Diferencia entre revisiones de «ISCSI»
De jagfloriano.com
Ir a la navegaciónIr a la búsqueda
| Línea 57: | Línea 57: | ||
=== Instalación de paquetes requeridos === | === Instalación de paquetes requeridos === | ||
En el servidor SAN: | En el servidor SAN (target): | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@icecube ~]# subscription-manager register | |||
Registering to: subscription.rhsm.redhat.com:443/subscription | |||
Username: $USER | |||
Password: | |||
The system has been registered with ID: dddb6e1e-049a-4ea2-8943-403ec63bb06f | |||
The registered system name is: icecube | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=== | Activar los repositorios EPEL: | ||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms | |||
Repository 'codeready-builder-for-rhel-9-x86_64-rpms' is enabled for this system. | |||
[root@icecube ~]# dnf install \ | |||
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm | |||
Updating Subscription Management repositories. | |||
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 24 MB/s | 15 MB 00:00 | |||
epel-release-latest-9.noarch.rpm 41 kB/s | 19 kB 00:00 | |||
Dependencies resolved. | |||
=============================================================================================================================== | |||
Package Architecture Version Repository Size | |||
=============================================================================================================================== | |||
Installing: | |||
epel-release noarch 9-10.el9 @commandline 19 k | |||
Transaction Summary | |||
=============================================================================================================================== | |||
Install 1 Package | |||
Total size: 19 k | |||
Installed size: 26 k | |||
Is this ok [y/N]: y | |||
Downloading Packages: | |||
Running transaction check | |||
Transaction check succeeded. | |||
Running transaction test | |||
Transaction test succeeded. | |||
Running transaction | |||
Preparing : 1/1 | |||
Installing : epel-release-9-10.el9.noarch 1/1 | |||
Running scriptlet: epel-release-9-10.el9.noarch 1/1 | |||
Many EPEL packages require the CodeReady Builder (CRB) repository. | |||
It is recommended that you run /usr/bin/crb enable to enable the CRB repository. | |||
Verifying : epel-release-9-10.el9.noarch 1/1 | |||
Installed products updated. | |||
Installed: | |||
epel-release-9-10.el9.noarch | |||
Complete! | |||
</syntaxhighlight> | |||
Instalar paquetes requeridos: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
[root@icecube ~]# dnf --enablerepo=epel* install targetcli | |||
Updating Subscription Management repositories. | |||
Last metadata expiration check: 0:02:26 ago on Fri 02 Jan 2026 09:50:24 PM CET. | |||
Dependencies resolved. | |||
====================================================================================================================================================== | |||
Package Architecture Version Repository Size | |||
====================================================================================================================================================== | |||
Installing: | |||
targetcli noarch 2.1.57-2.el9 rhel-9-for-x86_64-appstream-rpms 79 k | |||
Installing dependencies: | |||
python3-configshell noarch 1:1.1.30-1.el9 rhel-9-for-x86_64-baseos-rpms 76 k | |||
python3-kmod x86_64 0.9-32.el9 rhel-9-for-x86_64-baseos-rpms 88 k | |||
python3-pyparsing noarch 2.4.7-9.el9 rhel-9-for-x86_64-baseos-rpms 154 k | |||
python3-rtslib noarch 2.1.76-1.el9 rhel-9-for-x86_64-appstream-rpms 104 k | |||
python3-urwid x86_64 2.1.2-4.el9 rhel-9-for-x86_64-baseos-rpms 842 k | |||
target-restore noarch 2.1.76-1.el9 rhel-9-for-x86_64-appstream-rpms 16 k | |||
Transaction Summary | |||
====================================================================================================================================================== | |||
Install 7 Packages | |||
Total download size: 1.3 M | |||
Installed size: 5.0 M | |||
Is this ok [y/N]: y | |||
Downloading Packages: | |||
(1/7): python3-pyparsing-2.4.7-9.el9.noarch.rpm 1.0 MB/s | 154 kB 00:00 | |||
(2/7): python3-kmod-0.9-32.el9.x86_64.rpm 347 kB/s | 88 kB 00:00 | |||
(3/7): python3-configshell-1.1.30-1.el9.noarch.rpm 683 kB/s | 76 kB 00:00 | |||
(4/7): target-restore-2.1.76-1.el9.noarch.rpm 145 kB/s | 16 kB 00:00 | |||
(5/7): python3-rtslib-2.1.76-1.el9.noarch.rpm 900 kB/s | 104 kB 00:00 | |||
(6/7): targetcli-2.1.57-2.el9.noarch.rpm 677 kB/s | 79 kB 00:00 | |||
(7/7): python3-urwid-2.1.2-4.el9.x86_64.rpm 318 kB/s | 842 kB 00:02 | |||
--------------------------------------------------------------------------------------- | |||
Total 513 kB/s | 1.3 MB 00:02 | |||
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 2.7 MB/s | 3.6 kB 00:00 | |||
Importing GPG key 0xFD431D51: | |||
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>" | |||
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51 | |||
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |||
Is this ok [y/N]: y | |||
Key imported successfully | |||
Importing GPG key 0x5A6340B3: | |||
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>" | |||
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3 | |||
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |||
Is this ok [y/N]: y | |||
Key imported successfully | |||
Running transaction check | |||
Transaction check succeeded. | |||
Running transaction test | |||
Transaction test succeeded. | |||
Running transaction | |||
Preparing : 1/1 | |||
Installing : python3-urwid-2.1.2-4.el9.x86_64 1/7 | |||
Installing : python3-pyparsing-2.4.7-9.el9.noarch 2/7 | |||
Installing : python3-configshell-1:1.1.30-1.el9.noarch 3/7 | |||
Installing : python3-kmod-0.9-32.el9.x86_64 4/7 | |||
Installing : python3-rtslib-2.1.76-1.el9.noarch 5/7 | |||
Installing : target-restore-2.1.76-1.el9.noarch 6/7 | |||
Running scriptlet: target-restore-2.1.76-1.el9.noarch 6/7 | |||
Installing : targetcli-2.1.57-2.el9.noarch 7/7 | |||
Running scriptlet: targetcli-2.1.57-2.el9.noarch 7/7 | |||
Verifying : python3-kmod-0.9-32.el9.x86_64 1/7 | |||
Verifying : python3-pyparsing-2.4.7-9.el9.noarch 2/7 | |||
Verifying : python3-urwid-2.1.2-4.el9.x86_64 3/7 | |||
Verifying : python3-configshell-1:1.1.30-1.el9.noarch 4/7 | |||
Verifying : target-restore-2.1.76-1.el9.noarch 5/7 | |||
Verifying : python3-rtslib-2.1.76-1.el9.noarch 6/7 | |||
Verifying : targetcli-2.1.57-2.el9.noarch 7/7 | |||
Installed products updated. | |||
Installed: | |||
python3-configshell-1:1.1.30-1.el9.noarch python3-kmod-0.9-32.el9.x86_64 python3-pyparsing-2.4.7-9.el9.noarch python3-rtslib-2.1.76-1.el9.noarch python3-urwid-2.1.2-4.el9.x86_64 target-restore-2.1.76-1.el9.noarch targetcli-2.1.57-2.el9.noarch | |||
Complete! | |||
</syntaxhighlight> | |||
==== Configuración del iSCSI Target (targetcli) ==== | |||
===== Configuraciones previas: ===== | |||
