iscsi initiator: open-iscsi 使用笔记
环境、内核版本、程序包版本:
fedra 6
[root@powerfc6two ~]# uname -a
Linux powerfc6two 2.6.18-1.2798.fc6xen #1 SMP Mon Oct 16 15:11:19 EDT 2006 i686 i686 i386 GNU/Linux
[root@powerfc6two ~]# iscsiadm -V
iscsiadm version 2.0-865
安装initiator:
iscsi-initiator-utils
open-iscsi官方网站:
open iscsi的主要组件:
iscsiadm: 命令行管理工具
iscsid: 后台服务程式
iscsid.conf: 配置文件
[root@powerfc6two ~]# rpm -ql iscsi-initiator-utils
/etc/iscsi/iscsid.conf
/etc/rc.d/init.d/iscsi
/etc/rc.d/init.d/iscsid
/sbin/iscsi-iname
/sbin/iscsiadm
/sbin/iscsid
/sbin/iscsistart
/usr/share/doc/iscsi-initiator-utils-6.2.0.865
/usr/share/doc/iscsi-initiator-utils-6.2.0.865/README
/usr/share/man/man8/iscsiadm.8.gz
/usr/share/man/man8/iscsid.8.gz
/var/lib/iscsi/ifaces
/var/lib/iscsi/isns
/var/lib/iscsi/nodes
/var/lib/iscsi/send_targets
/var/lib/iscsi/slp
/var/lib/iscsi/static
/var/lock/iscsi
open-iscsi的架构图:
在用户态的实现中:
open-iscsi initiator会将会话信息,target信息等等内容记录下来。像xml数据库一样。iscsid就相当于数据库服务器.iscsiadm就相当于数据库命令行。
在内核态的实现中:
管理策略与功能实现是分离的。从而可以根据设置的策略。实现会话恢复、会话复制、多路径存储等高级应用。
open-iscsi的数据结构:
树状的结构,一目了然。例如
node.name = iqn.2006-09.com:verycd
node.tpgt = 1
node.startup = automatic
iface.hwaddress = default
iface.iscsi_ifacename = default
iface.net_ifacename = default
iface.transport_name = tcp
node.discovery_address = 192.168.1.9
node.discovery_port = 3260
node.discovery_type = send_targets
node.session.initial_cmdsn = 0
node.session.initial_login_retry_max = 4
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.auth.authmethod = CHAP
node.session.auth.username = raymond
node.session.auth.password = ********
node.session.auth.username_in =
node.session.auth.password_in =
node.session.timeo.replacement_timeout = 120
node.session.err_timeo.abort_timeout = 10
node.session.err_timeo.reset_timeout = 30
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.DefaultTime2Wait = 0
node.session.iscsi.MaxConnections = 1
node.session.iscsi.MaxOutstandingR2T = 1
node.session.iscsi.ERL = 0
node.conn[0].address = 192.168.1.9
node.conn[0].port = 3260
node.conn[0].startup = manual
node.conn[0].tcp.window_size = 524288
node.conn[0].tcp.type_of_service = 0
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.auth_timeout = 45
node.conn[0].timeo.active_timeout = 5
node.conn[0].timeo.idle_timeout = 60
node.conn[0].timeo.ping_timeout = 5
node.conn[0].timeo.noop_out_interval = 10
node.conn[0].timeo.noop_out_timeout = 15
node.conn[0].iscsi.MaxRecvDataSegmentLength = 131072
node.conn[0].iscsi.HeaderDigest = None,CRC32C
node.conn[0].iscsi.DataDigest = None
node.conn[0].iscsi.IFMarker = No
node.conn[0].iscsi.OFMarker = No
iscsiadm命令解析:
open-iscsi 的配置命令就是iscsiadm,对用户而言可以把iscsiadm理解为数据操作。不过这里的数据结构是树状结构的,与xml的xpath相似。
[root@powerfc6two ~]# iscsiadm -h
iscsiadm -m discovery [ -dhV ] [-P printlevel] [ -t type -p ip:port -I ifaceN ... [ -l ] ] | [ -p ip:port ] [ -o operation ] [ -n name ] [ -v value ]
iscsiadm -m node [ -dhV ] [ -P printlevel ] [ -L all,manual,automatic ] [ -U all,manual,automatic ] [ -S ] [ [ -T targetname -p ip:port -I ifaceN ] [ -l | -u | -R | -s] ] [ [ -o operation ] [ -n name ] [ -v value ] ]
