1009ea47eSEdward Tomasz Napierala.\" Copyright (c) 2012 The FreeBSD Foundation 2009ea47eSEdward Tomasz Napierala.\" All rights reserved. 3009ea47eSEdward Tomasz Napierala.\" 4009ea47eSEdward Tomasz Napierala.\" This software was developed by Edward Tomasz Napierala under sponsorship 5009ea47eSEdward Tomasz Napierala.\" from the FreeBSD Foundation. 6009ea47eSEdward Tomasz Napierala.\" 7009ea47eSEdward Tomasz Napierala.\" Redistribution and use in source and binary forms, with or without 8009ea47eSEdward Tomasz Napierala.\" modification, are permitted provided that the following conditions 9009ea47eSEdward Tomasz Napierala.\" are met: 10009ea47eSEdward Tomasz Napierala.\" 1. Redistributions of source code must retain the above copyright 11009ea47eSEdward Tomasz Napierala.\" notice, this list of conditions and the following disclaimer. 12009ea47eSEdward Tomasz Napierala.\" 2. Redistributions in binary form must reproduce the above copyright 13009ea47eSEdward Tomasz Napierala.\" notice, this list of conditions and the following disclaimer in the 14009ea47eSEdward Tomasz Napierala.\" documentation and/or other materials provided with the distribution. 15009ea47eSEdward Tomasz Napierala.\" 16009ea47eSEdward Tomasz Napierala.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17009ea47eSEdward Tomasz Napierala.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18009ea47eSEdward Tomasz Napierala.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19009ea47eSEdward Tomasz Napierala.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20009ea47eSEdward Tomasz Napierala.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21009ea47eSEdward Tomasz Napierala.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22009ea47eSEdward Tomasz Napierala.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23009ea47eSEdward Tomasz Napierala.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24009ea47eSEdward Tomasz Napierala.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25009ea47eSEdward Tomasz Napierala.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26009ea47eSEdward Tomasz Napierala.\" SUCH DAMAGE. 27009ea47eSEdward Tomasz Napierala.\" 28009ea47eSEdward Tomasz Napierala.\" $FreeBSD$ 29009ea47eSEdward Tomasz Napierala.\" 308cb2e958SEdward Tomasz Napierala.Dd February 11, 2014 31009ea47eSEdward Tomasz Napierala.Dt CTL.CONF 5 32009ea47eSEdward Tomasz Napierala.Os 33009ea47eSEdward Tomasz Napierala.Sh NAME 34009ea47eSEdward Tomasz Napierala.Nm ctl.conf 35009ea47eSEdward Tomasz Napierala.Nd CAM Target Layer / iSCSI target daemon configuration file 36009ea47eSEdward Tomasz Napierala.Sh DESCRIPTION 37009ea47eSEdward Tomasz NapieralaThe 38009ea47eSEdward Tomasz Napierala.Nm 39009ea47eSEdward Tomasz Napieralaconfiguration file is used by the 40009ea47eSEdward Tomasz Napierala.Xr ctld 8 41009ea47eSEdward Tomasz Napieraladaemon. 42009ea47eSEdward Tomasz NapieralaLines starting with 43009ea47eSEdward Tomasz Napierala.Ql # 44009ea47eSEdward Tomasz Napieralaand empty lines are interpreted as comments. 45009ea47eSEdward Tomasz NapieralaThe general syntax of the 46009ea47eSEdward Tomasz Napierala.Nm 47009ea47eSEdward Tomasz Napieralafile is: 48009ea47eSEdward Tomasz Napierala.Bd -literal -offset indent 49009ea47eSEdward Tomasz Napieralapidfile <path> 50009ea47eSEdward Tomasz Napierala 51009ea47eSEdward Tomasz Napieralaauth-group <name> { 52009ea47eSEdward Tomasz Napierala chap <user> <secret> 53009ea47eSEdward Tomasz Napierala ... 54009ea47eSEdward Tomasz Napierala} 55009ea47eSEdward Tomasz Napierala 56009ea47eSEdward Tomasz Napieralaportal-group <name> { 57009ea47eSEdward Tomasz Napierala listen <address> 58009ea47eSEdward Tomasz Napierala listen-iser <address> 59009ea47eSEdward Tomasz Napierala discovery-auth-group <name> 60009ea47eSEdward Tomasz Napierala ... 61009ea47eSEdward Tomasz Napierala} 62009ea47eSEdward Tomasz Napierala 63009ea47eSEdward Tomasz Napieralatarget <name> { 64009ea47eSEdward Tomasz Napierala auth-group <name> 65009ea47eSEdward Tomasz Napierala portal-group <name> 66009ea47eSEdward Tomasz Napierala lun <number> { 67009ea47eSEdward Tomasz Napierala path <path> 68009ea47eSEdward Tomasz Napierala } 69009ea47eSEdward Tomasz Napierala ... 