Habilitar el servicio target: | |||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# systemctl enable --now target | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# systemctl status target | |||
● target.service - Restore LIO kernel target configuration | |||
Loaded: loaded (/usr/lib/systemd/system/target.service; enabled; preset: disabled) | |||
Active: active (exited) since Fri 2026-01-02 23:10:39 CET; 2min 44s ago | |||
Main PID: 5382 (code=exited, status=0/SUCCESS) | |||
CPU: 49ms | |||
Jan 02 23:10:39 icecube systemd[1]: Starting Restore LIO kernel target configuration... | |||
Jan 02 23:10:39 icecube systemd[1]: Finished Restore LIO kernel target configuration. | |||
[root@icecube ~]# | |||
</syntaxhighlight> | |||
Verificar que existe un LV para usarlo para crear la LUN: | |||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# lsblk /dev/vg_iscsi/lv_storage | |||
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS | |||
vg_iscsi-lv_storage 253:2 0 40G 0 lvm | |||
[root@icecube ~]# f | |||
</syntaxhighlight> | |||
===== Configurar el Target ===== | |||
Verificar que no existe configuración actualmente en targetcli: | |||
<syntaxhighlight lang="ini"> | |||
[root@icecube ~]# targetcli ls | |||
o- / ......................................................................................................................... [...] | |||
o- backstores .............................................................................................................. [...] | |||
| o- block .................................................................................................. [Storage Objects: 0] | |||
| o- fileio ................................................................................................. [Storage Objects: 0] | |||
| o- pscsi .................................................................................................. [Storage Objects: 0] | |||
| o- ramdisk ................................................................................................ [Storage Objects: 0] | |||
o- iscsi ............................................................................................................ [Targets: 0] | |||
o- loopback ......................................................................................................... [Targets: 0] | |||
[root@icecube ~]# | |||
</syntaxhighlight> | |||
Acceder a la consola de configuración y crear una LUN: | |||
<syntaxhighlight lang="ini"> | |||
[root@icecube ~]# targetcli | [root@icecube ~]# targetcli | ||
targetcli shell version 2.1.57 | |||
targetcli shell version 2.1. | |||
Copyright 2011-2013 by Datera, Inc and others. | Copyright 2011-2013 by Datera, Inc and others. | ||
For help on commands, type 'help'. | For help on commands, type 'help'. | ||
/> /backstores/block create lun01 /dev/vg_iscsi/lv_storage | |||
Created block storage object lun01 using /dev/vg_iscsi/lv_storage. | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Crear el target y el backstore iSCSI: | |||
<syntaxhighlight lang="ini"> | |||
<syntaxhighlight lang=" | /> /iscsi create iqn.2026-01.icecube:storage.target01 | ||
/> | Created target iqn.2026-01.icecube:storage.target01. | ||
/iscsi | |||
Created target iqn. | |||
Created TPG 1. | Created TPG 1. | ||
Global pref auto_add_default_portal=true | Global pref auto_add_default_portal=true | ||
| Línea 90: | Línea 259: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang="ini"> | |||
<syntaxhighlight lang=" | /> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/luns create /backstores/block/lun01 | ||
/iscsi | |||
Created LUN 0. | Created LUN 0. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Línea 99: | Línea 266: | ||
Configurar ACLs y autenticación CHAP: | Configurar ACLs y autenticación CHAP: | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="ini"> | ||
/ | /> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls create iqn.2026-01.icecube:node01.initiator01 | ||
Created Node ACL for iqn.2026-01.icecube:node01.initiator01 | |||
/iscsi/iqn. | |||
Created Node ACL for iqn. | |||
Created mapped LUN 0. | Created mapped LUN 0. | ||
</syntaxhighlight> | |||
/iscsi/iqn. | <syntaxhighlight lang="ini"> | ||
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1 set attribute authentication=1 | |||
Parameter authentication is now '1'. | |||
</syntaxhighlight> | |||
/iscsi/iqn. | <syntaxhighlight lang="ini"> | ||
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth userid=bonzo | |||
Parameter userid is now 'bonzo'. | Parameter userid is now 'bonzo'. | ||
/iscsi/iqn. | </syntaxhighlight> | ||
<syntaxhighlight lang="ini"> | |||
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth password=PASSWORD2020 | |||
Parameter password is now 'PASSWORD2020'. | Parameter password is now 'PASSWORD2020'. | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Salir y guardar la configuración: | Salir y guardar la configuración: | ||
<syntaxhighlight lang=" | <syntaxhighlight lang="ini"> | ||
/ | /> exit | ||
Global pref auto_save_on_exit=true | Global pref auto_save_on_exit=true | ||
Last 10 configs saved in /etc/target/backup/. | |||
Configuration saved to /etc/target/saveconfig.json | Configuration saved to /etc/target/saveconfig.json | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Comprobación del servicio iSCSI === | Verificación del fichero de configuracion: | ||
<syntaxhighlight lang="ini"> | |||
[root@icecube ~]# cat /etc/target/saveconfig.json | |||
{ | |||
"fabric_modules": [], | |||
"storage_objects": [ | |||
{ | |||
"alua_tpgs": [ | |||
{ | |||
"alua_access_state": 0, | |||
"alua_access_status": 0, | |||
"alua_access_type": 3, | |||
"alua_support_active_nonoptimized": 1, | |||
"alua_support_active_optimized": 1, | |||
"alua_support_offline": 1, | |||
"alua_support_standby": 1, | |||
"alua_support_transitioning": 1, | |||
"alua_support_unavailable": 1, | |||
"alua_write_metadata": 0, | |||
"implicit_trans_secs": 0, | |||
"name": "default_tg_pt_gp", | |||
"nonop_delay_msecs": 100, | |||
"preferred": 0, | |||
"tg_pt_gp_id": 0, | |||
"trans_delay_msecs": 0 | |||
} | |||
], | |||
"attributes": { | |||
"alua_support": 1, | |||
"block_size": 512, | |||
"emulate_3pc": 1, | |||
"emulate_caw": 1, | |||
"emulate_dpo": 1, | |||
"emulate_fua_read": 1, | |||
"emulate_fua_write": 1, | |||
"emulate_model_alias": 1, | |||
"emulate_pr": 1, | |||
"emulate_rest_reord": 0, | |||
"emulate_rsoc": 1, | |||
"emulate_tas": 1, | |||
"emulate_tpu": 0, | |||
"emulate_tpws": 0, | |||
"emulate_ua_intlck_ctrl": 0, | |||
"emulate_write_cache": 0, | |||
"enforce_pr_isids": 1, | |||
"force_pr_aptpl": 0, | |||
"is_nonrot": 0, | |||
"max_unmap_block_desc_count": 0, | |||
"max_unmap_lba_count": 0, | |||
"max_write_same_len": 65535, | |||
"optimal_sectors": 65528, | |||
"pgr_support": 1, | |||
"pi_prot_format": 0, | |||
"pi_prot_type": 0, | |||
"pi_prot_verify": 0, | |||
"queue_depth": 128, | |||
"submit_type": 0, | |||
"unmap_granularity": 0, | |||
