ISCSIサーバ(Target)の準備
検証なのでLinuxを利用しました。実環境だとストレージになることが多い。
参考資料
https://www.ibm.com/docs/en/qsip/7.4?topic=device-configuring-iscsi-volumes
https://www.server-world.info/query?os=CentOS_7&p=iscsi
targetcliのインストール
[root@cents7 ~]# yum install targetcli
読み込んだプラグイン:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.grid.uchicago.edu
* extras: mirrors.cmich.edu
* updates: mirror.web-ster.com
base | 3.6 kB 00:00
http://mirrors.cmich.edu/centos/7.9.2009/extras/x86_64/repodata/repomd.xml: [Errno 12] Timeout on http://mirrors.cmich.edu/centos/7.9.2009/extras/x86_64/repodata/repomd.xml: (28, 'O peration too slow. Less than 1000 bytes/sec transferred the last 30 seconds')
他のミラーを試します。
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
依存性の解決をしています
--> トランザクションの確認を実行しています。
---> パッケージ targetcli.noarch 0:2.1.51-2.el7 を 更新
---> パッケージ targetcli.noarch 0:2.1.53-1.el7_9 を アップデート
--> 依存性解決を終了しました。
依存性を解決しました
=====================================================================================================================================================================================
Package アーキテクチャー バージョン リポジトリー 容量
=====================================================================================================================================================================================
更新します:
targetcli noarch 2.1.53-1.el7_9 updates 75 k
トランザクションの要約
=====================================================================================================================================================================================
更新 1 パッケージ
合計容量: 75 k
Is this ok [y/d/N]: y
Downloading packages:
警告: /var/cache/yum/x86_64/7/updates/packages/targetcli-2.1.53-1.el7_9.noarch.rpm: ヘッダー V3 RSA/SHA256 Signature、鍵 ID f4a80eb5: NOKEY
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 から鍵を取得中です。
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
上記の処理を行います。よろしいでしょうか? [y/N]y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
更新します : targetcli-2.1.53-1.el7_9.noarch 1/2
整理中 : targetcli-2.1.51-2.el7.noarch 2/2
検証中 : targetcli-2.1.53-1.el7_9.noarch 1/2
検証中 : targetcli-2.1.51-2.el7.noarch 2/2
更新:
targetcli.noarch 0:2.1.53-1.el7_9
完了しました!
[root@cents7 ~]# rpm -qa | grep targetcli
targetcli-2.1.53-1.el7_9.noarch
targetcliの有効化
[root@cents7 ~]# systemctl enable target
Created symlink from /etc/systemd/system/multi-user.target.wants/target.service to /usr/lib/systemd/system/target.service.
[root@cents7 ~]# mkdir /iscsi_disks
[root@cents7 ~]# targetcli
Warning: Could not load preferences file /root/.targetcli/prefs.bin.
targetcli shell version 2.1.53
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.
/> cd backstores/fileio
/backstores/fileio> create disk0 /iscsi_disks/disk0.img 100G
Created fileio disk0 with size 107374182400
/backstores/fileio> cd /iscsi
/iscsi>
ターゲットを作成
/iscsi> create iqn.2014-07.world.srv:storage.target00
Created target iqn.2014-07.world.srv:storage.target00.
Created TPG 1.
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
/iscsi> cd iqn.2014-07.world.srv:storage.target00/tpg1/luns
LUNを設定
/iscsi/iqn.20...t00/tpg1/luns> create /backstores/fileio/disk0
Created LUN 0.
/iscsi/iqn.20...t00/tpg1/luns> cd ../acls
ACLを設定 (接続を許可するイニシエーターのIQN)
/iscsi/iqn.20...t00/tpg1/acls> create iqn.2014-07.world.srv:www.srv.world
Created Node ACL for iqn.2014-07.world.srv:www.srv.world
Created mapped LUN 0.
/iscsi/iqn.20...t00/tpg1/acls> cd iqn.2014-07.world.srv:www.srv.world
認証用ユーザーID を設定
/iscsi/iqn.20...www.srv.world> set auth userid=username
Parameter userid is now 'username'.
/iscsi/iqn.20...www.srv.world> set auth password=password
Parameter password is now 'password'.
/iscsi/iqn.20...www.srv.world> exit
Global pref auto_save_on_exit=true
Configuration saved to /etc/target/saveconfig.json
上記設定後、以下のようにターゲットがリスン状態になる
[root@cents7 ~]# ss -napt | grep 3260
LISTEN 0 256 *:3260 *:*
[root@cents7 ~]# systemctl enable target
firewallを無効化
[root@cents7 ~]# systemctl stop firewalld
[root@cents7 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
ISCSI設定削除(誤って実施した、再度実施したいため設定を消す)
[root@cents7 /]# targetcli /iscsi delete iqn.2014-07.world.srv:storage.target00
Deleted Target iqn.2014-07.world.srv:storage.target00.
