Differences

This shows you the differences between two versions of the page.

--- iscsi_centos7 [2015/08/22 10:31] – herwarth
+++ iscsi_centos7 [2015/08/22 10:46] (current) – herwarth
@@ Line 6: / Line 6: @@
 <code>
-yum install targetcli net-tools wget chrony
+rpm -ivh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
+yum install targetcli net-tools wget chrony check-mk-agent xinetd
 wget https://downloads.linux.hp.com/SDR/add_repo.sh
 sh ./add_repo.sh spp -d rhel -r 7
 yum install hpssacli
 </code>
-=====Configuration=====
+=====Tuning system configuration=====
 <code - /etc/sysconfig/modules/scsi.modules>
 #!/bin/sh
@@ Line 28: / Line 30: @@
 </code>
   tuned-adm profile network-throughput
+=====Configuration iSCSI target=====
+  targetcli
+<code>
+/backstores/block create lun1 /dev/data/lun1
+/iscsi create
+/iscsi set discovery_auth enable=0
+/iscsi/iqn.2003-01.org.linux-iscsi.testnas.x8664:sn.3e16441761a3/tpg1
+portals delete 0.0.0.0 3260
+portals create 192.168.0.100 3260
+portals create 192.168.1.100 3260
+luns/ create /backstores/block/lun1
+acls/ create iqn.1998-01.com.vmware:supermicro1-22d4a58e
+acls/ create iqn.1998-01.com.vmware:supermicro2-6b09d927
+set parameter AuthMethod=None
+set attribute authentication=0
+cd /
+</code>
+<code>
+/> ls
+o- / ......................................................................................... [...]
+  o- backstores .............................................................................. [...]
+  | o- block .................................................................. [Storage Objects: 1]
+  | | o- lun1 ...................................... [/dev/data/lun1 (50.0GiB) write-thru activated]
+  | o- fileio ................................................................. [Storage Objects: 0]
+  | o- pscsi .................................................................. [Storage Objects: 0]
+  | o- ramdisk ................................................................ [Storage Objects: 0]
+  o- iscsi ............................................................................ [Targets: 1]
+  | o- iqn.2003-01.org.linux-iscsi.testnas.x8664:sn.3e16441761a3 ......................... [TPGs: 1]
+  |   o- tpg1 ............................................................... [no-gen-acls, no-auth]
+  |     o- acls .......................................................................... [ACLs: 2]
+  |     | o- iqn.1998-01.com.vmware:supermicro1-22d4a58e .......................... [Mapped LUNs: 1]
+  |     | | o- mapped_lun0 .................................................. [lun0 block/lun1 (rw)]
+  |     | o- iqn.1998-01.com.vmware:supermicro2-6b09d927 .......................... [Mapped LUNs: 1]
+  |     |   o- mapped_lun0 .................................................. [lun0 block/lun1 (rw)]
+  |     o- luns .......................................................................... [LUNs: 1]
+  |     | o- lun0 .................................................... [block/lun1 (/dev/data/lun1)]
+  |     o- portals .................................................................... [Portals: 2]
+  |       o- 192.168.0.100:3260 ............................................................... [OK]
+  |       o- 192.168.1.100:3260 ............................................................... [OK]
+  o- loopback ......................................................................... [Targets: 0]
+/>
+</code>
+  saveconfig
+  exit
+  systemctl enable target
+  systemctl start target
+=====Firewalld=====
+Remove default crap
+<code>
+firewall-cmd --permanent --zone=home --remove-service=dhcpv6-client
+firewall-cmd --permanent --zone=home --remove-service=ipp-client
+firewall-cmd --permanent --zone=home --remove-service=mdns
+firewall-cmd --permanent --zone=home --remove-service=samba-client
+firewall-cmd --permanent --zone=home --remove-service=ssh