"unmap_granularity_alignment": 0, | |||
"unmap_zeroes_data": 0 | |||
}, | |||
"dev": "/dev/vg_iscsi/lv_storage", | |||
"name": "lun01", | |||
"plugin": "block", | |||
"readonly": false, | |||
"write_back": false, | |||
"wwn": "b1e53820-2d0e-4605-a66e-96ed4d4738a9" | |||
} | |||
], | |||
"targets": [ | |||
{ | |||
"fabric": "iscsi", | |||
"parameters": { | |||
"cmd_completion_affinity": "-1" | |||
}, | |||
"tpgs": [ | |||
{ | |||
"attributes": { | |||
"authentication": 1, | |||
"cache_dynamic_acls": 0, | |||
"default_cmdsn_depth": 64, | |||
"default_erl": 0, | |||
"demo_mode_discovery": 1, | |||
"demo_mode_write_protect": 1, | |||
"fabric_prot_type": 0, | |||
"generate_node_acls": 0, | |||
"login_keys_workaround": 1, | |||
"login_timeout": 15, | |||
"prod_mode_write_protect": 0, | |||
"t10_pi": 0, | |||
"tpg_enabled_sendtargets": 1 | |||
}, | |||
"enable": true, | |||
"luns": [ | |||
{ | |||
"alias": "4937399dfd", | |||
"alua_tg_pt_gp_name": "default_tg_pt_gp", | |||
"index": 0, | |||
"storage_object": "/backstores/block/lun01" | |||
} | |||
], | |||
"node_acls": [ | |||
{ | |||
"attributes": { | |||
"authentication": -1, | |||
"dataout_timeout": 3, | |||
"dataout_timeout_retries": 5, | |||
"default_erl": 0, | |||
"nopin_response_timeout": 30, | |||
"nopin_timeout": 15, | |||
"random_datain_pdu_offsets": 0, | |||
"random_datain_seq_offsets": 0, | |||
"random_r2t_offsets": 0 | |||
}, | |||
"chap_password": "PASSWORD2020", | |||
"chap_userid": "bonzo", | |||
"mapped_luns": [ | |||
{ | |||
"alias": "612d32f2e4", | |||
"index": 0, | |||
"tpg_lun": 0, | |||
"write_protect": false | |||
} | |||
], | |||
"node_wwn": "iqn.2026-01.icecube:node01.initiator01" | |||
} | |||
], | |||
"parameters": { | |||
"AuthMethod": "CHAP", | |||
"DataDigest": "CRC32C,None", | |||
"DataPDUInOrder": "Yes", | |||
"DataSequenceInOrder": "Yes", | |||
"DefaultTime2Retain": "20", | |||
"DefaultTime2Wait": "2", | |||
"ErrorRecoveryLevel": "0", | |||
"FirstBurstLength": "65536", | |||
"HeaderDigest": "CRC32C,None", | |||
"IFMarkInt": "Reject", | |||
"IFMarker": "No", | |||
"ImmediateData": "Yes", | |||
"InitialR2T": "Yes", | |||
"MaxBurstLength": "262144", | |||
"MaxConnections": "1", | |||
"MaxOutstandingR2T": "1", | |||
"MaxRecvDataSegmentLength": "8192", | |||
"MaxXmitDataSegmentLength": "262144", | |||
"OFMarkInt": "Reject", | |||
"OFMarker": "No", | |||
"TargetAlias": "LIO Target" | |||
}, | |||
"portals": [ | |||
{ | |||
"ip_address": "0.0.0.0", | |||
"iser": false, | |||
"offload": false, | |||
"port": 3260 | |||
} | |||
], | |||
"tag": 1 | |||
} | |||
], | |||
"wwn": "iqn.2026-01.icecube:storage.target01" | |||
} | |||
] | |||
} | |||
</syntaxhighlight> | |||
===== Comprobación del servicio iSCSI ===== | |||
Ver estado de configuracion de targetcli: | |||
<syntaxhighlight lang="ini"> | |||
[root@icecube ~]# targetcli ls | |||
o- / ......................................................................................................................... [...] | |||
o- backstores .............................................................................................................. [...] | |||
| o- block .................................................................................................. [Storage Objects: 1] | |||
| | o- lun01 ........................................................... [/dev/vg_iscsi/lv_storage (40.0GiB) write-thru activated] | |||
| | o- alua ................................................................................................... [ALUA Groups: 1] | |||
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized] | |||
| o- fileio ................................................................................................. [Storage Objects: 0] | |||
| o- pscsi .................................................................................................. [Storage Objects: 0] | |||
| o- ramdisk ................................................................................................ [Storage Objects: 0] | |||
o- iscsi ............................................................................................................ [Targets: 1] | |||
| o- iqn.2026-01.icecube:storage.target01 .............................................................................. [TPGs: 1] | |||
| o- tpg1 .......................................................................................... [no-gen-acls, auth per-acl] | |||
| o- acls .......................................................................................................... [ACLs: 1] | |||
| | o- iqn.2026-01.icecube:node01.initiator01 ................................................... [1-way auth, Mapped LUNs: 1] | |||
| | o- mapped_lun0 ................................................................................. [lun0 block/lun01 (rw)] | |||
| o- luns .......................................................................................................... [LUNs: 1] | |||
| | o- lun0 ...................................................... [block/lun01 (/dev/vg_iscsi/lv_storage) (default_tg_pt_gp)] | |||
| o- portals .................................................................................................... [Portals: 1] | |||
| o- 0.0.0.0:3260 ..................................................................................................... [OK] | |||
o- loopback ......................................................................................................... [Targets: 0] | |||
</syntaxhighlight> | |||
Verificar que el puerto iSCSI está en escucha: | Verificar que el puerto iSCSI está en escucha: | ||
| Línea 135: | Línea 504: | ||
[root@icecube ~]# firewall-cmd --add-service=iscsi-target --permanent | [root@icecube ~]# firewall-cmd --add-service=iscsi-target --permanent | ||
success | success | ||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# firewall-cmd --reload | [root@icecube ~]# firewall-cmd --reload | ||
success | success | ||
</syntaxhighlight> | |||
===== Configuración SELinux del Target ===== | |||
Ajustar contextos SELinux: | |||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# chcon -R -t tgtd_var_lib_t /var/lib/iscsi_disks | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
[root@icecube ~]# semanage fcontext -a -t tgtd_var_lib_t /var/lib/iscsi_disks | |||
</syntaxhighlight> | |||
=== Configuración del iSCSI Initiator en los nodos === | |||
Los siguientes pasos deben ejecutarse en '''todos los nodos del clúster'''. | |||
==== Instalación de paquetes ==== | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# dnf -y install iscsi-initiator-utils | |||
Updating Subscription Management repositories. | |||
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) 43 MB/s | 79 MB 00:01 | |||
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 19 MB/s | 15 MB 00:00 | |||
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 45 MB/s | 95 MB 00:02 | |||
Package iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 is already installed. | |||
