常见的存储技术(存储架构)
1、DAS(Direct Attacted Storage 直接附加存储)
顾名思义,直接附加存储就是将存储直接附加在应用服务器中来实现数据的存储。存储设备是通过接口类型于应用程序服务器连接的。
常见的接口类型有:
IDE (并行):数据可能有干扰 理论:133MB/s。早期是叫做ATA
SATA (串行)II: 3Gbps III: 6Gbps
IDE速度慢,出现了SCSI(Smal System System Interface)。
SCSI接口:
UltraSCSI-320:320MB/s
UltraSCSI-640:640MB/s
SAS: 6Gbps
USB,sSATA,1394
现在直连式存储与服务器主机之间的连接通道通常采用SCSI协议连接
2、NAS(Network Attacted Storage 网络附加存储)
一般说来,NAS是文件服务器。像NFS,Samba等。提供文件级别的共享。
3、SAN(Storage Aere Network 存储区域网络)
简单的来说就是借助于网络来传输SCSI协议报文。 操作系统中的内核中有对应的scsi模块。借助于隧道模式将 SCSI 报文传输出去。还需要底层的硬盘接口虚拟为scsi接口。
SCSI之间的通信模型
SCSI之间通信是一种C/S架构。
客户端:
叫做Initator(发起者 C)
服务端:
这里称之为Target:(目标 S),每个Target可包含多个LUN(Logical Unit Number 逻辑单元)。真正提供服务的是LUN。
下图是SCSI协议之间通信的过程:
操作系统如何识别SCSI协议的报文(设别协议的过程)
操作系统接收到SCSI报文后,请求数据(读写)的过程如下:
内核空间:系统调用 --》 虚拟文件系统 --》 文件系统 --》 buffer cache --》 驱动 --》 SCSI接口
用户空间:通过GNU c library 调用内核空间的系统调用
如下图:
所谓iSCSI是利用tcp/ip协议来传输SCSI报文的一种机制。
一、环境
系统:CentOS 6.4x64最小化安装
Target:192.168.3.43
Initator:192.168.3.46
二、安装配置服务端
Target端(192.168.3.43):
#准备好要共享的设备 [[email protected] ~]# fdisk -l |grep dev/sdc Disk /dev/sdc: 322.1 GB, 322122547200 bytes /dev/sdc1 1 13055 104864256 83 Linux #大概100G /dev/sdc2 13056 39162 209704477+ 83 Linux #大概200G #安装iscsi软件 [[email protected] ~]# yum install scsi-target-utils -y [[email protected] ~]# chkconfig tgtd on [[email protected] ~]# service tgtd start Starting SCSI target daemon: [ OK ] [[email protected] ~]# netstat -tunlp |grep tgtd #默认端口监听在3260上 tcp 0 0 0.0.0.0:3260 0.0.0.0:* LISTEN 1536/tgtd tcp 0 0 :::3260 :::* LISTEN 1536/tgtd #在iptables中放行3260 [[email protected] ~]# iptables -I INPUT -p tcp --dport 3260 -j ACCEPT [[email protected] ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3260 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
使用tgtadm命令方式配置scsi服务
tgtadm命令的介绍:
tgtadm 是一个模式化的命令 使用格式:tgtadm --lld [driver] --op [operation] --mode [mode] [OPTION]... 常见的模式(mode):target logicalunit account ##################################################### target模式的管理命令:管理target new:创建一个新的 target show:显示target delete:删除target update:更新(修改)target bind:基于IP地址控制 unbind:解除绑定 ##################################################### logicalunit模式的管理命令:关联tid和后端磁盘 new:创建一个新的LUN deltete:删除一个已有的LUN ##################################################### account模式的管理命令:管理account CHAP(挑战式握手应用) 单向认证 new deltete bind unbid ##################################################### target和Initator之间是通过iqn名称来通信的 iqn格式名称: iqn.yyyy-mm.reverse-domaim-name:string[.sunstring] 例如:iscsi-iname -p iqn.2014-09.com.magedu.target 也可通过命令的生成的方式:iscsi-iname -p iqn.2014-09.com.magedu ##################################################### 示例: # (1)、添加一个新的 target 且其ID为 [id], 名字为 [name]. --lld [driver] --op new --mode target --tid=[id] --targetname [name] # (2)、显示所有或某个特定的target: --lld [driver] --op show --mode target [--tid=[id]] # (3)、向某ID为[id]的设备上添加一个新的LUN,其号码为[lun],且此设备提供给initiator使用。 ## [path]是某“块设备”的路径,此块设备也可以是raid或lvm设备。lun0已经被系统预留。 --lld [driver] --op new --mode=logicalunit --tid=[id] --lun=[lun] --backing-store [path] # (4)、删除ID为[id]的target: --lld [driver] --op delete --mode target --tid=[id] # (5)、删除target [id]中的LUN [lun]: -lld [driver] --op delete --mode=logicalunit --tid=[id] --lun=[lun] # (6)、定义某target的基于主机的访问控制列表,其中,[address]表示允许访问此target的 # initiator客户端的列表: --lld [driver] --op bind --mode=target --tid=[id] --initiator-address=[address] # (7)、解除target [id]的访问控制列表中[address]的访问控制权限: --lld [driver] --op unbind --mode=target --tid=[id] --initiator-address=[address]
