Mashed Articles

Linux is blessed with a variety of methods for accessing, expanding and building dynamic, scalable storage solutions. And they’re not just for industry experts either – even everyday Linux users can get access to a great deal of functionality by sharing and accessing data across a network.

Set up iSCSI and your data will stream from your PC like a magical rainbow. Perhaps. If you’re very lucky.

But there’s a new generation of solutions that can increase performance, offer more features and improve security – one of which is iSCSI. As its name implies, iSCSI is a version of the SCSI protocol, which is responsible for shuffling data between various SCSI devices. The key difference with iSCSI is that instead of transporting data across local cables and buses, the ‘i’ takes that data across the internet or your local network, attaching remote storage devices to your local system. It’s perfect for storage area networks (SANs) in particular, and you’ll find network administrators in enterprises of all sizes singing the praises of iSCSI’s ability to combine big-business fibre channel commands with generic networking hardware, saving their departments thousands of pounds in both hardware and infrastructure costs. iSCSI is also a great general-purpose remote storage solution that could easily replace the NFS protocol.

Understanding iSCSI

You can now find iSCSI in many network-attached storage (NAS) devices for the home and even standard Linux installations. This is because it’s a great storage protocol for an expanding network. It might be hard work to master, but you can build a working configuration with relative ease. The great advantage that iSCSI has over some of the alternatives is that drives are exported as block devices, just as blocks of data would be transported over an old SCSI cable. This means that, to the Linux kernel, these drives are handled exactly like local block devices. This makes it perfect for connecting the storage area of a database to the client application or, more recently, the virtual storage devices used by VMware and VirtualBox virtual machines. It’s also ideal if you want to run a machine without any local storage – traditionally the domain of NFS.

Use ‘apt-get install iscsitarget’ to add the appropriate packages to your installation.

Before getting started, your first step should be to familiarise yourself with some of the concepts that are used by iSCSI. These appear to take their names from the Terminator films, with the two most important being the Initiator and the Target. The Initiator is the iSCSI equivalent of the client. It’s the machine you want to have access to the remote data – the one that’s running the applications, or your desktop. The Target is the place the Initiator grabs the data from – another machine running the iSCSI server software and managing the requests to and from the storage medium. You’ll often find NAS drives running the Target server, for example, and you’ll only need to run the Initiator on your local machine in order to access the Target drive.

Set up the Target

It’s possible to share a large variety of different storage types over iSCSI, but the easiest to configure are entire drives. iSCSI connects devices at the block level, which means the job of partitioning and formatting can be left to the Initiator rather than the machine that’s attached directly to the hard drive. On our system, the drive we used was listed as /dev/sdb, and we’ll stick with this example throughout this tutorial. The system drive is normally /dev/sda. To find out what yours is, type fdisk -l on the command line for an overview of what’s connected to your system.

Edit the configuration file in nano. You’ll need to add a line which ensures iSCSI is switched on.

On the Target machine, you first need to install the ‘iscsitarget’ package. You can do this either from the Synaptic package manager or by typing sudo apt-get install iscsitarget on the command line. This will also install several configuration files, and the first of these that we need to look at is ‘/etc/default/iscsitarget’. You can type sudo nano followed by the path to the file name to edit it on the command line, or use your favourite desktop editor if you prefer. We only need to make a single edit here – making sure ‘ISCSITARGET_ENABLE=true’ is the only line in the file. Nano users need to press [Ctrl]+[X], then [Y] to save the changes.

Edit configuration files

The next file we need to edit is ‘/etc/ietd.conf’, which you’ll need to open in an editor. This document contains a working configuration, with lines using the # symbol designated as comments and therefore out of action.

The first line we need to edit defines what’s known as the iSCSI qualified name, or IQN for short. Just search for Target, followed by iqn. As with pages on the net, this IQN name has to be unique to your installation, and it takes the form of ‘iqn’, followed by the year and month, then a reversed version of your domain name. This is then followed by a colon and a reference to whatever you’re going to call the target storage device. This can be anything you like. Here’s what we chose:

iqn.2010-01.com.example:storage.disk2

Next, we need to define the drive that’s going to be shared over iSCSI. Remove the # symbol from the line starting with ‘Lun’ and modify it to read Lun 0 Path=/dev/sdb,Type=fileio. You need to change ‘/dev/sdb’ to the location of the drive that you’ve decided to share. Next, uncomment the Alias line at the bottom of the current section and save the file.