Dependencies resolved. | |||
========================================================================================================================================================================= | |||
Package Architecture Version Repository Size | |||
========================================================================================================================================================================= | |||
Upgrading: | |||
iscsi-initiator-utils x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 392 k | |||
iscsi-initiator-utils-iscsiuio x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 81 k | |||
Transaction Summary | |||
========================================================================================================================================================================= | |||
Upgrade 2 Packages | |||
Total download size: 473 k | |||
Downloading Packages: | |||
(1/2): iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 1.6 MB/s | 392 kB 00:00 | |||
(2/2): iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 330 kB/s | 81 kB 00:00 | |||
------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | |||
Total 1.9 MB/s | 473 kB 00:00 | |||
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 3.1 MB/s | 3.6 kB 00:00 | |||
Importing GPG key 0xFD431D51: | |||
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>" | |||
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51 | |||
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |||
Key imported successfully | |||
Importing GPG key 0x5A6340B3: | |||
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>" | |||
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3 | |||
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release | |||
Key imported successfully | |||
Running transaction check | |||
Transaction check succeeded. | |||
Running transaction test | |||
Transaction test succeeded. | |||
Running transaction | |||
Preparing : 1/1 | |||
Upgrading : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4 | |||
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4 | |||
Upgrading : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4 | |||
Running scriptlet: iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4 | |||
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4 | |||
Cleanup : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4 | |||
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4 | |||
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Cleanup : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Verifying : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 1/4 | |||
Verifying : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 2/4 | |||
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 3/4 | |||
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4 | |||
Installed products updated. | |||
Upgraded: | |||
iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 | |||
Complete! | |||
</syntaxhighlight> | |||
==== Configuración del Initiator==== | |||
Comprobar el IQN del Initiator: | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# cat /etc/iscsi/initiatorname.iscsi | |||
InitiatorName=iqn.2026-01.icecube:node01.initiator01 | |||
</syntaxhighlight> | |||
Editar el archivo de configuración CHAP: | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# vim /etc/iscsi/iscsid.conf | |||
</syntaxhighlight> | |||
Verificar parámetros de autenticación: | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# grep -i node.session.auth /etc/iscsi/iscsid.conf|grep -v ^# | |||
node.session.auth.authmethod = CHAP | |||
node.session.auth.username = bonzo | |||
node.session.auth.password = PASSWORD2020 | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# systemctl enable --now iscsid | |||
Created symlink /etc/systemd/system/multi-user.target.wants/iscsid.service → /usr/lib/systemd/system/iscsid.service. | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# systemctl restart iscsid | |||
</syntaxhighlight> | |||
==== Descubrimiento y conexión al target ==== | |||
Descubrir targets disponibles: | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.1.80 | |||
192.168.1.80:3260,1 iqn.2027-04.icecube:storage.target00 | |||
</syntaxhighlight> | |||
Iniciar sesión: | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# iscsiadm -m node --login | |||
Login to [iface: default, target: iqn.2026-01.icecube:storage.target01, portal: 192.168.1.80,3260] successful. | |||
</syntaxhighlight> | |||
==== Verificación del disco compartido ==== | |||
Comprobar que el nuevo disco aparece en el sistema: | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# iscsiadm -m session -o show | |||
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash) | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
[root@nodo1 ~]# lsblk | |||
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT | |||
sda 8:0 0 10.5G 0 disk | |||
├─sda1 8:1 0 1G 0 part /boot | |||
└─sda2 8:2 0 9.5G 0 part | |||
├─centos-root 253:0 0 8.4G 0 lvm / | |||
└─centos-swap 253:1 0 1G 0 lvm [SWAP] | |||
sdb 8:16 0 8G 0 disk | |||
sr0 11:0 1 1024M 0 rom | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Revisión del 07:11 3 ene 2026
Introducción
El protocolo iSCSI es un protocolo que proporciona acceso a dispositivos de bloques a través de la red utilizando TCP/IP. A diferencia de otros protocolos de compartición de archivos como NFS o Samba, iSCSI no ofrece ficheros ni directorios, sino acceso directo a dispositivos de bloques completos.
Esto significa que, desde el punto de vista del sistema cliente, el recurso iSCSI se comporta como un disco duro local. El dispositivo se presenta en bruto, sin necesidad de tabla de particiones ni sistema de ficheros, ya que estas tareas quedan bajo el control del cliente que accede al dispositivo.
Una de las características más relevantes de iSCSI es que permite que un mismo dispositivo de bloques sea accedido de forma simultánea por varios clientes. Aunque esto puede provocar problemas de concurrencia si no se gestiona adecuadamente (algo que debe resolverse a otro nivel), el protocolo lo soporta de forma nativa. Todo ello lo convierte en una alternativa mucho más económica frente a tecnologías como Fibre Channel, manteniendo compatibilidad con la mayoría de sistemas operativos actuales.
El protocolo iSCSI se utiliza habitualmente en redes de almacenamiento, donde se busca aislar el tráfico de datos y proporcionar un entorno más seguro. Además, iSCSI incorpora sus propios mecanismos de autenticación y control de acceso, como se verá a lo largo de este laboratorio.
Antes de comenzar con la configuración práctica, es importante familiarizarse con la terminología básica asociada a este protocolo.
Terminología básica
- Unidad lógica (LUN)
- Dispositivo de bloques que se comparte desde el servidor iSCSI. Puede tratarse de discos duros,
particiones o volúmenes lógicos.