通过tgtadm命令提供SCSI服务:
#步骤如下: #创建一个target: [[email protected] ~]# tgtadm --lld iscsi --op new --mode target --tid 1 -T iqn.2015-07.com.weyee:test1 # 创建LUN,号码为1: [[email protected] ~]# tgtadm --lld iscsi --op new --mode logicalunit --tid 1 --lun 1 -b /dev/sdc1 # 开放给192.168.3.0/24网络中的主机访问 [[email protected] ~]# tgtadm --lld iscsi --op bind --mode target --tid 1 -I 192.168.3.0/24 其中的-I相当于--initiator-address #查看创建后的结果 [[email protected] ~]# tgtadm --lld iscsi --op show --mode target Target 1: iqn.2015-07.com.weyee:test1 System information: Driver: iscsi State: ready I_T nexus information: LUN information: LUN: 0 Type: controller SCSI ID: IET 00010000 SCSI SN: beaf10 Size: 0 MB, Block size: 1 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: null Backing store path: None Backing store flags: LUN: 1 #这个是我们刚才创建的target Type: disk SCSI ID: IET 00010001 SCSI SN: beaf11 Size: 107381 MB, Block size: 512 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: rdwr Backing store path: /dev/sdc1 Backing store flags: Account information: ACL information: #定义哪些网段能够访问target 192.168.3.0/24
三、配置客户端
Initiator(192.168.3.46):
#客户端配置 [[email protected] ~]# yum install iscsi-initiator-utils -y [[email protected] ~]# chkconfig iscsi on [[email protected] ~]# service iscsi start
客户端Initator使用iscsiadm命令来发现,登陆设备。
iscsiadm命令介绍
iscsiadm是个模式化的工具,其模式可通过-m或--mode选项指定,常见的模式有discovery、 node、fw、session、host、iface几个。 如果没有额外指定其它选项,则discovery和node会显示其相关的所有记录; session用于显示所有的活动会话和连接 fw显示所有的启动固件值 host显示所有的iSCSI主机 iface显示/var/lib/iscsi/ifaces目录中的所有ifaces设定。 # 用法如下: iscsiadm -m discovery [ -d debug_level ] [ -P printlevel ] [ -I iface -t type -p ip:port [ -l ] ] iscsiadm -m node [ -d debug_level ] [ -P printlevel ] [ -L all,manual,automatic ] [ -U all,manual,automatic ] [ [ -T tar-getname -p ip:port -I iface ] [ -l | -u | -R | -s] ] [ [ -o operation ] # 参数说明: -d, --debug=debug_level 显示debug信息,级别为0-8; -l, --login -t, --type=type 这里可以使用的类型为sendtargets(可简写为st)、slp、fw和 isns, 此选项仅用于discovery模式,且目前仅支持st、fw和isns;其中st表示允许每个iSCSI target 发送一个可用target列表给initiator; -p, --portal=ip[:port] 指定target服务的IP和端口; -m, --mode op 可用的mode有discovery, node, fw, host iface 和 session -T, --targetname=targetname 用于指定target的名字 -u, --logout -o, --op=OPEARTION:指定针对discoverydb数据库的操作,其仅能为new、delete、update、show 和nonpersistent其中之一; -I, --interface=[iface]:指定执行操作的iSCSI接口,这些接口定义在/var/lib/iscsi/ifaces中;
通过iscsiadm命令发现target
#查看默认的iqn信息 [[email protected] ~]# cat /etc/iscsi/initiatorname.iscsi InitiatorName=iqn.1994-05.com.redhat:a999167c973 #执行iscsiadm发现target命令 [[email protected] ~]# iscsiadm -m discovery -t sendtargets -p 192.168.3.43 Starting iscsid: [ OK ] 192.168.3.43:3260,1 iqn.2015-07.com.weyee:test1 #成功发现target #登陆target #先看看本机的磁盘信息 [[email protected] ~]# fdisk -l |grep dev Disk /dev/sda: 21.5 GB, 21474836480 bytes /dev/sda1 * 1 26 204800 83 Linux /dev/sda2 26 281 2048000 82 Linux swap / Solaris /dev/sda3 281 2611 18717696 83 Linux #从上面的结果我们能看到本机只有一个/dev/sda磁盘 #执行登陆iscsi命令 [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43 -l Logging in to [iface: default, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260] (multiple) Login to [iface: default, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260] successful. #有successful表示登陆成功 #再次查看本地磁盘信息 [[email protected] ~]# fdisk -l |grep dev Disk /dev/sda: 21.5 GB, 21474836480 bytes /dev/sda1 * 1 26 204800 83 Linux /dev/sda2 26 281 2048000 82 Linux swap / Solaris /dev/sda3 281 2611 18717696 83 Linux Disk /dev/sdb: 107.4 GB, 107380998144 bytes #这里显示多出来一块磁盘 #将多出来的分区进行格式化并挂载 [[email protected] ~]# mkfs.ext4 /dev/sdb [[email protected] ~]# tune2fs -c -1 /dev/sdb tune2fs 1.41.12 (17-May-2010) Setting maximal mount count to -1 [[email protected] ~]# mount /dev/sdb /mnt [[email protected] ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 18G 1.2G 16G 8% / tmpfs 495M 0 495M 0% /dev/shm /dev/sda1 194M 28M 156M 16% /boot /dev/sdb 99G 188M 94G 1% /mnt [[email protected] ~]# touch /mnt/target.txt [[email protected] ~]# ls /mnt lost+found target.txt #如果客户端不想使用了,可以退出 [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43 -u Logging out of session [sid: 1, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260] Logout of [sid: 1, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260] successful. [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43 -o delete # 必要的时候,使用 rm -rf -rf /var/lib/iscsi/send_targets/*
四、实现target单向认证
配置target端:
#创建target认证需要的账号 [[email protected] ~]# tgtadm --lld iscsi --op new --mode account --user lyao --password 123456 #将用户和target进行绑定 [[email protected] ~]# tgtadm --lld iscsi --op bind --mode account --tid 1 --user lyao #查看结果 [[email protected] ~]# tgtadm --lld iscsi --op show --mode target Target 1: iqn.2015-07.com.weyee:test1 System information: Driver: iscsi State: ready I_T nexus information: LUN information: LUN: 0 Type: controller SCSI ID: IET 00010000 SCSI SN: beaf10 Size: 0 MB, Block size: 1 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: null Backing store path: None Backing store flags: LUN: 1 Type: disk SCSI ID: IET 00010001 SCSI SN: beaf11 Size: 107381 MB, Block size: 512 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: rdwr Backing store path: /dev/sdc1 Backing store flags: Account information: lyao #这里能看到添加的认证用户 ACL information: 192.168.3.0/24
配置Initiator端:
#先退出target [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43 -u [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43 -o delete [[email protected] ~]# rm -rf /var/lib/iscsi/send_targets/* #重启服务 [[email protected] ~]# service iscsid restart #再次执行发现命令 [[email protected] ~]# iscsiadm -m discovery -t sendtargets -p 192.168.3.43 192.168.3.43:3260,1 iqn.2015-07.com.weyee:test1 [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43 -l Logging in to [iface: default, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260] (multiple) iscsiadm: Could not login to [iface: default, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260]. #下面显示认证失败,我们在target端启用的身份认证 iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure) iscsiadm: Could not log into all portals #上面的问题是Initiator没有提供身份信息导致的 #编辑/etc/iscsi/iscsid.conf [[email protected] ~]# vim /etc/iscsi/iscsid.conf node.session.auth.authmethod = CHAP node.session.auth.username = lyao node.session.auth.password = 123456 [[email protected] ~]# service iscsid restart [[email protected] ~]# rm -rf /var/lib/iscsi/send_targets/192.168.3.43,3260/ #重新执行发现命令 [[email protected] ~]# iscsiadm -m discovery -t sendtargets -p 192.168.3.43 192.168.3.43:3260,1 iqn.2015-07.com.weyee:test1 [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43 -l Logging in to [iface: default, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260] (multiple) Login to [iface: default, target: iqn.2015-07.com.weyee:test1, portal: 192.168.3.43,3260] successful. [[email protected] ~]# fdisk -l |grep dev Disk /dev/sda: 21.5 GB, 21474836480 bytes /dev/sda1 * 1 26 204800 83 Linux /dev/sda2 26 281 2048000 82 Linux swap / Solaris /dev/sda3 281 2611 18717696 83 Linux Disk /dev/sdb: 107.4 GB, 107380998144 bytes #iscsi的单向认证配置成功 #说明如果initiator端已经登录过此target,此时还需要先注销登录后重启iscsid服务,并在删除此 前生成的database后重新发现target,并重新登入,过程如下: # iscsiadm -m session -r sid -u # iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43:3260 -u # iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43:3260 -o delete # rm -rf -rf /var/lib/iscsi/send_targets/192.168.3.43:3260 # service iscsid restart # iscsiadm -m discovery -t sendtargets -p 192.168.3.43 # iscsiadm -m node -T iqn.2015-07.com.weyee:test1 -p 192.168.3.43:3260 -l
五、通过配置文件配置target
在上文中我们通过命令配置的target,如果重启tgtd服务后,所有配置信息都会丢失
[[email protected] ~]# service tgtd restart Stopping SCSI target daemon: [ OK ] Starting SCSI target daemon: [ OK ] [[email protected] ~]# tgtadm --lld iscsi --op show --mode target
在这种情况下,我们只能通过配置文件来管理target
#编辑配置文件 [[email protected] ~]# vim /etc/tgt/targets.conf #添加如下内容 <target iqn.2015-07.com.weyee:web> <backing-store /dev/sdc1> lun 7 </backing-store> initiator-address 192.168.3.0/24 </target> [[email protected] ~]# service tgtd restart Stopping SCSI target daemon: [ OK ] Starting SCSI target daemon: [ OK ] [[email protected] ~]# tgtadm --lld iscsi --op show --mode target Target 1: iqn.2015-07.com.weyee:web System information: Driver: iscsi State: ready I_T nexus information: LUN information: LUN: 0 Type: controller SCSI ID: IET 00010000 SCSI SN: beaf10 Size: 0 MB, Block size: 1 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: null Backing store path: None Backing store flags: LUN: 7 Type: disk SCSI ID: IET 00010007 SCSI SN: beaf17 Size: 107381 MB, Block size: 512 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: rdwr Backing store path: /dev/sdc1 Backing store flags: Account information: ACL information: 192.168.3.0/24 #在客户端进行如下操作 [[email protected] ~]# iscsiadm -m discovery -t sendtargets -p 192.168.3.43 192.168.3.43:3260,1 iqn.2015-07.com.weyee:web [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:web -p 192.168.3.43 -l Logging in to [iface: default, target: iqn.2015-07.com.weyee:web, portal: 192.168.3.43,3260] (multiple) Login to [iface: default, target: iqn.2015-07.com.weyee:web, portal: 192.168.3.43,3260] successful. #登陆成功 #再将/dev/sdc2添加进来并要求身份认证 #编辑配置文件 [[email protected] ~]# vim /etc/tgt/targets.conf <target iqn.2015-07.com.weyee:nfs> <backing-store /dev/sdc2> lun 4 </backing-store> incominguser weyee weyee2014 initiator-address 192.168.3.0/24 </target> #重载tgtd服务 [[email protected] ~]# service tgtd reload Updating SCSI target daemon configuration: [ OK ] [[email protected] ~]# tgtadm --lld iscsi --op show --mode target Target 1: iqn.2015-07.com.weyee:web System information: Driver: iscsi State: ready I_T nexus information: I_T nexus: 1 Initiator: iqn.1994-05.com.redhat:a999167c973 Connection: 0 IP Address: 192.168.3.46 LUN information: LUN: 0 Type: controller SCSI ID: IET 00010000 SCSI SN: beaf10 Size: 0 MB, Block size: 1 