How to Create Centralized Secure Storage in Linux

To Create Centralized Secure Storage in Linux

Creation of centralized secure storage using iSCSI is explained in this article. iSCSI Protocol handles the storage devices in TCP/IP Networks over long distance. Its target is a remote hard disk which is available from a remote iSCSI server. In iSCSI, the client is known as Initiator and the storage server is known as Target machine.
Target:
Operating System &ndash Centos 7
iSCSI Target IP &ndash 192.168.5.189
Initiator:
Operating System &ndash Centos 7
iSCSI Target IP &ndash 192.168.5.190

To Install the Packages on iSCSI Target

Use the following command to install the administrator tool packages in server machine.

[root@linuxhelp ~]# yum install targetcli* -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in
Resolving Dependencies
-->  Running transaction check
--->  Package targetcli.noarch 0:2.1.fb41-3.el7 will be installed
.
.
.
Installed:
  targetcli.noarch 0:2.1.fb41-3.el7                                             
Dependency Installed:
  pyparsing.noarch 0:1.5.6-9.el7                                                
  python-configshell.noarch 1:1.1.fb18-1.el7                                    
  python-ethtool.x86_64 0:0.8-5.el7                                             
  python-kmod.x86_64 0:0.9-4.el7                                                
  python-rtslib.noarch 0:2.1.fb57-3.el7                                         
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urwid.x86_64 0:1.1.1-3.el7                                             
Complete!


Start and enable the service using the following command.

[root@linuxhelp ~]# systemctl start target
[root@linuxhelp ~]# systemctl enable target
ln -s ' /usr/lib/systemd/system/target.service'  ' /etc/systemd/system/multi-user.target.wants/target.service'

To Define the LUNs in Target Server

First create a logical volume ' lv1' to define LUNs in the Target. To configure iSCSI open a ' targetcli' shell. Now execute the following commands to Create a block storage , IQN( Iscsi Qualified Name ), Access Control List, LUNs and portals in the Target server.


Explanation:
Block storage- is a local storage resource.
IQN- an Iscsi Qualified Name is used to address the target server.
Access Control List- Mention the client address in ACL to access the server from the client machine.
LUNs - we define luns in server to make the storage space available for the client.
Portals- creates port for server IP

[root@linuxhelp ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb41
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type ' help' .
/>  /backstores/block  create iscsi_block /dev/vg1/lv1
Created block storage object iscsi_block using /dev/vg1/lv1.
/>  iscsi/ create iqn.2015-06.com.linuxhelp.server
Created target iqn.2015-06.com.linuxhelp.server.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/>  iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/acls create iqn.2015-06.com.linuxhelp.client
Created Node ACL for iqn.2015-06.com.linuxhelp.client
/>  iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/luns create /backstores/block/iscsi_block
Created LUN 0.
Created LUN 0-> 0 mapping in node ACL iqn.2015-06.com.linuxhelp.client
/>  iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/portals/ create 192.168.5.189
Using default IP port 3260
Created network portal 192.168.5.189:3260.
/>  ls
o- / ................................................................................. [...]
o- backstores ...................................................................... [...]
| o- block .......................................................... [Storage Objects: 1]
| | o- iscsi_block .......................... [/dev/vg1/lv1 (8.0GiB) write-thru activated]
| o- fileio ......................................................... [Storage Objects: 0]
| o- pscsi .......................................................... [Storage Objects: 0]
| o- ramdisk ........................................................ [Storage Objects: 0]
o- iscsi .................................................................... [Targets: 1]
| o- iqn.2015-06.com.linuxhelp.server .......................................... [TPGs: 1]
|   o- tpg1 ....................................................... [no-gen-acls, no-auth]
|     o- acls .................................................................. [ACLs: 1]
|     | o- iqn.2015-06.com.linuxhelp.client ............................. [Mapped LUNs: 1]
|     |   o- mapped_lun0 ................................... [lun0 block/iscsi_block (rw)]
|     o- luns .................................................................. [LUNs: 1]
|     | o- lun0 ....................................... [block/iscsi_block (/dev/vg1/lv1)]
|     o- portals ............................................................ [Portals: 2]
|       o- 0.0.0.0:3260 ............................................................. [OK]
|       o- 192.168.5.189:3260 ....................................................... [OK]
o- loopback ................................................................. [Targets: 0]
/>  saveconfig
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
/>  exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json


Type exit and press Enter to quit the targetcli shell. The configuration will be saved automatically to /etc/target/saveconfig.json.
Now Verify the ports using netstat command.


[root@linuxhelp ~]# netstat -npltu | grep 3260
tcp        0      0 192.168.5.189:3260      0.0.0.0:*               LISTEN      -


To add the port number to the firewall , run the following command and reload the firewall as shown below.

[root@linuxhelp ~]# firewall-cmd --permanent --add-port=3260/tcp
success
[root@linuxhelp ~]# firewall-cmd --reload
Success


Now restart the service, using the following command.

[root@linuxhelp ~]# systemctl restart target

To Setup the Client Initiator

Run the following command, to install the iscsi-initiator-utils package in the client machine to access the server.

