iscsi_server_client_chap_username_password_targetcli
设置步骤
server 端
1,安装server端软件
2,进入配置软件
3,新增block设备
4,新增iscsi
5,给iscsi新增Lun设备(关联第3不新增的block设备)
6,配置iscsi的权限(认证方式,用户和密码 和登录acls列表)
client端
1,安装client端软件
2,修改initiatorname(server端acls设置)
3,修改认证方式为用户名和密码,重启服务
4,查找iscsi可用设备
5,登录iscsi,格式,挂载
问题:使用匹配登录,不认证的方式,居然只能只读,有知道原因的同学,可以告诉我一下,多谢!
server
[root@k8s-node1 ~]# systemctl start targetd
[root@k8s-node1 ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type ‘help’.
/> ls
o- / … […]
o- backstores … […]
| o- block … [Storage Objects: 0]
| o- fileio … [Storage Objects: 0]
| o- pscsi … [Storage Objects: 0]
| o- ramdisk … [Storage Objects: 0]
o- iscsi … [Targets: 0]
o- loopback … [Targets: 0]
/> cd backstores/fileio
/backstores/fileio> create
file_or_dev= name= size= sparse= write_back= wwn=
/backstores/fileio> create file_or_dev=/home/test name=test size=1G
Created fileio test with size 1073741824
/backstores/fileio> cd /iscsi
/iscsi> create wwn=iqn.2022-06.com.test
Created target iqn.2022-06.com.test.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> cd iqn.2022-06.com.test/tpg1/acls
/iscsi/iqn.20…est/tpg1/acls> create
add_mapped_luns= wwn=
/iscsi/iqn.20…est/tpg1/acls> create wwn=iqn.2022-06.com.test:client
Created Node ACL for iqn.2022-06.com.test:client
/iscsi/iqn.20…est/tpg1/acls> cd …/
…/acls/ …/luns/ …/portals/
/iscsi/iqn.20…est/tpg1/acls> cd …/luns
/iscsi/iqn.20…est/tpg1/luns> create
/backstores/fileio/test anaconda-ks.cfg add_mapped_luns=
lun= storage_object=
/iscsi/iqn.20…est/tpg1/luns> create lun=lun0 storage_object=/backstores/fileio/test
Created LUN 0.
Created LUN 0->0 mapping in node ACL iqn.2022-06.com.test:client
/iscsi/iqn.20…est/tpg1/luns> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json
[root@k8s-node1 ~]# targetcli
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type ‘help’.
/iscsi/iqn.20…est/tpg1/luns> cd …
/iscsi/iqn.20…com.test/tpg1> ls
o- tpg1 … [no-gen-acls, no-auth]
o- acls … [ACLs: 1]
| o- iqn.2022-06.com.test:client … [Mapped LUNs: 1]
| o- mapped_lun0 … [lun0 fileio/test (rw)]
o- luns … [LUNs: 1]
| o- lun0 … [fileio/test (/home/test) (default_tg_pt_gp)]
o- portals … [Portals: 1]
o- 0.0.0.0:3260 … [OK]
/iscsi/iqn.20…com.test/tpg1> set attribute
authentication= cache_dynamic_acls= default_cmdsn_depth=
default_erl= demo_mode_discovery= demo_mode_write_protect=
fabric_prot_type= generate_node_acls= login_keys_workaround=
login_timeout= netif_timeout= prod_mode_write_protect=
t10_pi= tpg_enabled_sendtargets=
/iscsi/iqn.20…com.test/tpg1> set attribute generate_node_acls=1 #不设置这个,client连接失败
Parameter generate_node_acls is now ‘1’.
/iscsi/iqn.20…com.test/tpg1> ls
o- tpg1 … [gen-acls, no-auth]
o- acls … [ACLs: 1]
| o- iqn.2022-06.com.test:client … [Mapped LUNs: 1]
| o- mapped_lun0 … [lun0 fileio/test (rw)]
o- luns … [LUNs: 1]
| o- lun0 … [fileio/test (/home/test) (default_tg_pt_gp)]
o- portals … [Portals: 1]
o- 0.0.0.0:3260 … [OK]
/iscsi/iqn.20…com.test/tpg1>
#设置账户密码认证
/iscsi/iqn.20…com.test/tpg1> set attribute authentication=1
Parameter authentication is now ‘1’.
