Tutorial News Comments FAQ Related Articles

How to Create Centralized Secure Storage in Linux

{{postValue.id}}

To Create Centralized Secure Storage in Linux

Creation of centralized secure storage using iSCSI is explained in this article. iSCSI Protocol handles the storage devices in TCP/IP Networks over long distance. Its target is a remote hard disk which is available from a remote iSCSI server. In iSCSI, the client is known as Initiator and the storage server is known as Target machine.
Target:
Operating System &ndash Centos 7
iSCSI Target IP &ndash 192.168.5.189
Initiator:
Operating System &ndash Centos 7
iSCSI Target IP &ndash 192.168.5.190

To Install the Packages on iSCSI Target

Use the following command to install the administrator tool packages in server machine.

[root@linuxhelp ~]# yum install targetcli* -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * extras: ftp.iitm.ac.in
 * updates: ftp.iitm.ac.in
Resolving Dependencies
-->  Running transaction check
--->  Package targetcli.noarch 0:2.1.fb41-3.el7 will be installed
.
.
.
Installed:
  targetcli.noarch 0:2.1.fb41-3.el7                                             
Dependency Installed:
  pyparsing.noarch 0:1.5.6-9.el7                                                
  python-configshell.noarch 1:1.1.fb18-1.el7                                    
  python-ethtool.x86_64 0:0.8-5.el7                                             
  python-kmod.x86_64 0:0.9-4.el7                                                
  python-rtslib.noarch 0:2.1.fb57-3.el7                                         
  python-six.noarch 0:1.9.0-2.el7                                               
  python-urwid.x86_64 0:1.1.1-3.el7                                             
Complete!


Start and enable the service using the following command.

[root@linuxhelp ~]# systemctl start target
[root@linuxhelp ~]# systemctl enable target
ln -s ' /usr/lib/systemd/system/target.service'  ' /etc/systemd/system/multi-user.target.wants/target.service'

To Define the LUNs in Target Server

First create a logical volume ' lv1' to define LUNs in the Target. To configure iSCSI open a ' targetcli' shell. Now execute the following commands to Create a block storage , IQN( Iscsi Qualified Name ), Access Control List, LUNs and portals in the Target server.


Explanation:
Block storage- is a local storage resource.
IQN- an Iscsi Qualified Name is used to address the target server.
Access Control List- Mention the client address in ACL to access the server from the client machine.
LUNs - we define luns in server to make the storage space available for the client.
Portals- creates port for server IP

[root@linuxhelp ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.fb41
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type ' help' .
/>  /backstores/block  create iscsi_block /dev/vg1/lv1
Created block storage object iscsi_block using /dev/vg1/lv1.
/>  iscsi/ create iqn.2015-06.com.linuxhelp.server
Created target iqn.2015-06.com.linuxhelp.server.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/>  iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/acls create iqn.2015-06.com.linuxhelp.client
Created Node ACL for iqn.2015-06.com.linuxhelp.client
/>  iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/luns create /backstores/block/iscsi_block
Created LUN 0.
Created LUN 0-> 0 mapping in node ACL iqn.2015-06.com.linuxhelp.client
/>  iscsi/iqn.2015-06.com.linuxhelp.server/tpg1/portals/ create 192.168.5.189
Using default IP port 3260
Created network portal 192.168.5.189:3260.
/>  ls
o- / ................................................................................. [...]
o- backstores ...................................................................... [...]
| o- block .......................................................... [Storage Objects: 1]
| | o- iscsi_block .......................... [/dev/vg1/lv1 (8.0GiB) write-thru activated]
| o- fileio ......................................................... [Storage Objects: 0]
| o- pscsi .......................................................... [Storage Objects: 0]
| o- ramdisk ........................................................ [Storage Objects: 0]
o- iscsi .................................................................... [Targets: 1]
| o- iqn.2015-06.com.linuxhelp.server .......................................... [TPGs: 1]
|   o- tpg1 ....................................................... [no-gen-acls, no-auth]
|     o- acls .................................................................. [ACLs: 1]
|     | o- iqn.2015-06.com.linuxhelp.client ............................. [Mapped LUNs: 1]
|     |   o- mapped_lun0 ................................... [lun0 block/iscsi_block (rw)]
|     o- luns .................................................................. [LUNs: 1]
|     | o- lun0 ....................................... [block/iscsi_block (/dev/vg1/lv1)]
|     o- portals ............................................................ [Portals: 2]
|       o- 0.0.0.0:3260 ............................................................. [OK]
|       o- 192.168.5.189:3260 ....................................................... [OK]
o- loopback ................................................................. [Targets: 0]
/>  saveconfig
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json
/>  exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json


Type exit and press Enter to quit the targetcli shell. The configuration will be saved automatically to /etc/target/saveconfig.json.
Now Verify the ports using netstat command.


[root@linuxhelp ~]# netstat -npltu | grep 3260
tcp        0      0 192.168.5.189:3260      0.0.0.0:*               LISTEN      -


To add the port number to the firewall , run the following command and reload the firewall as shown below.

[root@linuxhelp ~]# firewall-cmd --permanent --add-port=3260/tcp
success
[root@linuxhelp ~]# firewall-cmd --reload
Success


Now restart the service, using the following command.

[root@linuxhelp ~]# systemctl restart target

To Setup the Client Initiator

Run the following command, to install the iscsi-initiator-utils package in the client machine to access the server.

