- mode account -- op bind -- tid 1 -- user qiguoin -- outgoing

The operations on initiator are as follows:
Edit the configuration file/etc/iscsi/iscsid. conf and modify the following items:
Node. session. auth. authmethod = CHAP
Node. session. auth. username = qiguo
Node. session. auth. password = qiguo
Node. session. auth. username_in = qiguoin
Node. session. auth. password_in = qiguoin
# Iscsiadm-m node-T iqn.2014-05.com. qiguo. node: target1-p 192.168.1.122: 3260-u
# Iscsiadm-m node-T iqn.2014-05.com. qiguo. node: target1-p 192.168.1.122: 3260-o delete
# Rm-rf/var/lib/iscsi/send_targets/
# Iscsiadm-m discovery-t st-p 192.168.1.122: 3260
# Iscsiadm-m node-T iqn.2014-05.com. qiguo. node: target1-p 192.168.1.122: 3260-l
The CHAP-based two-way authentication process requires the following:
1. CHAP does not support discovery and authentication of discovery. Therefore, you must borrow the ip address for authentication during discovery.
2. After modifying the configuration file iscsid. conf, You need to delete the previous discovery information. Make sure that the send_targets, nodes, and ifaces directories in the/var/lib/iscsi/directory do not contain any content.
3. Make sure that the incoming and outcoming accounts have a unique value; otherwise, the account cannot be logged on.

Finally, it should be noted that after the server is restarted, the target and lun on the server will disappear. To make them valid, you need to use the configuration file/etc/tgt/targets. conf. The two-way authentication configuration file described above is:
<Target iqn.2014-05.com. qiguo. node: target1>
Backing-store/dev/sda
Backing-store/dev/sdc
Initiator-address 192.168.1.121
Incominguser qiguo
Outgoinguser qiguoin
</Target>
After the restart, the configuration information will be automatically saved as long as the tgtd service is started.