+firewall-cmd --permanent --zone=internal --remove-service=dhcpv6-client
+firewall-cmd --permanent --zone=internal --remove-service=ipp-client
+firewall-cmd --permanent --zone=internal --remove-service=mdns
+firewall-cmd --permanent --zone=internal --remove-service=samba-client
+firewall-cmd --permanent --zone=internal --remove-service=ssh
+firewall-cmd --permanent --zone=work --remove-service=dhcpv6-client
+firewall-cmd --permanent --zone=work --remove-service=ipp-client
+firewall-cmd --permanent --zone=work --remove-service=ssh
+firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
+firewall-cmd --permanent --zone=public --remove-service=ssh
+firewall-cmd --permanent --zone=external --remove-service=ssh
+firewall-cmd --permanent --zone=external --remove-masquerade
+firewall-cmd --permanent --zone=dmz --remove-service=ssh
+</code>
+Create new zones
+<code>
+firewall-cmd --permanent --new-zone=management
+firewall-cmd --permanent --new-zone=local
+firewall-cmd --permanent --new-zone=iscsi1
+firewall-cmd --permanent --new-zone=iscsi2
+</code>
+Put subnets in zones
+<code>
+firewall-cmd --permanent --zone=public --add-source=0.0.0.0/0
+firewall-cmd --permanent --zone=public --add-source=::/0
+firewall-cmd --permanent --zone=dmz --add-source=5.200.9.240/28
+firewall-cmd --permanent --zone=dmz --add-source=2a00:1630:59::/64
+firewall-cmd --permanent --zone=dmz --add-source=46.44.183.176/28
+firewall-cmd --permanent --zone=dmz --add-source=2a02:22a0:bbb7:400::/64
+firewall-cmd --permanent --zone=dmz --add-source=94.142.242.32/28
+firewall-cmd --permanent --zone=dmz --add-source=2a02:898:126::/64
+firewall-cmd --permanent --zone=local --add-source=172.16.3.0/24
+firewall-cmd --permanent --zone=local --add-source=2a02:22a0:bbb7:403::/64
+firewall-cmd --permanent --zone=local --add-source=172.16.5.0/24
+firewall-cmd --permanent --zone=local --add-source=2a00:1630:59:5::/64
+firewall-cmd --permanent --zone=local --add-source=172.16.7.0/24
+firewall-cmd --permanent --zone=local --add-source=2a02:898:126:7::/64
+firewall-cmd --permanent --zone=management --add-source=172.16.2.0/24
+firewall-cmd --permanent --zone=management --add-source=2a02:22a0:bbb7:402::/64
+firewall-cmd --permanent --zone=management --add-source=172.16.4.0/24
+firewall-cmd --permanent --zone=management --add-source=2a00:1630:59:4::/64
+firewall-cmd --permanent --zone=management --add-source=172.16.6.0/24
+firewall-cmd --permanent --zone=management --add-source=2a02:898:126:6::/64
+firewall-cmd --permanent --zone=iscsi1 --add-source=192.168.0.0/24
+firewall-cmd --permanent --zone=iscsi2 --add-source=192.168.1.0/24
+</code>
+Add services
+<code - /etc/firewalld/services/check-mk-agent.xml>
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>check-mk-agent</short>
+  <description>Check_MK Agent</description>
+  <port protocol="tcp" port="6556"/>
+</service>
+</code>
+<code - /etc/firewalld/services/iscsi-target.xml>
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>iscsi-target</short>
+  <description>iSCSI target</description>
+  <port protocol="tcp" port="3260"/>
+</service>
+</code>
+Add services to zones
+<code>
+firewall-cmd --permanent --zone=management --add-service=ssh
+firewall-cmd --permanent --zone=local --add-service=ssh
+firewall-cmd --permanent --zone=iscsi1 --add-service=iscsi-target
+firewall-cmd --permanent --zone=iscsi2 --add-service=iscsi-target
+firewall-cmd --permanent --zone=management --add-rich-rule="rule family="ipv4" \
+source address="172.16.4.14" service name="check-mk-agent" accept"
+firewall-cmd --permanent --zone=management --add-rich-rule="rule family="ipv6" \
+source address="2a00:1630:59:4::14" service name="check-mk-agent" accept"
+</code>
+Make sure all interfaces are set to public as default!
+  firewall-cmd --set-default-zone=public
+  firewall-cmd --reload
 {{tag>centos}}

User Tools

Site Tools

Differences

Page Tools