[root@cents7 ~]# targetcli /backstores/block /iscsi_disk0.img
QRadar側(Initiator)の準備
参考資料
https://www.ibm.com/docs/en/qsip/7.4?topic=device-moving-store-file-system-iscsi-storage-solution
targetをファイルに登録
[root@QRadar750AIO ~]#vi /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2014-07.world.srv:www.srv.world
targetのiqnを一行一番下に追加
書式
InitiatorName=<iqn.yyyy-mm>.<reversed_domain_name>:<hostname>
変更の適用
(initiatorname.iscsiを変更した後で打つサービス再起動コマンド) https://unix.stackexchange.com/questions/207534/iscsi-login-failed-with-error-24-could-not-log-in-to-all-portals
[root@QRadar750AIO ~]# systemctl restart iscsid
接続確認
xxx.xxx.xxx.xxxは、TargetのIPアドレス
[root@QRadar750AIO ~]# iscsiadm -m discovery --type sendtargets --portal xxx.xxx.xxx.xxx:3260
xxx.xxx.xxx.xxx:3260,1 iqn.2014-07.world.srv:storage.target00
ログイン
[root@QRadar750AIO iscsi]# iscsiadm -m node -T iqn.2014-07.world.srv:storage.target00 -l
Logging in to [iface: default, target: iqn.2014-07.world.srv:storage.target00, portal: xxx.xxx.xxx.xxx,3260] (multiple)
Login to [iface: default, target: iqn.2014-07.world.srv:storage.target00, portal: xxx.xxx.xxx.xxx,3260] successful.
接続されたデバイス名を確認する
[root@QRadar750AIO iscsi]# dmesg | grep "Attached SCSI disk"
[ 1.921994] sd 0:0:0:0: [sda] Attached SCSI disk
[369680.685137] sd 77:0:0:0: [sdb] Attached SCSI disk
[root@QRadar750AIO iscsi]# fdisk -l
~~ 省略~~
Disk /dev/sdb: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 4194304 bytes
論理ディスクの作成
[root@QRadar750AIO ~]# parted /dev/sdb
GNU Parted 3.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel gpt
(parted) mkpart primary 0% 100%
(parted) print
Model: LIO-ORG disk0 (scsi)
Disk /dev/sdb: 107GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 4194kB 107GB 107GB primary
(parted) quit
Information: You may need to update /etc/fstab.
[root@QRadar750AIO ~]# partprobe /dev/sdb
[root@QRadar750AIO ~]# cat /proc/partitions
major minor #blocks name
8 0 314572800 sda
8 1 1024 sda1
8 2 1048576 sda2
8 3 33554432 sda3
8 4 184995840 sda4
8 5 70258688 sda5
8 6 24709120 sda6
11 0 5570560 sr0
253 0 13107200 dm-0
253 1 15728640 dm-1
253 2 3145728 dm-2
253 3 1048576 dm-3
253 4 13107200 dm-4
253 5 3145728 dm-5
253 6 15728640 dm-6
253 7 5242880 dm-7
253 8 36995072 dm-8
253 9 147996672 dm-9
8 16 104857600 sdb
8 17 104849408 sdb1
[root@QRadar750AIO ~]# mkfs.xfs -f /dev/sdb
meta-data=/dev/sdb isize=512 agcount=4, agsize=6553600 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=26214400, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=12800, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@QRadar750AIO ~]#
QRadarでの/storeをiscsi領域にマイグレ
サービス停止
[root@QRadar750AIO ~]# systemctl stop hostcontext
[root@QRadar750AIO ~]# systemctl stop ecs-ec-ingress
[root@QRadar750AIO ~]# systemctl stop tomcat
[root@QRadar750AIO ~]# systemctl stop hostservices
[root@QRadar750AIO ~]# systemctl stop systemStabMon
[root@QRadar750AIO ~]# systemctl stop crond
[root@QRadar750AIO ~]# systemctl stop soir
Failed to stop soir.service: Unit soir.service not loaded.
/storeの解除とバックアップ領域確保
[root@QRadar750AIO ~]# umount /store
[root@QRadar750AIO ~]# mkdir /store_old
新規iscsiディスクのuuid取得
[root@QRadar750AIO ~]# blkid /dev/sdb
/dev/sdb: UUID="7ddb3895-1457-4e54-a932-793d677f6ab9" TYPE="xfs"
マウント情報書き換え
- /storeのマウントポイントを/store_oldに変更します。
-
UUID=<uuid> /store xfs inode64,logbsize=256k,noatime,noauto,nobarrier 0 0を新たに追加
[root@QRadar750AIO ~]# vi /etc/fstab
/storeと/store_oldのマウント
[root@QRadar750AIO etc]# mount /store
[root@QRadar750AIO etc]# mount /store_old
/store_oldから/storeにデータコピー
[root@QRadar750AIO etc]# nohup cp -af /store_old/* /store &
[root@QRadar750AIO etc]# disown
サービス開始
systemctl start crond
systemctl start systemStabMon
systemctl start hostservices
systemctl start tomcat
systemctl start ecs-ec-ingress
systemctl start hostcontext
systemctl start solr
後片付け(未検証
umount /store_old
rmdir /store_old
lvchange -an /dev/storerhel/store 2>/dev/null
lvrename /dev/storerhel/store /dev/storerhel/storeold 2>/dev/null