You’ll need to do some deeper editing to the ‘/etc/ietd.conf’ file.

You may have noticed that there are two lines available for a username and password, but we’re going to leave these untouched for now because we’re running our iSCSI device over a trusted network. You can always come back to this point and change the configuration after you’ve got the basic connection working, if you think that you need to.

To enable the device to be shared, open ‘/etc/initiators.allow’ and add iqn.2010-01.com.example:storage.disk2 ALL. When you get the connection working, you’ll need to change ‘ALL’ to the IP address of the machines allowed to access your iSCSI device, but for now we’re trying to remove all obstacles that could stop us getting the connection working. Start the Target server by typing sudo /etc/init.d/iscsitarget start.

Set up the Initiator

It’s now the turn of the other machine, the Initiator. To begin, you need to install the ‘open-iscsi’ package. Once that’s done, open the ‘/etc/iscsi/iscsid.conf’ configuration file and look for the line starting with ‘node.startup’. Change the default value of ‘manual’ to automatic, save the file and restart the service by typing sudo /etc/init.d/open-iscsi restart.

Make sure you change the node startup option to ‘manual’.

Almost everything is now configured and ready to go. Our next step is to probe the Target machine to see what storage services it offers, hopefully listing our drive in the process. Type iscsiadm -m discovery -t st -p, followed by the IP address of the Target. You can find this by typing ipconfig on the Target machine. If everything is set up correctly, you should see the IQN of your drive as output to the iscsiadm. This is the output we received:

iscsiadm -m discovery -t st -p 192.168.1.61
192.168.1.61:3260,1 iqn.2010-01.com.example:storage.disk2

Now you know that the Target machine is correctly configured and that iSCSI can see the remote storage device, you need to type iscsiadm -m node. This will automatically create configuration files within /var/lib/iscsi/nodes for the storage unit on your local machine, which will allow the Initiator to mount the device automatically when the service is restarted. You may need to do this manually by typing sudo /etc/init.d/open-iscsi restart.

The remote drive should now be mounted locally. The best way to check is to type fdisk -l to list all the storage devices attached to your machine. The iSCSI drive should be part of the output, but you won’t see any indication that it’s being connected over a network. That’s the great advantage of using iSCSI.

Mount the drive

iSCSI passes the block information, so you need to format the remote drive from the Initiator machine before it can be used. This process is exactly the same as partitioning and formatting any other drive on your system. You could use fdisk on the command line, for example, or you could take the easy route and use a graphical partitioning tool like GParted, which you can install through your distro’s package manager.

After launching GParted, you first need to select the remote drive from the dropdown list in the top-right of the main window. As with fdisk, the iSCSI drive looks exactly like a local drive, so you need to take special care to select the correct device. You can lose data from other drives permanently with GParted, so proceed with caution.

If you’re hooked up to your target drive you should be able to treat it like any locally connected module – including partitioning it.

With the remote drive selected, click on the large grey area in the middle of the window marked ‘unallocated’. This is the unpartitioned area on your remote drive. Click on ‘New’. By default GParted will use the entire disk, but you’re free to subdivide the remote drive in exactly the same way you would a local one if you prefer. Leave ‘Primary Partition’ selected, then select ‘ext4’ as the filesystem and give your drive a meaningful label before clicking ‘Add’. Click on ‘Apply’ to make the changes to the remote drive, and then simply sit back and wait while the formatting process finishes.

Now that the drive is correctly formatted and partitioned, it’s time to mount it onto the local filesystem so you can start reading and writing data to it. You can use the ‘mount’ command to attach the drive just as you would any other, but there’s one small difference that you have to consider whenever you use multiple iSCSI devices – they might not always have the same /dev path. The solution is to navigate to the device using the /dev/disk/by-path/ nodes, so you can be sure you’re getting the same disk every time.

