How to Create Centralized Secure Storage in Linux
To Create Centralized Secure Storage in Linux
Creation of centralized secure storage using iSCSI is explained in this article. iSCSI Protocol handles the storage devices in TCP/IP Networks over long distance. Its target is a remote hard disk which is available from a remote iSCSI server. In iSCSI, the client is known as Initiator and the storage server is known as Target machine.
Target:
Operating System &ndash Centos 7
iSCSI Target IP &ndash 192.168.5.189
Initiator:
Operating System &ndash Centos 7
iSCSI Target IP &ndash 192.168.5.190
To Install the Packages on iSCSI Target
Use the following command to install the administrator tool packages in server machine.
[root@linuxhelp ~]# yum install targetcli* -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ftp.iitm.ac.in
* extras: ftp.iitm.ac.in
* updates: ftp.iitm.ac.in
Resolving Dependencies
--> Running transaction check
---> Package targetcli.noarch 0:2.1.fb41-3.el7 will be installed
.
.
.
Installed:
targetcli.noarch 0:2.1.fb41-3.el7
Dependency Installed:
pyparsing.noarch 0:1.5.6-9.el7
python-configshell.noarch 1:1.1.fb18-1.el7
python-ethtool.x86_64 0:0.8-5.el7
python-kmod.x86_64 0:0.9-4.el7
python-rtslib.noarch 0:2.1.fb57-3.el7
python-six.noarch 0:1.9.0-2.el7
python-urwid.x86_64 0:1.1.1-3.el7
Complete!
Start and enable the service using the following command.
[root@linuxhelp ~]# systemctl start target
[root@linuxhelp ~]# systemctl enable target
ln -s ' /usr/lib/systemd/system/target.service' ' /etc/systemd/system/multi-user.target.wants/target.service'
To Define the LUNs in Target Server
First create a logical volume ' lv1' to define LUNs in the Target. To configure iSCSI open a ' targetcli' shell. Now execute the following commands to Create a block storage , IQN( Iscsi Qualified Name ), Access Control List, LUNs and portals in the Target server.
Explanation:
Block storage- is a local storage resource.
IQN- an Iscsi Qualified Name is used to address the target server.
Access Control List- Mention the client address in ACL to access the server from the client machine.
LUNs - we define luns in server to make the storage space available for the client.
Portals- creates port for server IP
[root@linuxhelp ~]# targetcli Warning: Could not load preferences file /root/.targetcli/prefs.bin. targetcli shell version 2.1.fb41 Copyright 2011-2013 by Datera, Inc and others. For help on commands, type ' help' . /> /backstores/block create iscsi_block /dev/vg1/lv1 Created block storage object iscsi_block using /dev/vg1/lv1. /> iscsi/ create iqn.2015-06.com.linuxhelp.server Created target iqn.2015-06.com.linuxhelp.server. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260. /> iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/acls create iqn.2015-06.com.linuxhelp.client Created Node ACL for iqn.2015-06.com.linuxhelp.client /> iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/luns create /backstores/block/iscsi_block Created LUN 0. Created LUN 0-> 0 mapping in node ACL iqn.2015-06.com.linuxhelp.client /> iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/portals/ create 192.168.5.189 Using default IP port 3260 Created network portal 192.168.5.189:3260. /> ls o- / ................................................................................. [...] o- backstores ...................................................................... [...] | o- block .......................................................... [Storage Objects: 1] | | o- iscsi_block .......................... [/dev/vg1/lv1 (8.0GiB) write-thru activated] | o- fileio ......................................................... [Storage Objects: 0] | o- pscsi .......................................................... [Storage Objects: 0] | o- ramdisk ........................................................ [Storage Objects: 0] o- iscsi .................................................................... [Targets: 1] | o- iqn.2015-06.com.linuxhelp.server .......................................... [TPGs: 1] | o- tpg1 ....................................................... [no-gen-acls, no-auth] | o- acls .................................................................. [ACLs: 1] | | o- iqn.2015-06.com.linuxhelp.client ............................. [Mapped LUNs: 1] | | o- mapped_lun0 ................................... [lun0 block/iscsi_block (rw)] | o- luns .................................................................. [LUNs: 1] | | o- lun0 ....................................... [block/iscsi_block (/dev/vg1/lv1)] | o- portals ............................................................ [Portals: 2] | o- 0.0.0.0:3260 ............................................................. [OK] | o- 192.168.5.189:3260 ....................................................... [OK] o- loopback ................................................................. [Targets: 0] /> saveconfig Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json /> exit Global pref auto_save_on_exit=true Last 10 configs saved in /etc/target/backup. Configuration saved to /etc/target/saveconfig.json
Type exit and press Enter to quit the targetcli shell. The configuration will be saved automatically to /etc/target/saveconfig.json.
Now Verify the ports using netstat command.
[root@linuxhelp ~]# netstat -npltu | grep 3260
tcp 0 0 192.168.5.189:3260 0.0.0.0:* LISTEN -
To add the port number to the firewall , run the following command and reload the firewall as shown below.