[root@linuxhelp ~]# yum install iscsi-initiator-utils -y
Loaded plugins: fastestmirror, langpacks
base                                                                 | 3.6 kB  00:00:00
epel/x86_64/metalink                                                 | 3.6 kB  00:00:00
extras                                                               | 3.4 kB  00:00:00
updates                                                              | 3.4 kB  00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* epel: epel.mirror.net.in
* extras: mirror.nbrc.ac.in
* updates: mirror.nbrc.ac.in
Resolving Dependencies
-->  Running transaction check
--->  Package iscsi-initiator-utils.x86_64 0:6.2.0.873-21.el7 will be updated
-->  Processing Dependency: iscsi-initiator-utils = 6.2.0.873-21.el7 for package: iscsi-initiator-utils-iscsiuio-6.2.0.873-21.el7.x86_64
--->  Package iscsi-initiator-utils.x86_64 0:6.2.0.873-32.el7 will be an update
-->  Running transaction check
--->  Package iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-21.el7 will be updated
--->  Package iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-32.el7 will be an update
-->  Finished Dependency Resolution
.
.
.
Updated:
iscsi-initiator-utils.x86_64 0:6.2.0.873-32.el7
Dependency Updated:
iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-32.el7
Complete!


The installation of iscsi-initiator-utils is successfully created.
Open ' /etc/iscsi/initiatorname.iscsi' file and replace the default initiator name, which was set in the ACL on the server and then save the file.
Now start and enable the service as shown below.

[root@linuxhelp ~]# systemctl start iscsi
[root@linuxhelp ~]# systemctl start iscsid
[root@linuxhelp ~]# systemctl enable iscsi
[root@linuxhelp ~]# systemctl enable iscsid
ln -s ' /usr/lib/systemd/system/iscsid.service'  ' /etc/systemd/system/multi-user.target.wants/iscsid.service'


Run the following command to list the partitions

[root@linuxhelp ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
??sda1 8:1 0 500M 0 part /boot
??sda2 8:2 0 2G 0 part [SWAP]
??sda3 8:3 0 17.6G 0 part /
sr0 11:0 1 1024M 0 rom


Run the iscsiadm in discovery mode with the serverIP address, to discover the server.



[root@linuxhelp ~]# iscsiadm --mode discovery --type sendtargets --portal 192.168.5.189
192.168.5.189:3260,1 iqn.2015-06.com.linuxhelp.server


Now contact the target in node mode and Login to the server from client machine.

[root@linuxhelp ~]# iscsiadm --mode node --targetname iqn.2015-06.com.linuxhelp.server --portal 192.168.5.189 --login
Logging in to [iface: default, target: iqn.2015-06.com.linuxhelp.server, portal: 192.168.5.189,3260] (multiple)
Login to [iface: default, target: iqn.2015-06.com.linuxhelp.server, portal: 192.168.5.189,3260] successful.


Run the following command to list and view the partition

[root@linuxhelp ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
??sda1 8:1 0 500M 0 part /boot
??sda2 8:2 0 2G 0 part [SWAP]
??sda3 8:3 0 17.6G 0 part /
sdb 8:16 0 8G 0 disk
sr0 11:0 1 1024M 0 rom


Now create the file system for the partition ' sdb' by using the below command.


[root@linuxhelp ~]# mkfs.ext4 /dev/sdb
mke2fs 1.42.9 (28-Dec-2013)
/dev/sdb is entire device, not just one partition!
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
.
.
.
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done


Finally mount the partition ' /dev/sdb' under the directory ' /mnt' 

[root@linuxhelp ~]# mount /dev/sdb /mnt


Use the following blkid command to get the UUID of the partition.

[root@linuxhelp ~]# blkid /dev/sdb
/dev/sdb: UUID=" 5c74addd-9efc-4f6b-9f33-b4af0cd91b02"  TYPE=" ext4" 
[root@linuxhelp ~]# blkid /dev/sdb > >  /etc/fstab


Add the entries in ' /etc/fstab' for making the mount permanent.


The _netdev mount option should be used to differ the mounting of these file systems, until the network service starts.

[root@linuxhelp ~]# vim /etc/fstab
## /etc/fstab
.
.
.
UUID=5c74addd-9efc-4f6b-9f33-b4af0cd91b02 /mnt ext4 defaults,_netdev 0 0


Now mount the partition using the following command.

[root@linuxhelp ~]# mount &ndash a


Now display the partition using the following command.

[root@linuxhelp ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 18G 3.4G 15G 20% /
devtmpfs 486M 0 486M 0% /dev
tmpfs 494M 176K 494M 1% /dev/shm
tmpfs 494M 7.1M 487M 2% /run
tmpfs 494M 0 494M 0% /sys/fs/cgroup
/dev/sda1 497M 116M 382M 24% /boot
/dev/sdb 7.8G 36M 7.3G 1% /mnt


Now the devices are ready to use.

Tag : Centralized Secure Storage using iSCSI
FAQ
Q
How to start application of iscsi server ?
A
by using following command start the iscsi
#systemctl start target
#systemctl enable target
Q
Which command is used to allow custom port to share the disk in client side usage?
A
you can allow the custom port to share disk by following command
# firewall-cmd --permanent --add-port=3260/tcp
Q
Which package to be installed in client side setup for iscsi?
A
use the following command to install the client side setup package
# yum install iscsi-initiator-utils -y
Q
Which command is used to switch on iscsi configuration part?
A
use the "targetcli" command to switch to iscsi configuration part
Q
what is the name of the package for iscsi target in Linux?
A
the name of the package for iscsi target is "targetcli"