If you type ls /dev/disk/by-path, for example, you can easily see which devices are using the IQN address. In our example, we mounted the remote drive onto the local /mnt/iscsi folder with the following commands:

mkdir /mnt/iscsi
mount /dev/disk/by-path/ip-192.168.1.61\:3260-iscsi-iqn.2010-01.com.example\:storage.disk2-lun-0-part1 /mnt/iscsi

You can now read and write files to the /mnt/iscsi mount point, and these are passed directly to the remote drive just as if they were connected using an extremely long SCSI cable.

iSCSI on NAS boxes

Two of the trickiest parts of using iSCSI are finding the hardware and configuring the Target machine, but luckily there may be another option if you have a Linux-based network-attached storage box. Many of these will offer up a chunk of the storage inside the box over an iSCSI connection, and you can usually activate and configure this facility with just a couple of clicks. Some of these will let multiple Initiators access a single target and enable you to add CHAP password authentication. Then it’s simply a case of running the iSCSI discovery procedure on your Initiator hardware. If you’ve chosen to use a password and username, you’ll need to run the ‘iscsiadm’ command on the Initiator to add those values to the configuration file for that Target. The command takes the following format:

iscsiadm -m node --targetname IQN --portal IP AND PORT OF TARGET --op=update --name node.session.auth.

You need to run this three times, changing the end parameters each time. With the first execution, add authmethod –value=CHAP to the authentication check. For the second, add username –value=username to specify the username for the connection, and for the third execution add password –value=password to specify the password.

Create a virtual hard drive

Many more technical distributions, such as Fedora, use logical volume management (LVM) for local storage and filesystems. One of the advantages of LVM is that you can shrink, expand and create partitions on the fly from the pool of storage on your machine. Logical volumes can be used for all sorts of tasks. Virtual machines often use them to keep data from the main system, and they’re handy if you enjoy playing with filesystems. They’re also useful if you want to try iSCSI, because you don’t need to have a spare hard drive – you just need the space within your logical volume pool.

The key to adding new virtual drives is the ‘lvcreate’ command. We used the following command to create a 10GB logical volume: lvcreate -L10G -n vdrive vg. This creates a volume called ‘vdrive’ in a volume group called ‘vg’. You’ll need to take a look in your /dev directory to discover the name of the logical volume group used by your installation. After creating the drive, it appears in the /dev volume tree just like any other device and you can share it across the iSCSI connection like a real hard drive.

Even without LVM, there are other options for dynamically shared storage. You could create an image file, for example, by typing dd if=/dev/zero of=/mnt/iscsi.img bs=1024k count=1000. The ‘count’ value is the size of the image, while ‘/mnt/iscsi.img’ is the file that’s created. You can use that path as the source for the iSCSI Target on the ‘Lun 0’ line in the ‘/etc/ietd.conf’ configuration file, and use it like a real partition.

Virtualisation

iSCSI is commonly used by cloud applications and the world of virtualisation. This is so you can access the same hard drive data regardless of where the virtual machine is running. If you’re in the market for a major, enterprise-grade virtualisation solution that uses iSCSI, take a look at VMware’s ESXi solution, which is available for free from www.vmware.com.

Boot options

If you want the Target iSCSI device to be available each time you boot the Initiator machine, you will need to add the remote device to the ‘/etc/fstab’ file. The quickest way to do this is to copy another line in the file and change the parameters to suit the iSCSI device. Make sure the path uses the ‘by-name’ format so that you can be sure you get the same drive at each boot.

Twitter has been the social-networking world’s flavour of the moment for quite some time, however it’s not without its issues.

Could anything be more dangerous to the modern celebrity than Twitter? The media has always been ready to pounce on famous personalities’ smallest mistakes, but Twitter lends its high-profile users a foghorn. If Jonathan Ross (@Wossy) wasn’t already in enough trouble for leaving lewd messages on Andrew Sachs’ answering machine, his antics on Twitter made him an even juicier tabloid target. “Utterly unwepentant” sniffed The Daily Mail after Ross wrote an update stating “Suspension is fun” on the micro-blogging service during the period that his shows were off-air. Another Mail headline branded the 49 year-old presenter “shameless” after he tweeted, “I am very polite in person. I’m just not great with answering machines.”

