Deploy network storage using iSCSI service

Use iSCSI service to deploy network storage

The hard disk is one of the important components of computer hardware, and the read/write speed of the hard disk storage device will also affect the overall performance of the server. The hard disk storage structure, RAID disk array technology, and LVM technology explained in Chapter 6 and Chapter 7 are all technologies used for storage devices. Although these technologies are divided into software and hardware levels, they all aim to solve hard disk storage. The reading and writing speed of the device, or trying to ensure the security of the stored data.

In order to further improve the read/write speed and performance of hard disk storage devices, people have been working hard to improve the interface protocol of physical hard disk devices. The current hard disk interface types mainly include IDE, SCSI and SATA.

IDE: A mature, stable and inexpensive parallel transmission interface.

SATA: A serial transmission interface with faster transmission speed and more complete data verification.

SCSI: A general standard for system-level interfaces between computers, hard disks, and optical drives. It has the advantages of low system resource usage, high rotational speed, and fast transmission speed.

Create a RAID disk array

First add four new hard disks to the virtual machine to create a RAID 5 disk array and backup disk
Please add a picture description

Use the mdadm command to create a RAID disk array

The -Cv parameter is to create an array and display the process /dev/md0 is the name of the generated array group

The -n 3 parameter is the number of hard disks required to create a RAID 5 disk array

The -l 5 parameter is the level of the RAID disk array

-x 1 parameter is the number of backup disks in the disk array

[root@localhost ~]# ls /dev/sd*
/dev/sda /dev/sda1 /dev/sda2 /dev/sdb /dev/sdc /dev/sdd /dev/sde
[root@localhost ~]# mdadm -Cv /dev/md0 -n 3 -l 5 -x 1 /dev/sd[b-e]
\mdadm: layout defaults to left-symmetric
mdadm: layout defaults to left-symmetric
mdadm: chunk size defaults to 512K
mdadm: size set to 5238784K
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
[root@localhost ~]# mdadm -D /dev/md0
/dev/md0:
           Version : 1.2
     Creation Time : Wed May 24 14:01:45 2023
        Raid Level : raid5
        Array Size : 10477568 (9.99 GiB 10.73 GB)
     Used Dev Size : 5238784 (5.00 GiB 5.36 GB)
      Raid Devices: 3
     Total Devices: 4
       Persistence : Superblock is persistent

       Update Time : Wed May 24 14:01:56 2023
             State : clean, degraded, recovering
    Active Devices: 2
   Working Devices: 4
    Failed Devices : 0
     Spare Devices: 2

            Layout : left-symmetric
        Chunk Size: 512K

Consistency Policy : resync


              Name : localhost.localdomain:0 (local to host localhost.localdomain)
              UUID: 764a7e1c:29722a44:62769863:ae73b517
            Events: 8

    Number Major Minor Raid Device State
       0 8 16 0 active sync /dev/sdb
       1 8 32 1 active sync /dev/sdc
       4 8 48 2 spare rebuilding /dev/sdd

       3 8 64 - spare /dev/sde
[root@localhost ~]#

Configure the ISCSI server

Operating systems and IP addresses of the iSCSI server and client

host name operating system IP address
iSCSI server CentOS 7 192.168.153.4
iSCSI client RHEL 8 192.168.153.3

Install the switch configuration tool of the ISCSI server

[root@localhost ~]# yum install -y targetcli
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving dependencies
--> checking transaction
---> Package targetcli.noarch.0.2.1.fb46-1.el7 will be installed
--> processing dependency python-rtslib >= 2.1.fb41, which is required by package targetcli-2.1.fb46-1.el7.noarch
--> Processing dependency python-configshell, which is required by package targetcli-2.1.fb46-1.el7.noarch
--> checking transaction
---> Package python-configshell.noarch.1.1.1.fb23-3.el7 will be installed
--> Processing dependency python-urwid, which is required by package 1:python-configshell-1.1.fb23-3.el7.noarch
--> Processing dependency pyparsing, which is required by package 1:python-configshell-1.1.fb23-3.el7.noarch
---> Package python-rtslib.noarch.0.2.1.fb63-2.el7 will be installed
--> Processing dependency python-kmod, which is required by package python-rtslib-2.1.fb63-2.el7.noarch
--> checking transaction
---> Package pyparsing.noarch.0.1.5.6-9.el7 will be installed
---> Package python-kmod.x86_64.0.0.9-4.el7 will be installed
---> Package python-urwid.x86_64.0.1.1.1-3.el7 will be installed
--> resolve dependencies complete