- Target
- Recurso exportado por el servidor iSCSI que contiene una o varias LUN. Un cliente se conecta a un target
mediante una única sesión y puede acceder a todos los dispositivos asociados a él.
- Initiator
- Cliente iSCSI que establece la conexión con el target para acceder a los dispositivos de bloques compartidos.
- Multipath
- Mecanismo que permite garantizar la disponibilidad del dispositivo remoto cuando existen múltiples rutas
entre el initiator y el target. Si una ruta falla, el acceso se mantiene a través de otra.
- IQN
- Identificador único utilizado para nombrar recursos iSCSI. Sigue el formato
iqn.año-mes.dominio_invertido:nombre.
Ejemplo:iqn.2021-02.com.alvarovf:target1
- iSNS
- Protocolo que permite gestionar y descubrir recursos iSCSI de forma centralizada,
de manera similar a Fibre Channel.
Configuración del almacenamiento SAN
Para simular una cabina de almacenamiento se compartirá un disco mediante iSCSI hacia ambos nodos del clúster Pacemaker.
Instalación de paquetes requeridos
En el servidor SAN (target):
[root@icecube ~]# subscription-manager register
Registering to: subscription.rhsm.redhat.com:443/subscription
Username: $USER
Password:
The system has been registered with ID: dddb6e1e-049a-4ea2-8943-403ec63bb06f
The registered system name is: icecube
Activar los repositorios EPEL:
[root@icecube ~]# subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
Repository 'codeready-builder-for-rhel-9-x86_64-rpms' is enabled for this system.
[root@icecube ~]# dnf install \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
Updating Subscription Management repositories.
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 24 MB/s | 15 MB 00:00
epel-release-latest-9.noarch.rpm 41 kB/s | 19 kB 00:00
Dependencies resolved.
===============================================================================================================================
Package Architecture Version Repository Size
===============================================================================================================================
Installing:
epel-release noarch 9-10.el9 @commandline 19 k
Transaction Summary
===============================================================================================================================
Install 1 Package
Total size: 19 k
Installed size: 26 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : epel-release-9-10.el9.noarch 1/1
Running scriptlet: epel-release-9-10.el9.noarch 1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB repository.
Verifying : epel-release-9-10.el9.noarch 1/1
Installed products updated.
Installed:
epel-release-9-10.el9.noarch
Complete!
Instalar paquetes requeridos:
[root@icecube ~]# dnf --enablerepo=epel* install targetcli
Updating Subscription Management repositories.
Last metadata expiration check: 0:02:26 ago on Fri 02 Jan 2026 09:50:24 PM CET.
Dependencies resolved.
======================================================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================================================
Installing:
targetcli noarch 2.1.57-2.el9 rhel-9-for-x86_64-appstream-rpms 79 k
Installing dependencies:
python3-configshell noarch 1:1.1.30-1.el9 rhel-9-for-x86_64-baseos-rpms 76 k
python3-kmod x86_64 0.9-32.el9 rhel-9-for-x86_64-baseos-rpms 88 k
python3-pyparsing noarch 2.4.7-9.el9 rhel-9-for-x86_64-baseos-rpms 154 k
python3-rtslib noarch 2.1.76-1.el9 rhel-9-for-x86_64-appstream-rpms 104 k
python3-urwid x86_64 2.1.2-4.el9 rhel-9-for-x86_64-baseos-rpms 842 k
target-restore noarch 2.1.76-1.el9 rhel-9-for-x86_64-appstream-rpms 16 k
Transaction Summary
======================================================================================================================================================
Install 7 Packages
Total download size: 1.3 M
Installed size: 5.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): python3-pyparsing-2.4.7-9.el9.noarch.rpm 1.0 MB/s | 154 kB 00:00
(2/7): python3-kmod-0.9-32.el9.x86_64.rpm 347 kB/s | 88 kB 00:00
(3/7): python3-configshell-1.1.30-1.el9.noarch.rpm 683 kB/s | 76 kB 00:00
(4/7): target-restore-2.1.76-1.el9.noarch.rpm 145 kB/s | 16 kB 00:00
(5/7): python3-rtslib-2.1.76-1.el9.noarch.rpm 900 kB/s | 104 kB 00:00
(6/7): targetcli-2.1.57-2.el9.noarch.rpm 677 kB/s | 79 kB 00:00
(7/7): python3-urwid-2.1.2-4.el9.x86_64.rpm 318 kB/s | 842 kB 00:02
---------------------------------------------------------------------------------------
Total 513 kB/s | 1.3 MB 00:02
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 2.7 MB/s | 3.6 kB 00:00
Importing GPG key 0xFD431D51:
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>"
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x5A6340B3:
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>"
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-urwid-2.1.2-4.el9.x86_64 1/7
Installing : python3-pyparsing-2.4.7-9.el9.noarch 2/7
Installing : python3-configshell-1:1.1.30-1.el9.noarch 3/7
Installing : python3-kmod-0.9-32.el9.x86_64 4/7
Installing : python3-rtslib-2.1.76-1.el9.noarch 5/7
Installing : target-restore-2.1.76-1.el9.noarch 6/7
Running scriptlet: target-restore-2.1.76-1.el9.noarch 6/7
Installing : targetcli-2.1.57-2.el9.noarch 7/7
Running scriptlet: targetcli-2.1.57-2.el9.noarch 7/7
Verifying : python3-kmod-0.9-32.el9.x86_64 1/7
Verifying : python3-pyparsing-2.4.7-9.el9.noarch 2/7
Verifying : python3-urwid-2.1.2-4.el9.x86_64 3/7
Verifying : python3-configshell-1:1.1.30-1.el9.noarch 4/7
Verifying : target-restore-2.1.76-1.el9.noarch 5/7
Verifying : python3-rtslib-2.1.76-1.el9.noarch 6/7
Verifying : targetcli-2.1.57-2.el9.noarch 7/7
Installed products updated.
Installed:
python3-configshell-1:1.1.30-1.el9.noarch python3-kmod-0.9-32.el9.x86_64 python3-pyparsing-2.4.7-9.el9.noarch python3-rtslib-2.1.76-1.el9.noarch python3-urwid-2.1.2-4.el9.x86_64 target-restore-2.1.76-1.el9.noarch targetcli-2.1.57-2.el9.noarch
Complete!
Configuración del iSCSI Target (targetcli)
Configuraciones previas:
Habilitar el servicio target:
[root@icecube ~]# systemctl enable --now target
[root@icecube ~]# systemctl status target
● target.service - Restore LIO kernel target configuration
Loaded: loaded (/usr/lib/systemd/system/target.service; enabled; preset: disabled)
Active: active (exited) since Fri 2026-01-02 23:10:39 CET; 2min 44s ago
Main PID: 5382 (code=exited, status=0/SUCCESS)
CPU: 49ms
Jan 02 23:10:39 icecube systemd[1]: Starting Restore LIO kernel target configuration...