And Ross isn’t the only famous Twitter user to find themselves in hot water following a carelessly worded tweet. The BBC’s technology correspondent Rory Cellan-Jones (@ruskin147) was asked via Twitter why he chose to omit Wordscraper from a piece on Facebook’s word game applications. “’Cos i couldn’t be bothered!” came the reply. Cellan-Jones’s response was promptly republished on a blog along with the withering comment, “Years from now, when British journalism has finally breathed its last, this phrase will be engraved on its tombstone.”

However, Cellan-Jones seemed to be intrigued rather than embarrassed by the matter, using it as inspiration for a blog on the tricky business of working out what is and isn’t appropriate to say on social-networking sites. “My throwaway remark has been turned into the basis for an indictment of the whole of British journalism,” he commented. “[It’s] a useful reminder that Twitter – like so many other online forums – is a public place, and what you say there may be used in evidence against you.”

To tweet, to whom?

Most of the time, people don’t see danger coming. “Because it’s more immediate, people are perhaps thinking even less about what they do,” says Iain Connor, a partner at technology specialist law firm Pinsent Masons. Tweets might have a short shelf life, he argues, “but that’s not to say that sufficient damage can’t be done in a short period of time”.

One person who knows this better than most is basketball team owner Mark Cuban (@mcuban). Cuban owns the Dallas Mavericks and, after a game in March, he used Twitter to complain that an opposing player wasn’t whistled for a foul. “How do they not call a tech on JR Smith for coming off the bench to taunt our player on the ground?” he fumed. A few days later the NBA smacked him with a $25,000 fine. Still, the billionaire managed to see the funny side of his punishment, adding “Can’t say no one makes money from Twitter now,” as he paid up.

You may not be a celebrity, but the wrong words could find you out of a job, in hot water with friends or facing charges.

Mark Borkowski is a PR expert who has represented Michael Jackson, Eddie Izzard and Van Morrison. He says that Twitter is “dangerous for anybody”, but that it poses particular risks for stars. “You’re live all the time – no editing,” he says. “[What someone] thinks about in the nanosecond that they’re tweeting could become an enormous issue, and it’s global.” No stars seem to have been permanently damaged by mis-tweeting yet, but it’s possible, says Borkowski. “It depends what you say. If you make a racist or outrageous comment then it’s very difficult to come back from.”

Today’s headlines

Twitter isn’t all self-immolation on the part of celebrities, either. With the ability of tweets to spread like wildfire – first across Twitter itself and then across news websites worldwide – a hacked account spells disaster. “Britney has passed today,” said a tweet on Britney Spears’ account (@britneyspears) after it was hacked in June. Spears had more than two million followers at the time, meaning that the ‘news’ travelled fast. But this isn’t the first – or last – time that Spears’ account has been hacked. Mid-November saw her account spammed with updates telling the world that the singer had started worshipping Satan, and back in January followers were surprised to see this message from the star: “Hi y’all! Brit Brit here, just wanted to update you all on the size of my vagina. It’s about four feet wide with razor sharp teeth.” Perhaps Spears and her team need to take password security a little more seriously in future.

Twitter attempts to limit the potential damage done by celebrity impersonators by using Verified accounts. “That means we’ve been in contact with the person or entity the account is representing and verified that it is approved,” says the site. But what about the impersonators that Twitter knows exist, yet continue to post in the celebrity’s name?

Verified accounts were Twitter’s first push towards professional services. Commercial accounts are on the way.

“Twitter’s pretty poor at actually taking off fakes,” says Borkowski, but the amount of damage done by hackers is usually limited. Big social-networking sites are “incredibly reasonable” when it comes to removing objectionable content, according to lawyer Iain Connor. “They need to keep their credibility [and] they need to keep their trusted brand,” he says.