Dependency resolution

==================================================== ================================
 Package Architecture Version Source Size
==================================================== ================================
Installing:
 targetcli noarch 2.1.fb46-1.el7 base 64k
Install for dependencies:
 pyparsing noarch 1.5.6-9.el7 base 94k
 python-configshell noarch 1:1.1.fb23-3.el7 base 67k
 python-kmod x86_64 0.9-4.el7 base 57k
 python-rtslib noarch 2.1.fb63-2.el7 base 97k
 python-urwid x86_64 1.1.1-3.el7 base 654k

Business Summary
==================================================== ================================
Install 1 package ( + 5 dependent packages)

Total Downloads: 1.0 M
Install size: 4.6M
Downloading packages:
-------------------------------------------------- ------------------------------
Total 8.3 MB/s | 1.0 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
running transaction
  Installing: python-kmod-0.9-4.el7.x86_64 1/6
  Installing: python-rtslib-2.1.fb63-2.el7.noarch 2/6
  Installing: pyparsing-1.5.6-9.el7.noarch 3/6
  Installing: python-urwid-1.1.1-3.el7.x86_64 4/6
  Installing: 1:python-configshell-1.1.fb23-3.el7.noarch 5/6
  Installing: targetcli-2.1.fb46-1.el7.noarch 6/6
  Validating: python-rtslib-2.1.fb63-2.el7.noarch 1/6
  Verifying: 1:python-configshell-1.1.fb23-3.el7.noarch 2/6
  Verifying: python-urwid-1.1.1-3.el7.x86_64 3/6
  Validating: pyparsing-1.5.6-9.el7.noarch 4/6
  Verifying: python-kmod-0.9-4.el7.x86_64 5/6
  Verifying: targetcli-2.1.fb46-1.el7.noarch 6/6

Installed:
  targetcli.noarch 0:2.1.fb46-1.el7

Installed as a dependency:
  pyparsing.noarch 0:1.5.6-9.el7 python-configshell.noarch 1:1.1.fb23-3.el7
  python-kmod.x86_64 0:0.9-4.el7 python-rtslib.noarch 0:2.1.fb63-2.el7
  python-urwid.x86_64 0:1.1.1-3.el7

complete!

Enter the targetcli interactive configuration interface

[root@localhost ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb46
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
o- / ................................................ ................................................... .....................................................................................
  o-backstores ................................................... ................................................... .......................... [...]
  |o-block ................................................ ................................................... .. [Storage Objects: 0]
  |o-fileio ................................................ ................................................... .[Storage Objects: 0]
  |o-pscsi ................................................ ................................................... .. [Storage Objects: 0]
  |o-ramdisk ................................................ ................................................... [Storage Objects: 0]
  o-iscsi ................................................ ................................................... .......... [Targets: 0]
  o-loopback ................................................... ................................................... ..... [Targets: 0]
/>

/backstores/block belongs to the location where the server configures shared devices, add the newly created disk array md0 file to the resource pool for configuring shared devices, and rename disk0

/> cd /backstores/block
/backstores/block> create disk0 /dev/md0
Created block storage object disk0 using /dev/md0.
/backstores/block> ls
o-block ................................................ ................................................... ..... [Storage Objects: 1]
  o-disk0 ................................................ ................................... [/dev/md0 (10.0GiB) write-thru deactivated]
    o-alua ................................................ ...................................................?… [ALUA Groups: 1]
      o-default_tg_pt_gp ................................................ ................................... [ALUA state: Active/optimized]
/backstores/block>

Create an ISCSI target name and configure shared resources. The ISCSI target name is automatically generated by the system. It is a unique string used to describe shared resources.

/backstores/block> cd /iscsi
/iscsi> create
Created target iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi>

iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d is the unique string describing shared resources

After the system generates the target name, it will also create a new directory with the same string in the ISCSI parameter directory. This directory is used to store shared resources. Add the hard disk device previously added to the ISCSI shared resource pool to the new directory, so that users After logging in to the server, you can use the shared storage resources of this hard disk by default

