1,078 瀏覽數

RHEL5 – iSCSI Target ACL

iSCSI Target 預設是不讓任何人存取,除非設定了 ACL(Access Control List). 一開始在實驗階段可以用 ALL 讓任意的 Initiator 都可以存取.

[root@benjr ~]# tgtadm –lld iscsi –op bind –mode target –tid 1 -I ALL

–tid 1 : 還記得剛剛設定的 tid 吧!!
-I ALL  : 不限制任何 IP 的 initiators 都可以來存取這個 iSCSI Target.. (-I : 大寫的 i;ALL 必須都為大寫才會生效))

[root@benjr ~]# tgtadm –lld iscsi –op show –mode target
Target 1: iqn.2009-4.tw.benjr:storage
    System information:
        Driver: iscsi
        Status: running
    I_T nexus information:
    LUN information:
        LUN: 0
            Type: controller
            SCSI ID: deadbeaf1:0
            SCSI SN: beaf10
            Size: 0
            Backing store: No backing store
        LUN: 1
            Type: disk
            SCSI ID: deadbeaf1:1
            SCSI SN: beaf11
            Size: 9G
            Backing store: /dev/sdb1
    Account information:
    ACL information:
        ALL

不過沒人希望什麼阿貓阿狗的 initiators 都來使用我這一台 iSCSI Target.先把 "ALL" 移除.ALL 比較適合使用在 iSCSI Boot.

[root@benjr ~]# tgtadm –lld iscsi –op unbind –mode target –tid 1 -I ALL
[root@benjr ~]# tgtadm –lld iscsi –op show –mode target
Target 1: iqn.2009-4.tw.benjr:storage
    System information:
        Driver: iscsi
        Status: running
    I_T nexus information:
    LUN information:
        LUN: 0
            Type: controller
            SCSI ID: deadbeaf1:0
            SCSI SN: beaf10
            Size: 0
            Backing store: No backing store
        LUN: 1
            Type: disk
            SCSI ID: deadbeaf1:1
            SCSI SN: beaf11
            Size: 9G
            Backing store: /dev/sdb1
    Account information:
    ACL information:

下面使用幾個範例來說明 ACL IP 的指定方式:

[root@benjr ~]# tgtadm –lld iscsi –op bind –mode target –tid 1 -I 192.8.1.121
[root@benjr ~]# tgtadm –lld iscsi –op bind –mode target –tid 1 -I 192.8.1.0/24
[root@benjr ~]# tgtadm –lld iscsi –op show –mode target
Target 1: iqn.2009-4.tw.benjr:storage
    System information:
        Driver: iscsi
        Status: running
    I_T nexus information:
    LUN information:
        LUN: 0
            Type: controller
            SCSI ID: deadbeaf1:0
            SCSI SN: beaf10
            Size: 0
            Backing store: No backing store
        LUN: 1
            Type: disk
            SCSI ID: deadbeaf1:1
            SCSI SN: beaf11
            Size: 9G
            Backing store: /dev/sdb1
    Account information:
    ACL information:
        192.8.1.121
        192.8.1.0/24

你除了可以指定特定 IP : 192.8.1.121 的 initiator 可以存取此 iSCSI Target device外還可以針對相同網域的 IP: 192.8.1.0/24 來設定.

發表迴響