1.\" Copyright (c) 2012 The FreeBSD Foundation 2.\" All rights reserved. 3.\" 4.\" This software was developed by Edward Tomasz Napierala under sponsorship 5.\" from the FreeBSD Foundation. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\"
| 1.\" Copyright (c) 2012 The FreeBSD Foundation 2.\" All rights reserved. 3.\" 4.\" This software was developed by Edward Tomasz Napierala under sponsorship 5.\" from the FreeBSD Foundation. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\"
|
28.\" $FreeBSD: stable/10/usr.sbin/ctld/ctl.conf.5 263720 2014-03-25 12:01:55Z trasz $
| 28.\" $FreeBSD: stable/10/usr.sbin/ctld/ctl.conf.5 263724 2014-03-25 12:12:37Z trasz $
|
29.\" 30.Dd February 11, 2014 31.Dt CTL.CONF 5 32.Os 33.Sh NAME 34.Nm ctl.conf 35.Nd CAM Target Layer / iSCSI target daemon configuration file 36.Sh DESCRIPTION 37The 38.Nm 39configuration file is used by the 40.Xr ctld 8 41daemon. 42Lines starting with 43.Ql # 44and empty lines are interpreted as comments. 45The general syntax of the 46.Nm 47file is: 48.Bd -literal -offset indent 49pidfile <path> 50 51auth-group <name> { 52 chap <user> <secret> 53 ... 54} 55 56portal-group <name> { 57 listen <address> 58 listen-iser <address> 59 discovery-auth-group <name> 60 ... 61} 62 63target <name> { 64 auth-group <name> 65 portal-group <name> 66 lun <number> { 67 path <path> 68 } 69 ... 70} 71.Ed 72.Ss global level 73The following statements are available at the global level: 74.Bl -tag -width indent 75.It Ic auth-group Aq Ar name 76Opens an auth-group section, defining an authentication group, 77which can then be assigned to any number of targets. 78.It Ic debug Aq Ar level 79Specifies debug level. 80The default is 0. 81.It Ic maxproc Aq Ar number 82Specifies limit for concurrently running child processes handling 83incoming connections. 84The default is 30. 85Setting it to 0 disables the limit. 86.It Ic pidfile Aq Ar path 87Specifies path to pidfile. 88The default is 89.Pa /var/run/ctld.pid . 90.It Ic portal-group Aq Ar name 91Opens a portal-group section, defining a portal group, 92which can then be assigned to any number of targets. 93.It Ic target Aq Ar name 94Opens a target configuration section. 95.It Ic timeout Aq Ar seconds 96Specifies timeout for login session, after which the connection 97will be forcibly terminated. 98The default is 60. 99Setting it to 0 disables the timeout. 100.El 101.Ss auth-group level 102The following statements are available at the auth-group level: 103.Bl -tag -width indent
| 29.\" 30.Dd February 11, 2014 31.Dt CTL.CONF 5 32.Os 33.Sh NAME 34.Nm ctl.conf 35.Nd CAM Target Layer / iSCSI target daemon configuration file 36.Sh DESCRIPTION 37The 38.Nm 39configuration file is used by the 40.Xr ctld 8 41daemon. 42Lines starting with 43.Ql # 44and empty lines are interpreted as comments. 45The general syntax of the 46.Nm 47file is: 48.Bd -literal -offset indent 49pidfile <path> 50 51auth-group <name> { 52 chap <user> <secret> 53 ... 54} 55 56portal-group <name> { 57 listen <address> 58 listen-iser <address> 59 discovery-auth-group <name> 60 ... 61} 62 63target <name> { 64 auth-group <name> 65 portal-group <name> 66 lun <number> { 67 path <path> 68 } 69 ... 70} 71.Ed 72.Ss global level 73The following statements are available at the global level: 74.Bl -tag -width indent 75.It Ic auth-group Aq Ar name 76Opens an auth-group section, defining an authentication group, 77which can then be assigned to any number of targets. 78.It Ic debug Aq Ar level 79Specifies debug level. 80The default is 0. 81.It Ic maxproc Aq Ar number 82Specifies limit for concurrently running child processes handling 83incoming connections. 84The default is 30. 85Setting it to 0 disables the limit. 86.It Ic pidfile Aq Ar path 87Specifies path to pidfile. 88The default is 89.Pa /var/run/ctld.pid . 90.It Ic portal-group Aq Ar name 91Opens a portal-group section, defining a portal group, 92which can then be assigned to any number of targets. 93.It Ic target Aq Ar name 94Opens a target configuration section. 95.It Ic timeout Aq Ar seconds 96Specifies timeout for login session, after which the connection 97will be forcibly terminated. 98The default is 60. 99Setting it to 0 disables the timeout. 100.El 101.Ss auth-group level 102The following statements are available at the auth-group level: 103.Bl -tag -width indent
|
| 104.It Ic auth-type Ao Ar type Ac 105Specifies authentication type. 106Type can be either "none", "chap", or "chap-mutual". 107In most cases it is not neccessary to set the type using this clause; 108it is usually used to disable authentication for a given auth-group.