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: null Backing store path: None Backing store flags: LUN: 7 Type: disk SCSI ID: IET 00010007 SCSI SN: beaf17 Size: 107381 MB, Block size: 512 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: rdwr Backing store path: /dev/sdc1 Backing store flags: Account information: ACL information: 192.168.3.0/24 Target 2: iqn.2015-07.com.weyee:nfs System information: Driver: iscsi State: ready I_T nexus information: LUN information: LUN: 0 Type: controller SCSI ID: IET 00020000 SCSI SN: beaf20 Size: 0 MB, Block size: 1 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: null Backing store path: None Backing store flags: LUN: 4 Type: disk SCSI ID: IET 00020004 SCSI SN: beaf24 Size: 214737 MB, Block size: 512 Online: Yes Removable media: No Prevent removal: No Readonly: No Backing store type: rdwr Backing store path: /dev/sdc2 Backing store flags: Account information: weyee ACL information: 192.168.3.0/24 #在客户端执行discovery [[email protected] ~]# iscsiadm -m discovery -t sendtargets -p 192.168.3.43 192.168.3.43:3260,1 iqn.2015-07.com.weyee:web 192.168.3.43:3260,1 iqn.2015-07.com.weyee:nfs #登陆到iqn.2015-07.com.weyee:nfs [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:nfs -p 192.168.3.43 -l Logging in to [iface: default, target: iqn.2015-07.com.weyee:nfs, portal: 192.168.3.43,3260] (multiple) iscsiadm: Could not login to [iface: default, target: iqn.2015-07.com.weyee:nfs, portal: 192.168.3.43,3260]. #认证失败 iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure) iscsiadm: Could not log into all portals #编辑客户端配置文件 [[email protected] ~]# vim /etc/iscsi/iscsid.conf node.session.auth.authmethod = CHAP node.session.auth.username = weyee node.session.auth.password = weyee2014 #停止所有已登陆的target [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:web -p 192.168.3.43 -u Logging out of session [sid: 8, target: iqn.2015-07.com.weyee:web, portal: 192.168.3.43,3260] Logout of [sid: 8, target: iqn.2015-07.com.weyee:web, portal: 192.168.3.43,3260] successful. [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:web -p 192.168.3.43 -o delete [[email protected] ~]# rm -rf /var/lib/iscsi/send_targets/* #重启客户端的iscsi服务 [[email protected] ~]# service iscsi restart #再次执行discovery [[email protected] ~]# iscsiadm -m discovery -t sendtargets -p 192.168.3.43 192.168.3.43:3260,1 iqn.2015-07.com.weyee:web 192.168.3.43:3260,1 iqn.2015-07.com.weyee:nfs #登陆到iqn.2015-07.com.weyee:nfs,这个需要身份认证 [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:nfs -p 192.168.3.43 -l Logging in to [iface: default, target: iqn.2015-07.com.weyee:nfs, portal: 192.168.3.43,3260] (multiple) Login to [iface: default, target: iqn.2015-07.com.weyee:nfs, portal: 192.168.3.43,3260] successful. #下面的不需要身份认证 [[email protected] ~]# iscsiadm -m node -T iqn.2015-07.com.weyee:web -p 192.168.3.43 -l Logging in to [iface: default, target: iqn.2015-07.com.weyee:web, portal: 192.168.3.43,3260] (multiple) Login to [iface: default, target: iqn.2015-07.com.weyee:web, portal: 192.168.3.43,3260] successful. #查看磁盘信息 [[email protected] ~]# fdisk -l |grep dev Disk /dev/sda: 21.5 GB, 21474836480 bytes /dev/sda1 * 1 26 204800 83 Linux /dev/sda2 26 281 2048000 82 Linux swap / Solaris /dev/sda3 281 2611 18717696 83 Linux Disk /dev/sdb: 214.7 GB, 214737384960 bytes Disk /dev/sdc: 107.4 GB, 107380998144 bytes #这里能看到2个iscsi的共享盘能正常显示