/iscsi> cd iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d/
/iscsi/iqn.20....ddaa34047b0d> ls
o-iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d.......................................... ................................... [TPGs: 1]
  o-tpg1 ................................................ ................................................... .. [no-gen-acls, no-auth]
    o-acls ................................................ ................................................... .......... [ACLs: 0]
    o-luns ................................................... ................................................... .......... [LUNs: 0]
    o-portals ................................................... ................................................... ...... [Portals: 1]
      o-0.0.0.0:3260 ................................................ ................................................... ......... [OK]
/iscsi/iqn.20....ddaa34047b0d> cd tpg1/luns
/iscsi/iqn.20...b0d/tpg1/luns> create /backstores/block/disk0
Created LUN 0.
/iscsi/iqn.20...b0d/tpg1/luns>

When adding the newly created hard disk block, you don’t need to remember its directory location, you can perform tab completion

Set the access control list. On the client side, the ISCSI protocol needs to be authenticated. Users do not need to enter a password when accessing storage shared resources. At this time, a certain name entry in the access control list needs to be consistent. The acls parameter directory is used to store access to ISCSI services. Client name of the shared storage resource

It is recommended to add: client parameter to ensure the uniqueness of the client name

/iscsi/iqn.20...b0d/tpg1/luns> cd ..
/iscsi/iqn.20...34047b0d/tpg1> cd acls
/iscsi/iqn.20...b0d/tpg1/acls> create iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d:client
Created Node ACL for iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d:client
Created mapped LUN 0.
/iscsi/iqn.20...b0d/tpg1/acls>

Set the listening IP and port number of the ISCSI server

Continue to make settings so that the system uses port 3260 of the server IP address 192.168.153.4 to provide ISCSI shared resource services to the outside world

/iscsi/iqn.20...b0d/tpg1/acls> cd ../portals/
/iscsi/iqn.20.../tpg1/portals> ls
o-portals ................................................... ................................................... .......... [Portals: 1]
  o-0.0.0.0:3260 ................................................ ................................................... ................ [OK]
/iscsi/iqn.20.../tpg1/portals> delete 0.0.0.0 3260
Deleted network portal 0.0.0.0:3260
/iscsi/iqn.20.../tpg1/portals> create 192.168.153.4 3260
Using default IP port 3260
Created network portal 192.168.153.4:3260.
/iscsi/iqn.20.../tpg1/portals> ls
o-portals ................................................... ................................................... .......... [Portals: 1]
  o- 192.168.153.4:3260 ................................................... ................................................... ......... [OK]

Do not add a colon when adding the port number, otherwise an error will be reported

Check configuration content

/iscsi/iqn.20.../tpg1/portals> cd /
/> ls
o- / ................................................ ................................................... .....................................................................................
  o-backstores ................................................... ................................................... .......................... [...]
  |o-block ................................................ ................................................... .. [Storage Objects: 1]
  | | o-disk0 ................................................ ................................... [/dev/md0 (10.0GiB) write-thru activated]
  | | o-alua ................................................ ................................................... .... [ALUA Groups: 1]
  | | o-default_tg_pt_gp ................................................ ................................... [ALUA state: Active/optimized]
  |o-fileio ................................................ ................................................... .[Storage Objects: 0]
  |o-pscsi ................................................ ................................................... .. [Storage Objects: 0]
  |o-ramdisk ................................................ ................................................... [Storage Objects: 0]
  o-iscsi ................................................ ................................................... .......... [Targets: 1]
  | o-iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d ...................... ................................... [TPGs: 1]
  |o-tpg1 ................................................ .................................................... [ no-gen-acls, no-auth]
  |o-acls ................................................ ................................................... .......... [ACLs: 1]
  | | o-iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d:client ................................... .......... [Mapped LUNs: 1]
  | | o-mapped_lun0 ................................................ ................................... [lun0 block/disk0 (rw)]
  |o-luns ................................................ ................................................... .......... [LUNs: 1]
  | | o-lun0 ................................................ ................................... [block/disk0 (/dev/md0) (default_tg_pt_gp)]
  | o-portals ................................................... ................................................... .... [Portals: 1]
  | o- 192.168.153.4:3260 ........................................... ................................................... ... [OK]
  o-loopback ................................................... ................................................... ..... [Targets: 0]
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
[root@localhost ~]#

The default policy of the firewall can be cleared, and the firewalld firewall can be set to allow the ISCSI service or 3260/TCP port number

[root@localhost ~]# iptables -F
[root@localhost ~]# iptables-save
[root@localhost ~]# firewall-cmd --permanent --add-port=3260/tcp
success
[root@localhost ~]# firewall-cmd --reload
success

Or close the firewall and selinux

[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# vim /etc/selinux/config
[root@localhost ~]# setenforce 0
setenforce: SELinux is disabled
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]#

Configure the Linux client

Install the client service program initiator

[root@localhost ~]# yum install -y iscsi-initiator-utils
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 1 day, 1:58:39 ago, on Tue May 23 00:41:45 2023.
Package iscsi-initiator-utils-6.2.0.876-7.gitf3c8e90.el8.x86_64 is already installed.
Dependency resolution.
No treatment is required.
complete!