|
104.It Ic chap Ao Ar user Ac Aq Ar secret 105Specifies CHAP authentication credentials. 106.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 107Specifies mutual CHAP authentication credentials. 108Note that for any auth-group, configuration may contain either chap, 109or chap-mutual entries; it's an error to mix them. 110.It Ic initiator-name Ao Ar initiator-name Ac 111Specifies iSCSI initiator name. 112If not defined, there will be no restrictions based on initiator 113name. 114Otherwise, only initiators with names matching one of defined 115ones will be allowed to connect. 116.It Ic initiator-portal Ao Ar address Ac 117Specifies iSCSI initiator portal - IPv4 or IPv6 address. 118If not defined, there will be no restrictions based on initiator 119address. 120Otherwise, only initiators with addresses matching one of defined 121ones will be allowed to connect. 122.El 123.Ss portal-group level 124The following statements are available at the portal-group level: 125.Bl -tag -width indent 126.It Ic discovery-auth-group Aq Ar name 127Assigns previously defined authentication group to that portal group, 128to be used for target discovery. 129By default, the discovery will be denied. 130A special auth-group, "no-authentication", may be used to allow for discovery 131without authentication. 132.It Ic listen Aq Ar address 133Specifies IPv4 or IPv6 address and port to listen on for incoming connections. 134.It Ic listen-iser Aq Ar address 135Specifies IPv4 or IPv6 address and port to listen on for incoming connections 136using iSER (iSCSI over RDMA) protocol. 137.El 138.Ss target level: 139The following statements are available at the target level: 140.Bl -tag -width indent 141.It Ic alias Aq Ar text 142Assigns human-readable description to that target. 143There is no default. 144.It Ic auth-group Aq Ar name 145Assigns previously defined authentication group to that target. 146There is no default; every target must use either auth-group, 147or chap, or chap-mutual statements. 148A special auth-group, "no-authentication", may be used to permit access 149without authentication.
| 109.It Ic chap Ao Ar user Ac Aq Ar secret 110Specifies CHAP authentication credentials. 111.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 112Specifies mutual CHAP authentication credentials. 113Note that for any auth-group, configuration may contain either chap, 114or chap-mutual entries; it's an error to mix them. 115.It Ic initiator-name Ao Ar initiator-name Ac 116Specifies iSCSI initiator name. 117If not defined, there will be no restrictions based on initiator 118name. 119Otherwise, only initiators with names matching one of defined 120ones will be allowed to connect. 121.It Ic initiator-portal Ao Ar address Ac 122Specifies iSCSI initiator portal - IPv4 or IPv6 address. 123If not defined, there will be no restrictions based on initiator 124address. 125Otherwise, only initiators with addresses matching one of defined 126ones will be allowed to connect. 127.El 128.Ss portal-group level 129The following statements are available at the portal-group level: 130.Bl -tag -width indent 131.It Ic discovery-auth-group Aq Ar name 132Assigns previously defined authentication group to that portal group, 133to be used for target discovery. 134By default, the discovery will be denied. 135A special auth-group, "no-authentication", may be used to allow for discovery 136without authentication. 137.It Ic listen Aq Ar address 138Specifies IPv4 or IPv6 address and port to listen on for incoming connections. 139.It Ic listen-iser Aq Ar address 140Specifies IPv4 or IPv6 address and port to listen on for incoming connections 141using iSER (iSCSI over RDMA) protocol. 142.El 143.Ss target level: 144The following statements are available at the target level: 145.Bl -tag -width indent 146.It Ic alias Aq Ar text 147Assigns human-readable description to that target. 148There is no default. 149.It Ic auth-group Aq Ar name 150Assigns previously defined authentication group to that target. 151There is no default; every target must use either auth-group, 152or chap, or chap-mutual statements. 153A special auth-group, "no-authentication", may be used to permit access 154without authentication.