[root@linuxhelp ~]# firewall-cmd --permanent --add-port=3260/tcp success [root@linuxhelp ~]# firewall-cmd --reload Success
Now restart the service, using the following command.
[root@linuxhelp ~]# systemctl restart target
To Setup the Client Initiator
Run the following command, to install the iscsi-initiator-utils package in the client machine to access the server.
[root@linuxhelp ~]# yum install iscsi-initiator-utils -y
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* epel: epel.mirror.net.in
* extras: mirror.nbrc.ac.in
* updates: mirror.nbrc.ac.in
Resolving Dependencies
--> Running transaction check
---> Package iscsi-initiator-utils.x86_64 0:6.2.0.873-21.el7 will be updated
--> Processing Dependency: iscsi-initiator-utils = 6.2.0.873-21.el7 for package: iscsi-initiator-utils-iscsiuio-6.2.0.873-21.el7.x86_64
---> Package iscsi-initiator-utils.x86_64 0:6.2.0.873-32.el7 will be an update
--> Running transaction check
---> Package iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-21.el7 will be updated
---> Package iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-32.el7 will be an update
--> Finished Dependency Resolution
.
.
.
Updated:
iscsi-initiator-utils.x86_64 0:6.2.0.873-32.el7
Dependency Updated:
iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-32.el7
Complete!
The installation of iscsi-initiator-utils is successfully created.
Open ' /etc/iscsi/initiatorname.iscsi' file and replace the default initiator name, which was set in the ACL on the server and then save the file.
Now start and enable the service as shown below.
[root@linuxhelp ~]# systemctl start iscsi
[root@linuxhelp ~]# systemctl start iscsid
[root@linuxhelp ~]# systemctl enable iscsi
[root@linuxhelp ~]# systemctl enable iscsid
ln -s ' /usr/lib/systemd/system/iscsid.service' ' /etc/systemd/system/multi-user.target.wants/iscsid.service'
Run the following command to list the partitions
[root@linuxhelp ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
??sda1 8:1 0 500M 0 part /boot
??sda2 8:2 0 2G 0 part [SWAP]
??sda3 8:3 0 17.6G 0 part /
sr0 11:0 1 1024M 0 rom
Run the iscsiadm in discovery mode with the serverIP address, to discover the server.
[root@linuxhelp ~]# iscsiadm --mode discovery --type sendtargets --portal 192.168.5.189
192.168.5.189:3260,1 iqn.2015-06.com.linuxhelp.server
Now contact the target in node mode and Login to the server from client machine.
[root@linuxhelp ~]# iscsiadm --mode node --targetname iqn.2015-06.com.linuxhelp.server --portal 192.168.5.189 --login
Logging in to [iface: default, target: iqn.2015-06.com.linuxhelp.server, portal: 192.168.5.189,3260] (multiple)
Login to [iface: default, target: iqn.2015-06.com.linuxhelp.server, portal: 192.168.5.189,3260] successful.
Run the following command to list and view the partition
[root@linuxhelp ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
??sda1 8:1 0 500M 0 part /boot
??sda2 8:2 0 2G 0 part [SWAP]
??sda3 8:3 0 17.6G 0 part /
sdb 8:16 0 8G 0 disk
sr0 11:0 1 1024M 0 rom
Now create the file system for the partition ' sdb' by using the below command.
[root@linuxhelp ~]# mkfs.ext4 /dev/sdb
mke2fs 1.42.9 (28-Dec-2013)
/dev/sdb is entire device, not just one partition!
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
.
.
.
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
Finally mount the partition ' /dev/sdb' under the directory ' /mnt'
[root@linuxhelp ~]# mount /dev/sdb /mnt
Use the following blkid command to get the UUID of the partition.
[root@linuxhelp ~]# blkid /dev/sdb /dev/sdb: UUID=" 5c74addd-9efc-4f6b-9f33-b4af0cd91b02" TYPE=" ext4" [root@linuxhelp ~]# blkid /dev/sdb > > /etc/fstab
Add the entries in ' /etc/fstab' for making the mount permanent.
The _netdev mount option should be used to differ the mounting of these file systems, until the network service starts.
[root@linuxhelp ~]# vim /etc/fstab
## /etc/fstab
.
.
.
UUID=5c74addd-9efc-4f6b-9f33-b4af0cd91b02 /mnt ext4 defaults,_netdev 0 0
Now mount the partition using the following command.
[root@linuxhelp ~]# mount &ndash a
Now display the partition using the following command.
[root@linuxhelp ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 18G 3.4G 15G 20% /
devtmpfs 486M 0 486M 0% /dev
tmpfs 494M 176K 494M 1% /dev/shm
tmpfs 494M 7.1M 487M 2% /run
tmpfs 494M 0 494M 0% /sys/fs/cgroup
/dev/sda1 497M 116M 382M 24% /boot
/dev/sdb 7.8G 36M 7.3G 1% /mnt
Now the devices are ready to use.
Comments ( 0 )
No comments available