Jan 02 23:10:39 icecube systemd[1]: Finished Restore LIO kernel target configuration.
[root@icecube ~]#
Verificar que existe un LV para usarlo para crear la LUN:
[root@icecube ~]# lsblk /dev/vg_iscsi/lv_storage
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
vg_iscsi-lv_storage 253:2 0 40G 0 lvm
[root@icecube ~]# f
Configurar el Target
Verificar que no existe configuración actualmente en targetcli:
[root@icecube ~]# targetcli ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 0]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 0]
o- loopback ......................................................................................................... [Targets: 0]
[root@icecube ~]#
Acceder a la consola de configuración y crear una LUN:
[root@icecube ~]# targetcli
targetcli shell version 2.1.57
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> /backstores/block create lun01 /dev/vg_iscsi/lv_storage
Created block storage object lun01 using /dev/vg_iscsi/lv_storage.
Crear el target y el backstore iSCSI:
/> /iscsi create iqn.2026-01.icecube:storage.target01
Created target iqn.2026-01.icecube:storage.target01.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/luns create /backstores/block/lun01
Created LUN 0.
Configurar ACLs y autenticación CHAP:
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls create iqn.2026-01.icecube:node01.initiator01
Created Node ACL for iqn.2026-01.icecube:node01.initiator01
Created mapped LUN 0.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1 set attribute authentication=1
Parameter authentication is now '1'.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth userid=bonzo
Parameter userid is now 'bonzo'.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth password=PASSWORD2020
Parameter password is now 'PASSWORD2020'.
Salir y guardar la configuración:
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup/.
Configuration saved to /etc/target/saveconfig.json
Verificación del fichero de configuracion:
[root@icecube ~]# cat /etc/target/saveconfig.json
{
"fabric_modules": [],
"storage_objects": [
{
"alua_tpgs": [
{
"alua_access_state": 0,
"alua_access_status": 0,
"alua_access_type": 3,
"alua_support_active_nonoptimized": 1,
"alua_support_active_optimized": 1,
"alua_support_offline": 1,
"alua_support_standby": 1,
"alua_support_transitioning": 1,
"alua_support_unavailable": 1,
"alua_write_metadata": 0,
"implicit_trans_secs": 0,
"name": "default_tg_pt_gp",
"nonop_delay_msecs": 100,
"preferred": 0,
"tg_pt_gp_id": 0,
"trans_delay_msecs": 0
}
],
"attributes": {
"alua_support": 1,
"block_size": 512,
"emulate_3pc": 1,
"emulate_caw": 1,
"emulate_dpo": 1,
"emulate_fua_read": 1,
"emulate_fua_write": 1,
"emulate_model_alias": 1,
"emulate_pr": 1,
"emulate_rest_reord": 0,
"emulate_rsoc": 1,
"emulate_tas": 1,
"emulate_tpu": 0,
"emulate_tpws": 0,
"emulate_ua_intlck_ctrl": 0,
"emulate_write_cache": 0,
"enforce_pr_isids": 1,
"force_pr_aptpl": 0,
"is_nonrot": 0,
"max_unmap_block_desc_count": 0,
"max_unmap_lba_count": 0,
"max_write_same_len": 65535,
"optimal_sectors": 65528,
"pgr_support": 1,
"pi_prot_format": 0,
"pi_prot_type": 0,
"pi_prot_verify": 0,
"queue_depth": 128,
"submit_type": 0,
"unmap_granularity": 0,
"unmap_granularity_alignment": 0,
"unmap_zeroes_data": 0
},
"dev": "/dev/vg_iscsi/lv_storage",
"name": "lun01",
"plugin": "block",
"readonly": false,
"write_back": false,
"wwn": "b1e53820-2d0e-4605-a66e-96ed4d4738a9"
}
],
"targets": [
{
"fabric": "iscsi",
"parameters": {
"cmd_completion_affinity": "-1"
},
"tpgs": [
{
"attributes": {
"authentication": 1,
"cache_dynamic_acls": 0,
"default_cmdsn_depth": 64,
"default_erl": 0,
"demo_mode_discovery": 1,
"demo_mode_write_protect": 1,
"fabric_prot_type": 0,
"generate_node_acls": 0,
"login_keys_workaround": 1,
"login_timeout": 15,
"prod_mode_write_protect": 0,
"t10_pi": 0,
"tpg_enabled_sendtargets": 1
},
"enable": true,
"luns": [
{
"alias": "4937399dfd",
"alua_tg_pt_gp_name": "default_tg_pt_gp",
"index": 0,
"storage_object": "/backstores/block/lun01"
}
],
"node_acls": [
{
"attributes": {
"authentication": -1,
"dataout_timeout": 3,
"dataout_timeout_retries": 5,
"default_erl": 0,
"nopin_response_timeout": 30,
"nopin_timeout": 15,
"random_datain_pdu_offsets": 0,
"random_datain_seq_offsets": 0,
"random_r2t_offsets": 0
},
"chap_password": "PASSWORD2020",
"chap_userid": "bonzo",
"mapped_luns": [
{
"alias": "612d32f2e4",
"index": 0,
"tpg_lun": 0,
"write_protect": false
}
],
"node_wwn": "iqn.2026-01.icecube:node01.initiator01"
}
],
"parameters": {
"AuthMethod": "CHAP",
"DataDigest": "CRC32C,None",
"DataPDUInOrder": "Yes",
"DataSequenceInOrder": "Yes",
"DefaultTime2Retain": "20",
"DefaultTime2Wait": "2",
"ErrorRecoveryLevel": "0",
"FirstBurstLength": "65536",
"HeaderDigest": "CRC32C,None",
"IFMarkInt": "Reject",
"IFMarker": "No",
"ImmediateData": "Yes",
"InitialR2T": "Yes",
"MaxBurstLength": "262144",
"MaxConnections": "1",
"MaxOutstandingR2T": "1",
"MaxRecvDataSegmentLength": "8192",
"MaxXmitDataSegmentLength": "262144",
"OFMarkInt": "Reject",
"OFMarker": "No",
"TargetAlias": "LIO Target"
},
"portals": [
{
"ip_address": "0.0.0.0",
"iser": false,
"offload": false,
"port": 3260
}
],
"tag": 1
}
],
"wwn": "iqn.2026-01.icecube:storage.target01"
}
]
}
Comprobación del servicio iSCSI
Ver estado de configuracion de targetcli:
[root@icecube ~]# targetcli ls
o- / ......................................................................................................................... [...]