iscsiadm -m session [ -dhV ] [ -P printlevel] [ -r sessionid | sysfsdir [ -R | -u | -s ] [ -o operation ] [ -n name ] [ -v value ] ]
iscsiadm -m iface [ -dhV ] [ -P printlevel ] [ -I ifacename ] [ [ -o operation ] [ -n name ] [ -v value ] ]
里面最重要的一个一级节点就是node
对应命令中的 iscsiadm -m node
里面另外一个一级节点就是iface
可以不用设置,而且2.0.865版本中还不是稳定的功能。
这些节点的创建是通过discovery这个步骤实现的。
对应命令中的 iscsiadm -m discovery
eg:
iscsiadm -m discovery -t sendtargets -p 192.168.1.1:3260
iscsiadm例子:
Discovery mode:
- SendTargets iSCSI Discovery using the default driver and interface:
./iscsiadm -m discovery -t sendtargets -p 192.168.1.1:3260
This will first search /etc/iscsi/ifaces for interfaces using software iscsi. If any are found then nodes found during discovery will be setup so that they can logged in through those interfaces.
- SendTargets iSCSI Discovery with a specific interface. If you wish to only use a subset of the interfaces in /etc/iscsi/ifaces then you can pass them in during discovery:
./iscsiadm -m discovery -t sendtargets -p 192.168.1.1:3260 --inerface=iface0 --interface=iface1
Note that for software iscsi, we let the network layer select which NIC to use for discovery, but for later logins iscsiadm will use the NIC defined in the iface config.
qla4xxx support is very basic and experimental. It does not store the record info in the card's FLASH or the node DB, so you must rerun discovery every time the driver is reloaded.
Node mode. In node mode you can specify which records you want to log into by specifying the targetname, ip address, port or interface (if specifying the interface it must already be setup in the node db). iscsiadm will search the node db, for records which match the values you pass in, so if you pass in the targetname and interface, iscsiadm will search for records with those values and operate on only them. Passing in none of them will result in all node records being operated on.
- iSCSI Login to all portals on every node/starget through each interface set in the db:
./iscsiadm -m node -l
- iSCSI login to all portals on a node/target through each interface set in the db:
./iscsiadm -m node -T iqn.2005-03.com.max -l
- iSCSI login to a specific portal through each interface set in the db:
./iscsiadm -m node -T iqn.2005-03.com.max -p 192.168.0.4:3260 -l
To specify a IPv6 address the following can be used:
./iscsiadm -m node -T iqn.2005-03.com.max -p 2001:c90::211:9ff:feb8:a9e9 -l
The above command would use the default port, 3260. To specify a port use the following:
./iscsiadm -m node -T iqn.2005-03.com.max -p [2001:c90::211:9ff:feb8:a9e9]:3260 -l
- iSCSI Login to a specific portal through the NIC setup as iface0:
./iscsiadm -m node -T iqn.2005-03.com.max -p 192.168.0.4:3260 -I iface0 -l
- iSCSI Logout to all portals on every node/starget through each interface set in the db:
./iscsiadm -m node -u
Warning: this does not check startup values like the logout/login all option. Do not use this if you are running iscsi on your root disk.