70009ea47eSEdward Tomasz Napierala} 71009ea47eSEdward Tomasz Napierala.Ed 72009ea47eSEdward Tomasz Napierala.Ss global level 73009ea47eSEdward Tomasz NapieralaThe following statements are available at the global level: 74009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 75009ea47eSEdward Tomasz Napierala.It Ic auth-group Aq Ar name 76009ea47eSEdward Tomasz NapieralaOpens an auth-group section, defining an authentication group, 77009ea47eSEdward Tomasz Napieralawhich can then be assigned to any number of targets. 78009ea47eSEdward Tomasz Napierala.It Ic debug Aq Ar level 79009ea47eSEdward Tomasz NapieralaSpecifies debug level. 80009ea47eSEdward Tomasz NapieralaThe default is 0. 81009ea47eSEdward Tomasz Napierala.It Ic maxproc Aq Ar number 82009ea47eSEdward Tomasz NapieralaSpecifies limit for concurrently running child processes handling 83009ea47eSEdward Tomasz Napieralaincoming connections. 84009ea47eSEdward Tomasz NapieralaThe default is 30. 85009ea47eSEdward Tomasz NapieralaSetting it to 0 disables the limit. 86009ea47eSEdward Tomasz Napierala.It Ic pidfile Aq Ar path 87009ea47eSEdward Tomasz NapieralaSpecifies path to pidfile. 88009ea47eSEdward Tomasz NapieralaThe default is 89009ea47eSEdward Tomasz Napierala.Pa /var/run/ctld.pid . 90009ea47eSEdward Tomasz Napierala.It Ic portal-group Aq Ar name 91009ea47eSEdward Tomasz NapieralaOpens a portal-group section, defining a portal group, 92009ea47eSEdward Tomasz Napieralawhich can then be assigned to any number of targets. 93009ea47eSEdward Tomasz Napierala.It Ic target Aq Ar name 94009ea47eSEdward Tomasz NapieralaOpens a target configuration section. 95009ea47eSEdward Tomasz Napierala.It Ic timeout Aq Ar seconds 96009ea47eSEdward Tomasz NapieralaSpecifies timeout for login session, after which the connection 97009ea47eSEdward Tomasz Napieralawill be forcibly terminated. 98009ea47eSEdward Tomasz NapieralaThe default is 60. 99009ea47eSEdward Tomasz NapieralaSetting it to 0 disables the timeout. 100009ea47eSEdward Tomasz Napierala.El 101c095756fSEdward Tomasz Napierala.Ss auth-group level 102009ea47eSEdward Tomasz NapieralaThe following statements are available at the auth-group level: 103009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 104df9900fbSEdward Tomasz Napierala.It Ic auth-type Ao Ar type Ac 105df9900fbSEdward Tomasz NapieralaSpecifies authentication type. 106df9900fbSEdward Tomasz NapieralaType can be either "none", "chap", or "chap-mutual". 107df9900fbSEdward Tomasz NapieralaIn most cases it is not neccessary to set the type using this clause; 108df9900fbSEdward Tomasz Napieralait is usually used to disable authentication for a given auth-group. 109009ea47eSEdward Tomasz Napierala.It Ic chap Ao Ar user Ac Aq Ar secret 110009ea47eSEdward Tomasz NapieralaSpecifies CHAP authentication credentials. 111009ea47eSEdward Tomasz Napierala.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 112009ea47eSEdward Tomasz NapieralaSpecifies mutual CHAP authentication credentials. 113009ea47eSEdward Tomasz NapieralaNote that for any auth-group, configuration may contain either chap, 114009ea47eSEdward Tomasz Napieralaor chap-mutual entries; it's an error to mix them. 1158cb2e958SEdward Tomasz Napierala.It Ic initiator-name Ao Ar initiator-name Ac 1168cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator name. 1178cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1188cb2e958SEdward Tomasz Napieralaname. 1198cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with names matching one of defined 1208cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 1218cb2e958SEdward Tomasz Napierala.It Ic initiator-portal Ao Ar address Ac 1228cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator portal - IPv4 or IPv6 address. 1238cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1248cb2e958SEdward Tomasz Napieralaaddress. 