The ISCSI protocol is authenticated by the client name, which is also the unique identifier of the client and is consistent with the information in the access control list in the server configuration file

Edit the initiator name file of the ISCSI client, fill in the name of the access control list of the server, and then restart the client ISCSID service program to add it to the startup

[root@localhost ~]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d:client
[root@localhost ~]# systemctl restart iscsid
[root@localhost ~]# systemctl enable iscsid

iscsiadm is a command-line tool for managing, querying, inserting, updating, or deleting iSCSI database configuration files. It is used to scan and discover remote iSCSI servers using this tool first.

The purpose of the -m discovery parameter is to scan and discover available storage resources

-t st parameter is the type of scan operation

-p 192.168.153.4 parameter is the IP address of the iSCSI server

[root@localhost ~]# iscsiadm -m discovery -t st -p 192.168.153.4
192.168.153.4:3260,1 iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d

After using the iscsiadm command to discover the storage resources available on the remote server, prepare to log in to the iSCSI server

The -m node parameter is to use the host where the client is located as a node server

The -T parameter is the storage resource to be used (you can directly copy the results found in the previous command to avoid typing errors)

The -p 192.168.153.4 parameter is still the IP address of the other iSCSI server. Finally, use the –login or -l parameter for login verification

[root@localhost ~]# iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d -p 192.168.153.4 --login
Logging in to [iface: default, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d, portal: 192.168.153.4,3260] (multiple)
Login to [iface: default, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d, portal: 192.168.153.4,3260] successful.
[root@localhost ~]#

After the client logs in successfully, there will be an extra /dev/sdb device file on the client host

[root@localhost ~]# ls -l /dev/sd*
brw-rw----. 1 root disk 8, 0 May 23 00:46 /dev/sda
brw-rw----. 1 root disk 8, 16 May 24 02:48 /dev/sdb
[root@localhost ~]# file /dev/sdb
/dev/sdb: block special (8/16)
[root@localhost ~]#

The following is the standard disk operation process, directly format and mount for use

[root@localhost ~]# mkfs.xfs /dev/sdb
meta-data=/dev/sdb isize=512 agcount=16, agsize=163712 blks
         = sectsz=512 attr=2, projid32bit=1
         = crc=1 finobt=1, sparse=1, rmapbt=0
         =reflink=1
data = bsize=4096 blocks=2619392, imaxpct=25
         = sunit=128 width=256 blks
naming=version 2 bsize=4096 ascii-ci=0, ftype=1
log=internal log bsize=4096 blocks=2560, version=2
         = sectsz=512 sunit=0 blks, lazy-count=1
realtime=none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# mkdir /iscsi
[root@localhost ~]# mount /dev/sdb /iscsi
[root@localhost ~]# df -h
File System Capacity Used Available % Used Mount Point
devtmpfs 889M 0 889M 0% /dev
tmpfs 904M 0 904M 0% /dev/shm
tmpfs 904M 9.7M 894M 2% /run
tmpfs 904M 0 904M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 17G 4.4G 13G 26% /
/dev/sr0 6.7G 6.7G 0 100% /media/cdrom
/dev/nvme0n1p1 1014M 169M 846M 17% /boot
tmpfs 181M 16K 181M 1% /run/user/42
tmpfs 181M 3.5M 178M 2% /run/user/0
/dev/sdb 10G 105M 9.9G 2% /iscsi
[root@localhost ~]#

If you no longer need to use iSCSI shared device resources, you can use the -u parameter of the iscsiadm command to uninstall the device

[root@localhost ~]# iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d -u
Logging out of session [sid: 2, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d, portal: 192.168.153.4,3260]
Logout of [sid: 2, target: iqn.2003-01.org.linux-iscsi.localhost.x8664:sn.ddaa34047b0d, portal: 192.168.153.4,3260] successful.
[root@localhost ~]# ls -d /dev/sdb
ls: cannot access '/dev/sdb': No such file or directory
[root@localhost ~]# ls -d /dev/sda
/dev/sda
[root@localhost ~]#