- iSCSI 退出 to all portals on a node/target through each interface set in the db:
./iscsiadm -m node -T iqn.2005-03.com.max -u
- iSCSI logout to a specific portal through each interface set in the db:
./iscsiadm -m node -T iqn.2005-03.com.max -p 192.168.0.4:3260 -u
- iSCSI Logout to a specific portal through the NIC setup as iface0:
./iscsiadm -m node -T iqn.2005-03.com.max -p 192.168.0.4:3260 -I iface0
- Changing iSCSI parameter:
./iscsiadm -m node -T iqn.2005-03.com.max -p 192.168.0.4:3260 -o update -n node.cnx[0].iscsi.MaxRecvDataSegmentLength -v 65536
You can also change paramaters for multiple records at once, by specifying different combinations of the target, portal and interface like above.
- Adding custom iSCSI portal:
./iscsiadm -m node -o new -T iqn.2005-03.com.max -p 192.168.0.1:3260,2 -I iface4
The -I/--interface is optional. If not passed in, "default" is used. For tcp or iser, this would allow the network layer to decide what is best.
Note that for this command the target portal group tag (TPGT) should be passed in. If it is not passed in on the initial creation command then the user must run iscsiadm again to set the value. Also if the TPGT is not initially passed in, the old behavior of not tracking whether the record was statically or dynamically created is used.
- Adding custom NIC config to multiple targets:
./iscsiadm -m node -o new -I iface4
This command will add a interface config using the iSCSI and SCSI settings from iscsid.conf to every target that is in the node db.
- Removing iSCSI portal:
./iscsiadm -m node -o delete -T iqn.2005-03.com.max -p 192.168.0.4:3260
You can also delete multiple records at once, by specifying different combinations of the target, portal and interface like above.
- Display iSCSI portal onfiguration:
./iscsiadm -m node -T iqn.2005-03.com.max -p 192.168.0.4:3260
or
./iscsiadm -m node -o show -T iqn.2005-03.com.max -p 192.168.0.4:3260 You can also display multiple records at once, by specifying different combinations of the target, portal and interface like above.
Note: running "iscsiadm -m node" will only display the records. It will not display the configuration info. You must run, "iscsiadm -m node -o show".
- Show all node records:
./iscsiadm -m node
This will print the nodes using the old flat format where the interface and driver are not displayed. To display that info use the -P argument with the arguent "1":
./iscsiadm -m node -P 1
- Show all records in discovery database:
./iscsiadm -m discovery
- Show all records in discovery database and show the targets that were discovered from each record:
./iscsiadm -m discovery -P 1
- Display discovery record setting:
./iscsiadm -m discovery -p 192.168.0.4:3260
- Display session statistics:
./iscsiadm -m session -r 1 --stats
This function also works in node mode. instead of the "-r $sid" argument, you would pass in the node info like targetname and/or portal, and/or interface.
- Perform a SCSI scan on a session
./iscsiadm -m session -r 1 --rescan
This function also works in node mode. instead of the "-r $sid" argument, you would pass in the node info like targetname and/or portal, and/or interface.
Note: Rescanning does not delete old LUNs. It will only pick up new ones.
- Display running sessions:
./iscsiadm -m session -P 1
open-iscsi中的安全认证:
使用CHAP认证。需要设置用户名,密码,可能还有一段chap字符串。
在roadmap中,日后可能会支持radius认证。
需要注意的是有两重的认证:
在发现target的过程中,(也就是检索目标服务器的信息的时候)可能要认证。这个是全局的。
另外在连接target的过程中也可能要认证。这个认证是针对单独某个target的。
open-iscsi使用流程:
- 设置iscsi target 服务器参数 (*可选,如果设置了CHAP认证就需要设置)
- 发现target 获得他的名称。
- 设置target 服务器的参数 (*可选,如果设置了CHAP认证就需要设置)
- 连接target
- 使用target 如果连接成功,本地会多了一个scsi盘,然后就是三板斧:fdisk分区,mkfs格式化,mount挂载。