Verified accounts don’t mean safety for the celebrity, however: they simply confirm that it was probably the star who wrote the message. Without the usual filter of PR managers, talent agents or editors to prevent the publication of anything potentially damaging, such accounts are a dream for the media. Twitter is “a newswire direct from the celebrity” that newspapers turn into stories, confirms Borkowski.

Business as usual

But even if individual stars are at risk from Twitter, corporations should be safe, shouldn’t they? After all, “just about every organisation has a PR department now,” according to Managing Director of Racepoint PR, Blaise Hammond. Racepoint PR manages public relations for social media sites such as Digg, eHarmony and BlogHer.

The illusion that all companies tread carefully with new services such as Twitter was shattered in June, however, when furniture retailer Habitat (@habitatuk) attempted to cash in on the site. The store tweeted about deals it was offering, then attempted to give its tweets greater visibility by attaching unrelated hashtags (a hash symbol followed by a keyword that enables Twitter users to search for and follow a popular ‘trending topic’). “#Mousavi Join the database for free to win a £1,000 gift card” read one tweet, disastrously mixing the Iranian presidential candidate with a drive to sign people to its mailing list. “#iPhone Our totally desirable Spring collection now has 20% off!” read another.

Habitat acted swiftly to remove the offending tweets, but the damage was done. The story was picked up by mainstream news organisations such as Sky and the BBC, provoking outrage that the company was abusing the hashtag system and essentially spamming users. Habitat was quick to acknowledge its blunder and offered contrition. “We are treating this very seriously,” said the company. “We were shocked when we discovered what happened and are very sorry for the offence that was caused. This is totally against our communications strategy.”

Adding irrelevant hashtags to marketing tweets was “incredibly stupid”, according to Hammond. “It was very easy to find out, and they got found out straight away.” He says companies need to think carefully about how they tweet. “Thoughtlessness coupled with stupidity equals big impact,” he says. “Common sense is missing in so many cases.” Even when a company has a specific Twitter strategy, “more often than not it’s not as good as it could be because they just don’t think about it enough”.

Gun, foot, aim, fire

While Twitter clearly poses problems for high-profile Twitterers, it can be a threat to individuals as well. Few know this better than Connor Riley (@theconnor), a student at the University of California in Berkeley who was offered a summer internship last year by networking giant Cisco.

“Cisco just offered me a job! Now I have to weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work” she tweeted to her followers. But she soon regretted it. “Who is the hiring manager? I’m sure they would love to know that you will hate the work. We here at Cisco are versed in the web” tweeted Tim Levad, a services consultant at Cisco, in response. Before long, the story had hit MSNBC, The Los Angeles Times and hundreds of blogs worldwide. Riley now calls her misguided tweet “a stupid mistake”, and says that it was the result of treating Twitter like Facebook, where only your close friends are able to see what you say.

Mark Borkowski advises celebrities on how to manage their ‘brand’ through social media sites.

However, Iain Connor notes that “it’s perfectly legal” for companies to monitor what their employees are up to on social-networking sites. “As an employee you have a duty of good faith to your employer,” he says. “That duty of good faith extends not just to your nine to five.”

So what’s a Twitterer to do? “Don’t drink and tweet,” advises Borkowski. More importantly, don’t take it too seriously. Borkowski says social media refusniks are dying out. “Take it with a pinch of salt and it’s fun, it’s interesting, and you learn more,” he recommends. Just remember to think twice before you say anything that you wouldn’t want your mother – or your employer – to read.

When You use ‘sudo’ command it will ask for password in First time and will remember password for 15 minutes. It is a security hole for sensitive systems.
You can change sudo Password Remembering Time in Ubuntu .

Open a terminal and type
$ sudo visudo

In Ubuntu, visudo uses nano text editor, and what it does is edit the / etc / sudoers.tmp

Check for the line as shown below

Defaults        env_reset

Change it to

Defaults        env_reset , timestamp_timeout = X

Where X is the time that we remember the sudo password, if we put 0 (zero) that we always get the request.

Finally to save the changes, press Ctrl + X and said yes.