[root@linuxhelp ~]# yum install iscsi-initiator-utils -y
Loaded plugins: fastestmirror, langpacks
base                                                                 | 3.6 kB  00:00:00
epel/x86_64/metalink                                                 | 3.6 kB  00:00:00
extras                                                               | 3.4 kB  00:00:00
updates                                                              | 3.4 kB  00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* epel: epel.mirror.net.in
* extras: mirror.nbrc.ac.in
* updates: mirror.nbrc.ac.in
Resolving Dependencies
-->  Running transaction check
--->  Package iscsi-initiator-utils.x86_64 0:6.2.0.873-21.el7 will be updated
-->  Processing Dependency: iscsi-initiator-utils = 6.2.0.873-21.el7 for package: iscsi-initiator-utils-iscsiuio-6.2.0.873-21.el7.x86_64
--->  Package iscsi-initiator-utils.x86_64 0:6.2.0.873-32.el7 will be an update
-->  Running transaction check
--->  Package iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-21.el7 will be updated
--->  Package iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-32.el7 will be an update
-->  Finished Dependency Resolution
.
.
.
Updated:
iscsi-initiator-utils.x86_64 0:6.2.0.873-32.el7
Dependency Updated:
iscsi-initiator-utils-iscsiuio.x86_64 0:6.2.0.873-32.el7
Complete!


The installation of iscsi-initiator-utils is successfully created.
Open ' /etc/iscsi/initiatorname.iscsi' file and replace the default initiator name, which was set in the ACL on the server and then save the file.
Now start and enable the service as shown below.

[root@linuxhelp ~]# systemctl start iscsi
[root@linuxhelp ~]# systemctl start iscsid
[root@linuxhelp ~]# systemctl enable iscsi
[root@linuxhelp ~]# systemctl enable iscsid
ln -s ' /usr/lib/systemd/system/iscsid.service'  ' /etc/systemd/system/multi-user.target.wants/iscsid.service'


Run the following command to list the partitions

[root@linuxhelp ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
??sda1 8:1 0 500M 0 part /boot
??sda2 8:2 0 2G 0 part [SWAP]
??sda3 8:3 0 17.6G 0 part /
sr0 11:0 1 1024M 0 rom


Run the iscsiadm in discovery mode with the serverIP address, to discover the server.



[root@linuxhelp ~]# iscsiadm --mode discovery --type sendtargets --portal 192.168.5.189
192.168.5.189:3260,1 iqn.2015-06.com.linuxhelp.server


Now contact the target in node mode and Login to the server from client machine.

[root@linuxhelp ~]# iscsiadm --mode node --targetname iqn.2015-06.com.linuxhelp.server --portal 192.168.5.189 --login
Logging in to [iface: default, target: iqn.2015-06.com.linuxhelp.server, portal: 192.168.5.189,3260] (multiple)
Login to [iface: default, target: iqn.2015-06.com.linuxhelp.server, portal: 192.168.5.189,3260] successful.


Run the following command to list and view the partition

[root@linuxhelp ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 20G 0 disk
??sda1 8:1 0 500M 0 part /boot
??sda2 8:2 0 2G 0 part [SWAP]
??sda3 8:3 0 17.6G 0 part /
sdb 8:16 0 8G 0 disk
sr0 11:0 1 1024M 0 rom


Now create the file system for the partition ' sdb' by using the below command.


[root@linuxhelp ~]# mkfs.ext4 /dev/sdb
mke2fs 1.42.9 (28-Dec-2013)
/dev/sdb is entire device, not just one partition!
Proceed anyway? (y,n) y
Filesystem label=
OS type: Linux
.
.
.
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done


Finally mount the partition ' /dev/sdb' under the directory ' /mnt' 

[root@linuxhelp ~]# mount /dev/sdb /mnt


Use the following blkid command to get the UUID of the partition.

[root@linuxhelp ~]# blkid /dev/sdb
/dev/sdb: UUID=" 5c74addd-9efc-4f6b-9f33-b4af0cd91b02"  TYPE=" ext4" 
[root@linuxhelp ~]# blkid /dev/sdb > >  /etc/fstab


Add the entries in ' /etc/fstab' for making the mount permanent.


The _netdev mount option should be used to differ the mounting of these file systems, until the network service starts.

[root@linuxhelp ~]# vim /etc/fstab
## /etc/fstab
.
.
.
UUID=5c74addd-9efc-4f6b-9f33-b4af0cd91b02 /mnt ext4 defaults,_netdev 0 0


Now mount the partition using the following command.

[root@linuxhelp ~]# mount &ndash a


Now display the partition using the following command.

[root@linuxhelp ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 18G 3.4G 15G 20% /
devtmpfs 486M 0 486M 0% /dev
tmpfs 494M 176K 494M 1% /dev/shm
tmpfs 494M 7.1M 487M 2% /run
tmpfs 494M 0 494M 0% /sys/fs/cgroup
/dev/sda1 497M 116M 382M 24% /boot
/dev/sdb 7.8G 36M 7.3G 1% /mnt


Now the devices are ready to use.

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

what is the name of the package for iscsi target in Linux?

A

the name of the package for iscsi target is "targetcli"

Q

Which command is used to switch on iscsi configuration part?

A

use the "targetcli" command to switch to iscsi configuration part

Q

Which package to be installed in client side setup for iscsi?

A

use the following command to install the client side setup package
# yum install iscsi-initiator-utils -y

Q

Which command is used to allow custom port to share the disk in client side usage?

A

you can allow the custom port to share disk by following command
# firewall-cmd --permanent --add-port=3260/tcp

Q

How to start application of iscsi server ?

A

by using following command start the iscsi
#systemctl start target
#systemctl enable target

Back To Top!