|
| 155.It Ic auth-type Ao Ar type Ac 156Specifies authentication type. 157Type can be either "none", "chap", or "chap-mutual". 158In most cases it is not neccessary to set the type using this clause; 159it is usually used to disable authentication for a given target. 160This clause is mutually exclusive with auth-group; one cannot use 161both in a single target.
|
150.It Ic chap Ao Ar user Ac Aq Ar secret 151Specifies CHAP authentication credentials. 152Note that targets must use either auth-group, or chap, 153or chap-mutual clauses; it's a configuration error to mix them in one target. 154.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 155Specifies mutual CHAP authentication credentials. 156Note that targets must use either auth-group, chap, or 157chap-mutual clauses; it's a configuration error to mix them in one target. 158.It Ic initiator-name Ao Ar initiator-name Ac 159Specifies iSCSI initiator name. 160If not defined, there will be no restrictions based on initiator 161name. 162Otherwise, only initiators with names matching one of defined 163ones will be allowed to connect. 164This clause is mutually exclusive with auth-group; one cannot use 165both in a single target. 166.It Ic initiator-portal Ao Ar address Ac 167Specifies iSCSI initiator portal - IPv4 or IPv6 address. 168If not defined, there will be no restrictions based on initiator 169address. 170Otherwise, only initiators with addresses matching one of defined 171ones will be allowed to connect. 172This clause is mutually exclusive with auth-group; one cannot use 173both in a single target. 174.It Ic portal-group Aq Ar name 175Assigns previously defined portal group to that target. 176Default portal group is "default", which makes the target available 177on TCP port 3260 on all configured IPv4 and IPv6 addresses. 178.It Ic lun Aq Ar number 179Opens a lun configuration section, defining LUN exported by a target. 180.El 181.Ss lun level 182The following statements are available at the lun level: 183.Bl -tag -width indent 184.It Ic backend Ao Ar block | Ar ramdisk Ac 185Specifies the CTL backend to use for a given LUN. 186Valid choices are 187.Dq block 188and 189.Dq ramdisk ; 190block is used for LUNs backed 191by files in the filesystem; ramdisk is a bitsink device, used mostly for 192testing. 193The default backend is block. 194.It Ic blocksize Aq Ar size 195Specifies blocksize visible to the initiator. 196The default blocksize is 512. 197.It Ic device-id Aq Ar string 198Specifies SCSI Device Identification string presented to the initiator. 199.It Ic option Ao Ar name Ac Aq Ar value 200Specifies CTL-specific options passed to the kernel. 201.It Ic path Aq Ar path 202Specifies path to file used to back the LUN. 203.It Ic serial Aq Ar string 204Specifies SCSI serial number presented to the initiator. 205.It Ic size Aq Ar size 206Specifies LUN size, in bytes. 207.El 208.Sh FILES 209.Bl -tag -width ".Pa /etc/ctl.conf" -compact 210.It Pa /etc/ctl.conf 211The default location of the 212.Xr ctld 8 213configuration file. 214.El 215.Sh EXAMPLES 216.Bd -literal 217pidfile /var/run/ctld.pid 218 219auth-group example2 { 220 chap-mutual "user" "secret" "mutualuser" "mutualsecret" 221 chap-mutual "user2" "secret2" "mutualuser" "mutualsecret" 222} 223 224portal-group example2 { 225 discovery-auth-group no-authentication 226 listen 127.0.0.1 227 listen 0.0.0.0:3261 228 listen [::]:3261 229 listen [fe80::be:ef] 230} 231 232target iqn.2012-06.com.example:target0 { 233 alias "Testing target" 234 auth-group no-authentication 235 lun 0 { 236 path /dev/zvol/example_0 237 blocksize 4096 238 size 4G 239 } 240} 241 242target iqn.2012-06.com.example:target3 { 243 chap chapuser chapsecret 244 lun 0 { 245 path /dev/zvol/example_3 246 } 247} 248 249target iqn.2012-06.com.example:target2 { 250 auth-group example2 251 portal-group example2 252 lun 0 { 253 path /dev/zvol/example2_0 254 } 255 lun 1 { 256 path /dev/zvol/example2_1 257 option foo bar 258 } 259} 260.Ed 261.Sh SEE ALSO 262.Xr ctl 4 , 263.Xr ctladm 8 , 264.Xr ctld 8 265.Sh AUTHORS 266The 267.Nm 268configuration file functionality for 269.Xr ctld 8 270was developed by 271.An Edward Tomasz Napierala Aq trasz@FreeBSD.org 272under sponsorship from the FreeBSD Foundation.