o- backstores .............................................................................................................. [...]
| o- block .................................................................................................. [Storage Objects: 1]
| | o- lun01 ........................................................... [/dev/vg_iscsi/lv_storage (40.0GiB) write-thru activated]
| | o- alua ................................................................................................... [ALUA Groups: 1]
| | o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
| o- fileio ................................................................................................. [Storage Objects: 0]
| o- pscsi .................................................................................................. [Storage Objects: 0]
| o- ramdisk ................................................................................................ [Storage Objects: 0]
o- iscsi ............................................................................................................ [Targets: 1]
| o- iqn.2026-01.icecube:storage.target01 .............................................................................. [TPGs: 1]
| o- tpg1 .......................................................................................... [no-gen-acls, auth per-acl]
| o- acls .......................................................................................................... [ACLs: 1]
| | o- iqn.2026-01.icecube:node01.initiator01 ................................................... [1-way auth, Mapped LUNs: 1]
| | o- mapped_lun0 ................................................................................. [lun0 block/lun01 (rw)]
| o- luns .......................................................................................................... [LUNs: 1]
| | o- lun0 ...................................................... [block/lun01 (/dev/vg_iscsi/lv_storage) (default_tg_pt_gp)]
| o- portals .................................................................................................... [Portals: 1]
| o- 0.0.0.0:3260 ..................................................................................................... [OK]
o- loopback ......................................................................................................... [Targets: 0]
Verificar que el puerto iSCSI está en escucha:
[root@icecube ~]# ss -napt | grep 3260
LISTEN 0 256 *:3260 *:*
[root@icecube ~]#
[root@icecube ~]# firewall-cmd --add-service=iscsi-target --permanent
success
[root@icecube ~]# firewall-cmd --reload
success
Configuración SELinux del Target
Ajustar contextos SELinux:
[root@icecube ~]# chcon -R -t tgtd_var_lib_t /var/lib/iscsi_disks
[root@icecube ~]# semanage fcontext -a -t tgtd_var_lib_t /var/lib/iscsi_disks
Configuración del iSCSI Initiator en los nodos
Los siguientes pasos deben ejecutarse en todos los nodos del clúster.
Instalación de paquetes
[root@nodo1 ~]# dnf -y install iscsi-initiator-utils
Updating Subscription Management repositories.
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) 43 MB/s | 79 MB 00:01
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs) 19 MB/s | 15 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 45 MB/s | 95 MB 00:02
Package iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 is already installed.
Dependencies resolved.
=========================================================================================================================================================================
Package Architecture Version Repository Size
=========================================================================================================================================================================
Upgrading:
iscsi-initiator-utils x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 392 k
iscsi-initiator-utils-iscsiuio x86_64 6.2.1.11-0.git4b3e853.el9 rhel-9-for-x86_64-baseos-rpms 81 k
Transaction Summary
=========================================================================================================================================================================
Upgrade 2 Packages
Total download size: 473 k
Downloading Packages:
(1/2): iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 1.6 MB/s | 392 kB 00:00
(2/2): iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64.rpm 330 kB/s | 81 kB 00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.9 MB/s | 473 kB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) 3.1 MB/s | 3.6 kB 00:00
Importing GPG key 0xFD431D51:
Userid : "Red Hat, Inc. (release key 2) <security@redhat.com>"
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Importing GPG key 0x5A6340B3:
Userid : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>"
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Upgrading : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Upgrading : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4
Running scriptlet: iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 2/4
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Cleanup : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 3/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Cleanup : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Verifying : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 1/4
Verifying : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 2/4
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64 3/4
Verifying : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64 4/4
Installed products updated.
Upgraded:
iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64 iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64
Complete!
Configuración del Initiator
Comprobar el IQN del Initiator:
[root@nodo1 ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2026-01.icecube:node01.initiator01
Editar el archivo de configuración CHAP:
[root@nodo1 ~]# vim /etc/iscsi/iscsid.conf
Verificar parámetros de autenticación:
[root@nodo1 ~]# grep -i node.session.auth /etc/iscsi/iscsid.conf|grep -v ^#
node.session.auth.authmethod = CHAP
node.session.auth.username = bonzo
node.session.auth.password = PASSWORD2020
[root@nodo1 ~]# systemctl enable --now iscsid
Created symlink /etc/systemd/system/multi-user.target.wants/iscsid.service → /usr/lib/systemd/system/iscsid.service.
[root@nodo1 ~]# systemctl restart iscsid
Descubrimiento y conexión al target
Descubrir targets disponibles:
[root@nodo1 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.1.80
192.168.1.80:3260,1 iqn.2027-04.icecube:storage.target00
Iniciar sesión:
[root@nodo1 ~]# iscsiadm -m node --login
Login to [iface: default, target: iqn.2026-01.icecube:storage.target01, portal: 192.168.1.80,3260] successful.
Verificación del disco compartido
Comprobar que el nuevo disco aparece en el sistema:
[root@nodo1 ~]# iscsiadm -m session -o show
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash)
[root@nodo1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 10.5G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 9.5G 0 part
├─centos-root 253:0 0 8.4G 0 lvm /
└─centos-swap 253:1 0 1G 0 lvm [SWAP]
sdb 8:16 0 8G 0 disk
sr0 11:0 1 1024M 0 rom
Configuración alternativa del Target (tgt)
Ajustar contextos SELinux:
[root@icecube ~]# chcon -R -t tgtd_var_lib_t /var/lib/iscsi_disks
[root@icecube ~]# semanage fcontext -a -t tgtd_var_lib_t /var/lib/iscsi_disks
Configurar el archivo /etc/tgt/targets.conf:
[root@icecube ~]# cat /etc/tgt/targets.conf |grep -v ^#
default-driver iscsi
<target iqn.2027-04.icecube:storage.target00>
backing-store /var/lib/iscsi_disks/disk01.img
initiator-address 192.168.0.81
initiator-address 192.168.0.82
incominguser bonzo PASSWORD2020
</target>
Iniciar y habilitar el servicio:
[root@icecube ~]# systemctl start tgtd
[root@icecube ~]# systemctl enable tgtd
Created symlink from /etc/systemd/system/multi-user.target.wants/tgtd.service to /usr/lib/systemd/system/tgtd.service.
