- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Create Centralized Secure Storage using iSCSI Target _ Initiator on RHEL_CentOS 7
iSCSI (Internet Small Computer System Interface) is a storage networking technology that allows block-level data to be transported over an IP network. It is an alternative to traditional Fibre Channel SANs (Storage Area Networks) that use dedicated cabling to connect storage devices to servers. iSCSI can provide a cost-effective and flexible way to create a centralized storage infrastructure.
In this tutorial, we will set up an iSCSI target on a RHEL/CentOS 7 server and connect to it using an iSCSI initiator on another RHEL/CentOS 7 server. We will configure CHAP (Challenge-Handshake Authentication Protocol) authentication to ensure secure communication between the target and initiator.
Step 1: Install Required Packages
First, we need to install the required packages on the target and initiator servers. On the target server, enter the following command −
sudo yum install scsi-target-utils -y
This installs the "scsi-target-utils" package, which provides the necessary tools to configure the iSCSI target. On the initiator server, enter the following command −
sudo yum install iscsi-initiator-utils -y
This installs the "iscsi-initiator-utils" package, which provides the necessary tools to connect to the iSCSI target.
Step 2: Configure the iSCSI Target
Now, we will configure the iSCSI target on the target server. The target server will provide the storage to the initiator server. The target server will act as the iSCSI target.
To configure the iSCSI target, follow these steps −
Create a new LUN (Logical Unit Number) that will be shared with the initiator server. In this example, we will create a 10 GB LUN.
sudo dd if=/dev/zero of=/var/lib/iscsi_disks/lun01 bs=1M count=10000
This creates a 10 GB file named "lun01" in the "/var/lib/iscsi_disks" directory.
Create a new iSCSI target configuration file −
sudo nano /etc/tgt/conf.d/iscsi.conf
Add the following lines to the file −
<target iqn.2021-05.example.com:lun01> backing-store /var/lib/iscsi_disks/lun01 incominguser chap_user secret_password </target>
Replace "iqn.2021-05.example.com:lun01" with a unique identifier for the target. Replace "chap_user" with a username for CHAP authentication, and replace "secret_password" with a secure password for CHAP authentication.
Restart the tgtd service to apply the changes −
sudo systemctl restart tgtd
Step 3: Configure the iSCSI Initiator
Now, we will configure the iSCSI initiator on the initiator server. The initiator server will connect to the iSCSI target on the target server. To configure the iSCSI initiator, follow these steps −
Discover the iSCSI target by entering the following command −
sudo iscsiadm -m discovery -t sendtargets -p target_ip_address
Replace "target_ip_address" with the IP address of the target server.
Login to the iSCSI target by entering the following command −
sudo iscsiadm -m node -T iqn.2021-05.example.com:lun01 -p target_ip_address -l
Replace "iqn.2021-05.example.com:lun01" with the unique identifier for the target, and replace "target_ip_address" with the IP address of the target server.
Verify that the iSCSI target is connected by entering the following command −
sudo lsblk
This command lists the available block devices on the initiator machine. You should see the newly connected iSCSI target device listed.
Step 4: Create a File System on the iSCSI Target
Now that the iSCSI target is connected to the initiator machine, we can create a file system on it. In this example, we will create an ext4 file system on the iSCSI target. To create a file system on the iSCSI target, follow these steps −
Enter the following command to create a new partition on the iSCSI target −
sudo fdisk /dev/sdb
Note: Replace "/dev/sdb" with the block device name of the iSCSI target on your system.
In the fdisk prompt, enter the following commands in order −
Type "n" to create a new partition.
Type "p" to create a primary partition.
Type "1" to assign the partition number.
Press "Enter" twice to accept the default values for the first and last sectors of the partition.
Type "w" to write the changes and exit fdisk.
Next, format the new partition with the ext4 file system by entering the following command −
sudo mkfs.ext4 /dev/sdb1
Note: Replace "/dev/sdb1" with the partition name you created in the previous step.
Step 5: Mount the iSCSI Target File System
To mount the newly created file system on the iSCSI target, follow these steps −
Create a mount point for the file system by entering the following command −
sudo mkdir /mnt/iscsi_target
Mount the file system by entering the following command −
sudo mount /dev/sdb1 /mnt/iscsi_target
Verify that the file system is mounted by entering the following command −
df -h
This command lists the file systems that are currently mounted on the system. You should see the newly mounted iSCSI target file system listed.
Step 6: Configure Auto-mount of the iSCSI Target File System
To ensure that the iSCSI target file system is automatically mounted on the initiator machine after a reboot, we need to configure the system to mount it at boot time. To do so, follow these steps −
Open the /etc/fstab file in a text editor −
sudo nano /etc/fstab
Add the following line at the end of the file to automatically mount the iSCSI target file system −
/dev/sdb1 /mnt/iscsi_target ext4 defaults 0 0
Save and exit the file.
Step 7: Test the iSCSI Target File System
To test the iSCSI target file system, create a test file on the mount point and verify that it can be accessed from both the initiator and target machines.
To create a test file, enter the following command −
sudo touch /mnt/iscsi_target/testfile.txt
To verify that the test file exists on the iSCSI target, enter the following command on the target machine −
sudo ls /mnt/iscsi_target
To verify that the test file can be accessed from the initiator machine, enter the following command −
sudo ls /mnt/iscsi_target
If the test file is listed in both cases, then the iSCSI target file system is successfully configured and accessible from both machines.
Conclusion
In this tutorial, we have shown how to configure a centralized secure storage system using iSCSI target and initiator on RHEL/CentOS 7. By creating an iSCSI target on one machine and connecting it to an initiator on another machine, we can create a centralized storage system that can be accessed securely from multiple machines.