| 162.It Ic chap Ao Ar user Ac Aq Ar secret 163Specifies CHAP authentication credentials. 164Note that targets must use either auth-group, or chap, 165or chap-mutual clauses; it's a configuration error to mix them in one target. 166.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 167Specifies mutual CHAP authentication credentials. 168Note that targets must use either auth-group, chap, or 169chap-mutual clauses; it's a configuration error to mix them in one target. 170.It Ic initiator-name Ao Ar initiator-name Ac 171Specifies iSCSI initiator name. 172If not defined, there will be no restrictions based on initiator 173name. 174Otherwise, only initiators with names matching one of defined 175ones will be allowed to connect. 176This clause is mutually exclusive with auth-group; one cannot use 177both in a single target. 178.It Ic initiator-portal Ao Ar address Ac 179Specifies iSCSI initiator portal - IPv4 or IPv6 address. 180If not defined, there will be no restrictions based on initiator 181address. 182Otherwise, only initiators with addresses matching one of defined 183ones will be allowed to connect. 184This clause is mutually exclusive with auth-group; one cannot use 185both in a single target. 186.It Ic portal-group Aq Ar name 187Assigns previously defined portal group to that target. 188Default portal group is "default", which makes the target available 189on TCP port 3260 on all configured IPv4 and IPv6 addresses. 190.It Ic lun Aq Ar number 191Opens a lun configuration section, defining LUN exported by a target. 192.El 193.Ss lun level 194The following statements are available at the lun level: 195.Bl -tag -width indent 196.It Ic backend Ao Ar block | Ar ramdisk Ac 197Specifies the CTL backend to use for a given LUN. 198Valid choices are 199.Dq block 200and 201.Dq ramdisk ; 202block is used for LUNs backed 203by files in the filesystem; ramdisk is a bitsink device, used mostly for 204testing. 205The default backend is block. 206.It Ic blocksize Aq Ar size 207Specifies blocksize visible to the initiator. 208The default blocksize is 512. 209.It Ic device-id Aq Ar string 210Specifies SCSI Device Identification string presented to the initiator. 211.It Ic option Ao Ar name Ac Aq Ar value 212Specifies CTL-specific options passed to the kernel. 213.It Ic path Aq Ar path 214Specifies path to file used to back the LUN. 215.It Ic serial Aq Ar string 216Specifies SCSI serial number presented to the initiator. 217.It Ic size Aq Ar size 218Specifies LUN size, in bytes. 219.El 220.Sh FILES 221.Bl -tag -width ".Pa /etc/ctl.conf" -compact 222.It Pa /etc/ctl.conf 223The default location of the 224.Xr ctld 8 225configuration file. 226.El 227.Sh EXAMPLES 228.Bd -literal 229pidfile /var/run/ctld.pid 230 231auth-group example2 { 232 chap-mutual "user" "secret" "mutualuser" "mutualsecret" 233 chap-mutual "user2" "secret2" "mutualuser" "mutualsecret" 234} 235 236portal-group example2 { 237 discovery-auth-group no-authentication 238 listen 127.0.0.1 239 listen 0.0.0.0:3261 240 listen [::]:3261 241 listen [fe80::be:ef] 242} 243 244target iqn.2012-06.com.example:target0 { 245 alias "Testing target" 246 auth-group no-authentication 247 lun 0 { 248 path /dev/zvol/example_0 249 blocksize 4096 250 size 4G 251 } 252} 253 254target iqn.2012-06.com.example:target3 { 255 chap chapuser chapsecret 256 lun 0 { 257 path /dev/zvol/example_3 258 } 259} 260 261target iqn.2012-06.com.example:target2 { 262 auth-group example2 263 portal-group example2 264 lun 0 { 265 path /dev/zvol/example2_0 266 } 267 lun 1 { 268 path /dev/zvol/example2_1 269 option foo bar 270 } 271} 272.Ed 273.Sh SEE ALSO 274.Xr ctl 4 , 275.Xr ctladm 8 , 276.Xr ctld 8 277.Sh AUTHORS 278The 279.Nm 280configuration file functionality for 281.Xr ctld 8 282was developed by 283.An Edward Tomasz Napierala Aq trasz@FreeBSD.org 284under sponsorship from the FreeBSD Foundation.
|