CentOS 7配置双向认证+Multipath+iscsi实现多路径配置

原创已于 2023-04-12 10:17:26 修改 · 1.6k 阅读

6 ·

本内容遵循CC 4.0 BY-SA版权协议

标签

#centos #linux #服务器 #运维 #网络

于 2023-04-12 10:17:02 首次发布

Linux 专栏收录该内容

42 篇文章

订阅专栏

$实验环境：准备两台节点，每台节点准备两张网卡$ $实现功能：故障的切换和恢复、 I O 流量的负载均衡、磁盘的虚拟化$

一、服务端配置

1、在节点一添加四块磁盘做RAID

[root@localhost ~]# lsblk

sdb               8:16   0    5G  0 disk

sdc               8:32   0    5G  0 disk

sdd               8:48   0    5G  0 disk

sde               8:64   0    5G  0 disk

2、四块磁盘进行分区

[root@localhost ~]# fdisk /dev/sdb

欢迎使用 fdisk (util-linux 2.23.2)。

更改将停留在内存中，直到您决定将更改写入磁盘。

使用写入命令前请三思。

Device does not contain a recognized partition table

使用磁盘标识符 0x5764c950 创建新的 DOS 磁盘标签。

命令(输入 m 获取帮助)：n

Partition type:

   p   primary (0 primary, 0 extended, 4 free)

   e   extended

Select (default p):    

Using default response p

分区号 (1-4，默认 1)：

起始 扇区 (2048-10485759，默认为 2048)：

将使用默认值 2048

Last 扇区, +扇区 or +size{K,M,G} (2048-10485759，默认为 10485759)：

将使用默认值 10485759

分区 1 已设置为 Linux 类型，大小设为 5 GiB

命令(输入 m 获取帮助)：w

The partition table has been altered!

Calling ioctl() to re-read partition table.

正在同步磁盘。
[root@localhost ~]# fdisk /dev/sdc
...

[root@localhost ~]# fdisk /dev/sdd 
...

[root@localhost ~]# fdisk /dev/sde
...

3、安装mdadm工具制作raid

[root@localhost ~]# yum install mdadm -y

4、使用mdadm工具制作raid10

[root@localhost ~]# mdadm -Cv /dev/md10 -n 4 -l 10 /dev/sd{d,c,b,e}1

mdadm: layout defaults to n2

mdadm: layout defaults to n2

mdadm: chunk size defaults to 512K

mdadm: size set to 5237760K

mdadm: Defaulting to version 1.2 metadata

mdadm: array /dev/md10 started.

-n :指定阵列中可用数目

-l :设置raid磁盘的等级

5、使用创建的raid10创建vg卷组

[root@localhost ~]# vgcreate vg1 /dev/md10

  Physical volume "/dev/md10" successfully created.

  Volume group "vg1" successfully created

6、创建lv卷

[root@localhost ~]# lvcreate -n lv1 -L 5G vg1

  Logical volume "lv1" created.

7、格式化lv卷

[root@localhost ~]# mkfs.xfs /dev/vg1/lv1

meta-data=/dev/vg1/lv1           isize=512    agcount=8, agsize=163712 blks

         =                       sectsz=512   attr=2, projid32bit=1

         =                       crc=1        finobt=0, sparse=0

data     =                       bsize=4096   blocks=1309696, imaxpct=25

         =                       sunit=128    swidth=256 blks

naming   =version 2              bsize=4096   ascii-ci=0 ftype=1

log      =internal log           bsize=4096   blocks=2560, version=2

         =                       sectsz=512   sunit=8 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

8、配置iSCSI服务在节点一安装targetcli

[root@localhost ~]# yum install targetcli -y

9、进入iSCSI服务端配置

[root@localhost ~]# targetcli

Warning: Could not load preferences file /root/.targetcli/prefs.bin.

targetcli shell version 2.1.fb46

Copyright 2011-2013 by Datera, Inc and others.

For help on commands, type 'help'.

/>

10、创建一个md10设备

/> cd /backstores/block

/backstores/block> create md10 /dev/vg1/lv1

Created block storage object md10 using /dev/vg1/lv1.

11、创建目标端的wwn

/backstores/block> cd /iscsi

/iscsi> create iqn.2021-09.com.skills:server

Created target iqn.2021-09.com.skills:server.

Created TPG 1.

Global pref auto_add_default_portal=true

Created default portal listening on all IPs (0.0.0.0), port 3260.

12、创建服务端的wwn

/iscsi> cd iqn.2021-09.com.skills:server/tpg1/acls

/iscsi/iqn.20...ver/tpg1/acls> create iqn.2021-09.com.skills:clien

Created Node ACL for iqn.2021-09.com.skills:clien

13、设置可以访问的设备

/iscsi/iqn.20...ver/tpg1/acls> cd ../luns                

/iscsi/iqn.20...ver/tpg1/luns> create /backstores/block/md10

Created LUN 0.

Created LUN 0->0 mapping in node ACL iqn.2021-09.com.skills:client

14、设置discover双向认证

/> cd iscsi/         

/iscsi> set discovery_auth enable=1 userid=IncomingUser password=IncomingPass mutual_userid=OutgoingUser mutual_password=OutgoingPass

Parameter userid is now 'IncomingUser'.

Parameter password is now 'IncomingPass'.