/iscsi/iqn.20…com.test/tpg1> ls
o- tpg1 … [gen-acls, tpg-auth, 1-way auth]
o- acls … [ACLs: 1]
| o- iqn.2022-06.com.test:client … [auth via tpg, Mapped LUNs: 1]
| o- mapped_lun0 … [lun0 fileio/test (rw)]
o- luns … [LUNs: 1]
| o- lun0 … [fileio/test (/home/test) (default_tg_pt_gp)]
o- portals … [Portals: 1]
o- 0.0.0.0:3260 … [OK]
/iscsi/iqn.20…com.test/tpg1> cd acls/iqn.2022-06.com.test:client/mapped_lun0
/iscsi/iqn.20…t/mapped_lun0> set g
global group=
/iscsi/iqn.20…t/mapped_lun0> cd …
/iscsi/iqn.20…m.test:client> set auth
mutual_password= mutual_userid= password= userid=
/iscsi/iqn.20…m.test:client> set auth userid=username password=password
Parameter password is now ‘password’.
Parameter userid is now ‘username’.
/iscsi/iqn.20…m.test:client> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
client
[root@k8s-node2 ~]# yum install iscsi-initiator-utils -y
[root@k8s-node2 ~]# systemctl start iscsid
[root@k8s-node2 ~]# vim /etc/iscsi/initiatorname.iscsi
#将initiator修改成server端acls中设置的名称
InitiatorName=iqn.2022-06.com.test:client
[root@k8s-node2 ~]# source /etc/iscsi/initiatorname.iscsi
[root@k8s-node2 ~]# iscsiadm -m discovery -t st -p 192.168.0.61:3260
192.168.0.61:3260,1 iqn.2022-06.com.test
[root@k8s-node2 ~]# iscsiadm -m discovery -t st -p 192.168.0.61:3260 -l #/iscsi/iqn.20…com.test/tpg1> set attribute generate_node_acls=1 #不设置这个,client连接失败
192.168.0.61:3260,1 iqn.2022-06.com.test
Logging in to [iface: default, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260] (multiple)
iscsiadm: Could not login to [iface: default, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260].
iscsiadm: initiator reported error (24 - iSCSI login failed due to authorization failure)
[root@k8s-node2 ~]# iscsiadm -m discovery -t st -p 192.168.0.61:3260 -l
192.168.0.61:3260,1 iqn.2022-06.com.test
Logging in to [iface: default, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260] (multiple)
Login to [iface: default, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260] successful.
[root@k8s-node2 ~]# fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000b34fe
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 2099199 1048576 83 Linux
/dev/sda2 2099200 41943039 19921920 8e Linux LVM
Disk /dev/mapper/centos-root: 18.2 GB, 18249416704 bytes, 35643392 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdb: 1073 MB, 1073741824 bytes, 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 4194304 bytes
[root@k8s-node2 ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x1b617992.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (8192-2097151, default 8192):
Using default value 8192
Last sector, +sectors or +size{K,M,G} (8192-2097151, default 2097151):
Using default value 2097151
Partition 1 of type Linux and of size 1020 MiB is set
Command (m for help): w
fdisk: cannot write disk label: Bad file descriptor
#发现使用不认证的模式,挂载的iscsi是只读,有人知道原因的,请告知。后面做了用户名密码认证,则可以正常使用了
[root@k8s-node2 ~]# mount /dev/sdb /mnt
mount: /dev/sdb is write-protected, mounting read-only
mount: unknown filesystem type ‘(null)’
[root@k8s-node2 ~]# iscsiadm -m node -T iqn.2022-06.com.test -p 192.168.0.61:3260 -u
Logging out of session [sid: 2, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260]
Logout of [sid: 2, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260] successful.