[root@icecube ~]#
Verificación del target:
[root@icecube ~]# tgtadm --mode target --op show
Target 1: iqn.2027-04.icecube:storage.target00
System information:
Driver: iscsi
State: ready
I_T nexus information:
LUN information:
LUN: 0
Type: controller
SCSI ID: IET 00010000
SCSI SN: beaf10
Size: 0 MB, Block size: 1
Online: Yes
Removable media: No
Prevent removal: No
Readonly: No
SWP: No
Thin-provisioning: No
Backing store type: null
Backing store path: None
Backing store flags:
LUN: 1
Type: disk
SCSI ID: IET 00010001
SCSI SN: beaf11
Size: 8590 MB, Block size: 512
Online: Yes
Removable media: No
Prevent removal: No
Readonly: No
SWP: No
Thin-provisioning: No
Backing store type: rdwr
Backing store path: /var/lib/iscsi_disks/disk01.img
Backing store flags:
Account information:
bonzo
ACL information:
192.168.0.81
192.168.0.82
Configuración del iSCSI Initiator en los nodos
Los siguientes pasos deben ejecutarse en todos los nodos del clúster.
Instalación de paquetes
yum --enablerepo=epel install -y \
scsi-target-utils \
iscsi-initiator-utils
Configuración del iniciador
Comprobar el IQN del iniciador:
[root@nodo1 ~]# cat /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2027-04.icecube:www.icecube
Editar el archivo de configuración CHAP:
[root@nodo1 ~]# vim /etc/iscsi/iscsid.conf
Verificar parámetros de autenticación:
[root@nodo1 ~]# grep -i node.session.auth /etc/iscsi/iscsid.conf|grep -v ^#
node.session.auth.authmethod = CHAP
node.session.auth.username = bonzo
node.session.auth.password = PASSWORD2020
Descubrimiento y conexión al target
Descubrir targets disponibles:
[root@nodo1 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.0.80
192.168.0.80:3260,1 iqn.2027-04.icecube:storage.target00
[root@nodo1 ~]# iscsiadm -m node -o show
# BEGIN RECORD 6.2.0.874-19
node.name = iqn.2027-04.icecube:storage.target00
node.tpgt = 1
node.startup = automatic
node.leading_login = No
iface.hwaddress = <empty>
iface.ipaddress = <empty>
iface.iscsi_ifacename = default
iface.net_ifacename = <empty>
iface.gateway = <empty>
iface.subnet_mask = <empty>
iface.transport_name = tcp
iface.initiatorname = <empty>
iface.state = <empty>
iface.vlan_id = 0
iface.vlan_priority = 0
iface.vlan_state = <empty>
iface.iface_num = 0
iface.mtu = 0
iface.port = 0
iface.bootproto = <empty>
iface.dhcp_alt_client_id_state = <empty>
iface.dhcp_alt_client_id = <empty>
iface.dhcp_dns = <empty>
iface.dhcp_learn_iqn = <empty>
iface.dhcp_req_vendor_id_state = <empty>
iface.dhcp_vendor_id_state = <empty>
iface.dhcp_vendor_id = <empty>
iface.dhcp_slp_da = <empty>
iface.fragmentation = <empty>
iface.gratuitous_arp = <empty>
iface.incoming_forwarding = <empty>
iface.tos_state = <empty>
iface.tos = 0
iface.ttl = 0
iface.delayed_ack = <empty>
iface.tcp_nagle = <empty>
iface.tcp_wsf_state = <empty>
iface.tcp_wsf = 0
iface.tcp_timer_scale = 0
iface.tcp_timestamp = <empty>
iface.redirect = <empty>
iface.def_task_mgmt_timeout = 0
iface.header_digest = <empty>
iface.data_digest = <empty>
iface.immediate_data = <empty>
iface.initial_r2t = <empty>
iface.data_seq_inorder = <empty>
iface.data_pdu_inorder = <empty>
iface.erl = 0
iface.max_receive_data_len = 0
iface.first_burst_len = 0
iface.max_outstanding_r2t = 0
iface.max_burst_len = 0
iface.chap_auth = <empty>
iface.bidi_chap = <empty>
iface.strict_login_compliance = <empty>
iface.discovery_auth = <empty>
iface.discovery_logout = <empty>
node.discovery_address = 192.168.0.80
node.discovery_port = 3260
node.discovery_type = send_targets
node.session.initial_cmdsn = 0
node.session.initial_login_retry_max = 8
node.session.xmit_thread_priority = -20
node.session.cmds_max = 128
node.session.queue_depth = 32
node.session.nr_sessions = 1
node.session.auth.authmethod = CHAP
node.session.auth.username = bonzo
node.session.auth.password = ********
node.session.auth.username_in = <empty>
node.session.auth.password_in = <empty>
node.session.auth.chap_algs = MD5
node.session.timeo.replacement_timeout = 120
node.session.err_timeo.abort_timeout = 15
node.session.err_timeo.lu_reset_timeout = 30
node.session.err_timeo.tgt_reset_timeout = 30
node.session.err_timeo.host_reset_timeout = 60
node.session.iscsi.FastAbort = Yes
node.session.iscsi.InitialR2T = No
node.session.iscsi.ImmediateData = Yes
node.session.iscsi.FirstBurstLength = 262144
node.session.iscsi.MaxBurstLength = 16776192
node.session.iscsi.DefaultTime2Retain = 0
node.session.iscsi.DefaultTime2Wait = 2
node.session.iscsi.MaxConnections = 1
node.session.iscsi.MaxOutstandingR2T = 1
node.session.iscsi.ERL = 0
node.session.scan = auto
node.conn[0].address = 192.168.0.80
node.conn[0].port = 3260
node.conn[0].startup = manual
node.conn[0].tcp.window_size = 524288
node.conn[0].tcp.type_of_service = 0
node.conn[0].timeo.logout_timeout = 15
node.conn[0].timeo.login_timeout = 15
node.conn[0].timeo.auth_timeout = 45
node.conn[0].timeo.noop_out_interval = 5
node.conn[0].timeo.noop_out_timeout = 5
node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
node.conn[0].iscsi.HeaderDigest = None
node.conn[0].iscsi.IFMarker = No
node.conn[0].iscsi.OFMarker = No
# END RECORD
Iniciar sesión:
[root@nodo1 ~]# iscsiadm -m node --login
Verificar la sesión activa:
[root@nodo1 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.0.80
192.168.0.80:3260,1 iqn.2027-04.icecube:storage.target00
Verificación del disco compartido
Comprobar que el nuevo disco aparece en el sistema:
[root@nodo1 ~]# iscsiadm -m session -o show
tcp: [1] 192.168.0.80:3260,1 iqn.2027-04.icecube:storage.target00 (non-flash)
[root@nodo1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 10.5G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 9.5G 0 part
├─centos-root 253:0 0 8.4G 0 lvm /
└─centos-swap 253:1 0 1G 0 lvm [SWAP]
sdb 8:16 0 8G 0 disk
sr0 11:0 1 1024M 0 rom
Inicializar el disco como volumen físico:
[root@nodo1 ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created.