Parameter mutual_password is now 'OutgoingPass'.

Parameter mutual_userid is now 'OutgoingUser'.

Parameter enable is now 'True'.

15、设置session双向认证

/iscsi> cd iqn.2021-09.com.skills:server/tpg1/acls/iqn.2021-09.com.skills:clien/

/iscsi/iqn.20....skills:clien> set auth userid=IncomingUser password=IncomingPass mutual_userid=OutgoingUser mutual_password=OutgoingPass

Parameter userid is now 'IncomingUser'.

Parameter password is now 'IncomingPass'.

Parameter mutual_password is now 'OutgoingPass'.

Parameter mutual_userid is now 'OutgoingUser'.

16、防火墙开启iSCSI服务

[root@localhost ~]# firewall-cmd --permanent --add-service=iscsi-target

success

[root@localhost ~]# firewall-cmd --reload

success

二、客户端配置

1、节点二安装服务

[root@localhost ~]# yum install -y iscsi-initiator-utils device-mapper-multipath

2、修改配置文件为iSCSI发起端的名称

[root@localhost ~]# vim /etc/iscsi/initiatorname.iscsi

InitiatorName=iqn.2021-09.com.skills:client

3、编辑配置文件，设置双向认证用户&密码

[root@localhost ~]# vim /etc/iscsi/iscsid.conf

 57 node.session.auth.authmethod = CHAP

 58

 59 # To set a CHAP username and password for initiator

 60 # authentication by the target(s), uncomment the following lines:

 61 node.session.auth.username = IncomingUser

 62 node.session.auth.password = IncomingPass

 63

 64 # To set a CHAP username and password for target(s)

 65 # authentication by the initiator, uncomment the following lines:

 66 node.session.auth.username_in = OutgoingUser

 67 node.session.auth.password_in = OutgoingPass

 68

 69 # To enable CHAP authentication for a discovery session to the target

 70 # set discovery.sendtargets.auth.authmethod to CHAP. The default is None.

 71 discovery.sendtargets.auth.authmethod = CHAP

 72

 73 # To set a discovery session CHAP username and password for the initiator

 74 # authentication by the target(s), uncomment the following lines:

 75 discovery.sendtargets.auth.username = IncomingUser

 76 discovery.sendtargets.auth.password = IncomingPass

 77

 78 # To set a discovery session CHAP username and password for target(s)

 79 # authentication by the initiator, uncomment the following lines:

 80 discovery.sendtargets.auth.username_in = OutgoingUser

 81 discovery.sendtargets.auth.password_in = OutgoingPass

4、使用iscsiadm命令发现共享的iSCSI磁盘

（一定要发现两张网卡的iSCSI共享，后面才能做多路径、负载均衡）

[root@localhost ~]# iscsiadm -m discovery -t sendtargets -p 192.168.199.142

192.168.199.142:3260,1 iqn.2021-09.com.skills:server

[root@localhost ~]# iscsiadm -m discovery -t sendtargets -p 192.168.137.133

192.168.137.133:3260,1 iqn.2021-09.com.skills:server

5、连接发现的iSCSI磁盘

[root@localhost ~]# iscsiadm -m node --login

Logging in to [iface: default, target: iqn.2021-09.com.skills:server, portal: 192.168.199.142,3260] (multiple)

Logging in to [iface: default, target: iqn.2021-09.com.skills:server, portal: 192.168.137.133,3260] (multiple)

Login to [iface: default, target: iqn.2021-09.com.skills:server, portal: 192.168.199.142,3260] successful.

Login to [iface: default, target: iqn.2021-09.com.skills:server, portal: 192.168.137.133,3260] successful.

6、将multipath配置文件复制到etc目录下

[root@localhost ~]# cp /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf /etc/multipath.conf

7、重启服务，查看系统默认的wwid

[root@localhost ~]# systemctl restart multipathd

[root@localhost ~]# multipath -ll

mpatha (36001405d44b64182ec54d74ab0d9afc3) dm-2 LIO-ORG ,md10            

size=5.0G features='0' hwhandler='0' wp=rw

|-+- policy='service-time 0' prio=1 status=active

| `- 13:0:0:0 sdb 8:16 active ready running

`-+- policy='service-time 0' prio=1 status=enabled

  `- 14:0:0:0 sdc 8:32 active ready running

8、修改multipath配置文件

   60 multipaths {

 61         multipath {

 62                 wwid                  36001405d44b64182ec54d74ab0d9afc3   修改为查看到的wwid

 63                 alias                   mp      设置多路径名称

 64 #               path_grouping_policy    multibus

 65                 path_selector           "round-robin 0"   设置网络负载均衡

9、重启服务并查看多路径名称是否修改完成

[root@localhost ~]# systemctl restart multipathd

[root@localhost ~]# lsblk

NAME            MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT

sda               8:0    0   20G  0 disk  

├─sda1            8:1    0    1G  0 part  /boot

└─sda2            8:2    0   19G  0 part  

  ├─centos-root 253:0    0   17G  0 lvm   /

  └─centos-swap 253:1    0    2G  0 lvm   [SWAP]

sdb               8:16   0    5G  0 disk  

└─mp            253:2    0    5G  0 mpath

sdc               8:32   0    5G  0 disk  

└─mp            253:2    0    5G  0 mpath

sr0              11:0    1  4.2G  0 rom   /mnt