[root@k8s-node2 ~]# rm -rf /var/lib/iscsi/send_targets/*
[root@k8s-node2 ~]# vim /etc/iscsi/iscsid.conf
[root@k8s-node2 ~]# systemctl restart iscsid
#开启密码认证,并设置用户名和密码
[root@k8s-node2 ~]# vim /etc/iscsi/iscsid.conf
开启如下选项
node.session.auth.authmethod = CHAP
node.session.auth.username = username
node.session.auth.password = password
[root@k8s-node2 ~]# systemctl restart iscsid
#查看iscsi可以用的设备
[root@k8s-node2 ~]# iscsiadm -m discovery -t st -p 192.168.0.61:3260
192.168.0.61:3260,1 iqn.2022-06.com.test
#将可以用的设备进行登录,进入系统中
[root@k8s-node2 ~]# iscsiadm -m discovery -t st -p 192.168.0.61:3260 -l
192.168.0.61:3260,1 iqn.2022-06.com.test
Logging in to [iface: default, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260] (multiple)
Login to [iface: default, target: iqn.2022-06.com.test, portal: 192.168.0.61,3260] successful.
#查看系统中新增的iscsi设置
[root@k8s-node2 ~]# fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000b34fe
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 2099199 1048576 83 Linux
/dev/sda2 2099200 41943039 19921920 8e Linux LVM
Disk /dev/mapper/centos-root: 18.2 GB, 18249416704 bytes, 35643392 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/centos-swap: 2147 MB, 2147483648 bytes, 4194304 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/sdb: 1073 MB, 1073741824 bytes, 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 4194304 bytes
[root@k8s-node2 ~]# fdisk /dev/sdb #格式化硬盘
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xcf058cf7.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p
Partition number (1-4, default 1):
First sector (8192-2097151, default 8192):
Using default value 8192
Last sector, +sectors or +size{K,M,G} (8192-2097151, default 2097151):
Using default value 2097151
Partition 1 of type Linux and of size 1020 MiB is set
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@k8s-node2 ~]# mkfs.ext3 /dev/sdb1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=1024 blocks
65280 inodes, 261120 blocks
13056 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8160 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
[root@k8s-node2 ~]# mount /dev/sdb1 /mnt
[root@k8s-node2 ~]# df -H #查看到/mnt已经是挂载是/dev/sdb1的iscsi设备了
Filesystem Size Used Avail Use% Mounted on
devtmpfs 942M 0 942M 0% /dev
tmpfs 954M 0 954M 0% /dev/shm
tmpfs 954M 10M 944M 2% /run
tmpfs 954M 0 954M 0% /sys/fs/cgroup
/dev/mapper/centos-root 19G 1.8G 17G 10% /
/dev/sda1 1.1G 158M 906M 15% /boot
tmpfs 191M 0 191M 0% /run/user/0
/dev/sdb1 1.1G 1.4M 982M 1% /mnt
最新文章
- IT-标准化-系列-7.使用VPC+VNC管理虚拟机
- 全国大学生智能猫竞速比赛
- unet 层_【paper阅读笔记】UNet
- VS开发C#窗体应用时怎样设置窗体属性
- Python数模笔记-PuLP库(1)线性规划入门
- ORA-00972: identifier is too long问题解决
- 高橋君とカード / Tak and Cards(AtCoder-2037)
- WordPress企业一号主题模板
- [思]刻意练习是不是这样的
- 信息系统项目管理师 高级 论文备考专题 老师现场写论文
- 软考必备资料大放送,全科目软考资料都给你备好了!
- python网络爬虫网易云音乐guihub_Github获8300星!用Python开发的一个命令行的网易云音乐...
- 5 步教你将 MRS 数据导入 DWS
- 21世纪十大营销法则
- Linux系统入门学习
- 使用python PIL 模块合成图片
- 跑步减肥的正确姿势与方法 不再担心女生跑步腿会变粗
- helm模板开发-流程控制、作用域、循环、变量(三)
- PTMs-GPT,GPT2
- PDF文件页面如何提取