Advantages of iSCSI Technology
Compared with traditional SCSI technology, iSCSI technology has three revolutionary changes:
The original SCSI used only on the local machine is transmitted through the TCP/IP network, so that the connection distance can be extended in an unlimited region;
The number of connected servers is infinite (the upper limit of the original SCSI-3 is 15 );
Because it is a server architecture, online resizing and dynamic deployment can also be realized.
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/C3/wKiom1RE97mzGA7mAAKsGOWWPtQ203.jpg "Title =" image 1.png "alt =" wkiom1re97mzga7maaksgowwptq203.jpg "/>
Necessity for authorizing access to iSCSI Disks
Only client host a is allowed to connect to disk partition 1 shared by target, while client host B is only allowed to connect to disk partition 2 shared by target.
Case:
There is a PC-structured iSCSI target server. The shared hard disk is identified as/dev/SDC and/dev/SDD. The size is 10 GB and 5 GB, respectively, share/dev/SDD to a Windows client host with the IP address 192.168.12.136, And/dev/SDC to a Linux client host with the IP address 192.168.12.235, the IP address of the iSCSI target server is 192.168.12.246.
Install iSCSI target software
Iscsitarget: http://iscsitarget.sourceforge.net
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/C5/wKioL1RFIWSQxxwrAANHAZgl9u8273.jpg "Title =" image 1.png "alt =" wkiol1rfiwsqxxwraanhazgl9u8273.jpg "/>
[[Email protected] iSCSI] # tar-xzvf iscsitarget-1.4.20.1.tar.gz
[[Email protected] iSCSI] # cd iscsitarget-1.4.20.1
[[Email protected] iscsitarget-1.4.20.1] # Make
[[Email protected] T iscsitarget-1.4.20.1] # make install
[[Email protected] iSCSI] # service iSCSI-target restart
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M00/4C/C5/wKioL1RFCuPxU5zQAAP64Ay_68s081.jpg "Title =" image 1.png "alt =" wkiol1rfcupxu5zqaap64ay_68s081.jpg "/>
2.Add/etc/TGT/targets. conf as follows:
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/4C/C5/wKioL1RFC_3iqcHPAAFdhIyrm8k222.jpg "Title =" image 1.png "alt =" wkiol1rfc_3iqchpaafdhiyrm8k222.jpg "/>
3. Restart the tgtd service and set it to boot:
/Etc/init. d/tgtd restart
Chkconfig tgtd on
Client
Yum install iSCSI-initiator-utils
Iscsi shared volume of the server 192.168.12.246 found
Iscsiadm-M discovery-T sendtargets-P 192.168.12.246
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/C5/wKioL1RFFO2DARsyAAIe_cbBVd8410.jpg "Title =" image 1.png "alt =" wkiol1rffo2darsyaaie_cbbvd8410.jpg "/>
As long as the client can be connected, there are two ways to authorize access to the target server so that the target server can establish a regular connection.
1. IP-based
Modify the/etc/Iet/initiators. allow file
Iqn.2010-11.net. ixdba: SDC 192.168.12.235.
Iqn.2010-11.net. ixdba: SDD 192.168.12.136
3. The initiator host obtains iSCSI target resources through password authentication.
(1) modify the/etc/Iet/initiators. allow file. The modified content is as follows:
# Iqn.2010-11.net. ixdba: SDC 192.168.12.235
# Iqn.2010-11.net. ixdba: SDD 192.168.12.136
All all
3. The initiator host obtains iSCSI target resources through password authentication.
(2) modify the/etc/Iet/ietd. conf file. The modified content is as follows:
Incominguser discovery. Auth discoverysecret
The first "incominguser" is a global parameter used to specify the account and password used for discovery query authentication. It must be consistent with the username and password set in the initiator host.
Target iqn.2010-11.net. ixdba: SDD
Incominguser login. Windows. Auth windowssecret
Lun 0 Path =/dev/SDD, type = fileio
Target iqn.2010-11.net. ixdba: SDC
Incominguser login. Linux. Auth linuxsecret
Lun 0 Path =/dev/SDC, type = fileio
The initiator host obtains iSCSI target resources through password authentication.
(2) modify the/etc/Iet/ietd. conf file. The modified content is as follows:
Target iqn.2010-11.net. ixdba: SDD
Incominguser login. Windows. Auth windowssecret
Lun 0 Path =/dev/SDD, type = fileio
Target iqn.2010-11.net. ixdba: SDC
Incominguser login. Linux. Auth linuxsecret
Lun 0 Path =/dev/SDC, type = fileio
The second and third "incominguser" options are included in the corresponding target, which is used to specify the account password used when the Windows and Linux client hosts log on to the target/iqn/Lun. It must also be consistent with the username and password set in the initiator host.
(3) configure the Linux initiator host
Modify the/etc/iSCSI/iscsid. conf file and add the following options:
# The following three are for login
Node. session. Auth. authmethod = chap # indicates that chap verification is enabled in login.
Node. session. Auth. Username = login. Linux. Auth # verify the user name, which can be any character, but must be the same as the name configured in incominguse on the target end.
Node. session. Auth. Password = linuxsecret # verify the password, which must be consistent with the password set by the incominguse option of the target.
Configure Linux initiator host
# The following three are for the Discovery
Discovery. sendtargets. Auth. authmethod = chap # indicates that chap verification is enabled during discovery.
Discovery. sendtargets. Auth. Username = discovery. Auth # verify the user name. It can be any character, but it must be the same as the name configured for incominguse on the target end.
Discovery. sendtargets. Auth. Password = discoverysecret # verify the password, which must be consistent with the password set by the incominguse option on the target side.
After the configuration is complete, restart initiator and re-execute the discovery query as follows:
[[Email protected] initiator iSCSI] #/etc/init. d/iSCSI restart
[[Email protected] initiator iSCSI] # iscsiadm-M discovery-T sendtargets-P 192.168.12.246
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M01/4C/C6/wKioL1RFKcfhgWTqAAKFx3F7bM0694.jpg "Title =" image 1.png "alt =" wkiol1rfkcfhgwtqaakfx3f7bm0694.jpg "/>
This article is from the "diaosi life" blog and will not be reproduced!
Use iSCSI to set up IP Storage Network iSCSI Security Settings