1258cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with addresses matching one of defined 1268cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 127009ea47eSEdward Tomasz Napierala.El 128009ea47eSEdward Tomasz Napierala.Ss portal-group level 129009ea47eSEdward Tomasz NapieralaThe following statements are available at the portal-group level: 130009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 131009ea47eSEdward Tomasz Napierala.It Ic discovery-auth-group Aq Ar name 132009ea47eSEdward Tomasz NapieralaAssigns previously defined authentication group to that portal group, 133009ea47eSEdward Tomasz Napieralato be used for target discovery. 134009ea47eSEdward Tomasz NapieralaBy default, the discovery will be denied. 135009ea47eSEdward Tomasz NapieralaA special auth-group, "no-authentication", may be used to allow for discovery 136009ea47eSEdward Tomasz Napieralawithout authentication. 137009ea47eSEdward Tomasz Napierala.It Ic listen Aq Ar address 138009ea47eSEdward Tomasz NapieralaSpecifies IPv4 or IPv6 address and port to listen on for incoming connections. 139009ea47eSEdward Tomasz Napierala.It Ic listen-iser Aq Ar address 140009ea47eSEdward Tomasz NapieralaSpecifies IPv4 or IPv6 address and port to listen on for incoming connections 141009ea47eSEdward Tomasz Napieralausing iSER (iSCSI over RDMA) protocol. 142009ea47eSEdward Tomasz Napierala.El 143009ea47eSEdward Tomasz Napierala.Ss target level: 144009ea47eSEdward Tomasz NapieralaThe following statements are available at the target level: 145009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 146009ea47eSEdward Tomasz Napierala.It Ic alias Aq Ar text 147009ea47eSEdward Tomasz NapieralaAssigns human-readable description to that target. 148009ea47eSEdward Tomasz NapieralaThere is no default. 149009ea47eSEdward Tomasz Napierala.It Ic auth-group Aq Ar name 150009ea47eSEdward Tomasz NapieralaAssigns previously defined authentication group to that target. 151*affb88f5SEdward Tomasz NapieralaBy default, targets that do not specify their own auth settings, 152*affb88f5SEdward Tomasz Napieralausing clauses such as "chap" or "initiator-name", are assigned 153*affb88f5SEdward Tomasz Napieralapredefined auth-group "default", which denies all access. 154*affb88f5SEdward Tomasz NapieralaAnother predefined auth-group, "no-authentication", may be used to permit access 155009ea47eSEdward Tomasz Napieralawithout authentication. 156df9900fbSEdward Tomasz Napierala.It Ic auth-type Ao Ar type Ac 157df9900fbSEdward Tomasz NapieralaSpecifies authentication type. 158df9900fbSEdward Tomasz NapieralaType can be either "none", "chap", or "chap-mutual". 159df9900fbSEdward Tomasz NapieralaIn most cases it is not neccessary to set the type using this clause; 160df9900fbSEdward Tomasz Napieralait is usually used to disable authentication for a given target. 161df9900fbSEdward Tomasz NapieralaThis clause is mutually exclusive with auth-group; one cannot use 162df9900fbSEdward Tomasz Napieralaboth in a single target. 163009ea47eSEdward Tomasz Napierala.It Ic chap Ao Ar user Ac Aq Ar secret 164009ea47eSEdward Tomasz NapieralaSpecifies CHAP authentication credentials. 165009ea47eSEdward Tomasz NapieralaNote that targets must use either auth-group, or chap, 166009ea47eSEdward Tomasz Napieralaor chap-mutual clauses; it's a configuration error to mix them in one target. 167009ea47eSEdward Tomasz Napierala.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 168009ea47eSEdward Tomasz NapieralaSpecifies mutual CHAP authentication credentials. 1695292c670SEdward Tomasz NapieralaNote that targets must use either auth-group, chap, or 170009ea47eSEdward Tomasz Napieralachap-mutual clauses; it's a configuration error to mix them in one target. 1718cb2e958SEdward Tomasz Napierala.It Ic initiator-name Ao Ar initiator-name Ac 1728cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator name. 1738cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1748cb2e958SEdward Tomasz Napieralaname. 1758cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with names matching one of defined 1768cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 1778cb2e958SEdward Tomasz NapieralaThis clause is mutually exclusive with auth-group; one cannot use 1788cb2e958SEdward Tomasz Napieralaboth in a single target. 1798cb2e958SEdward Tomasz Napierala.It Ic initiator-portal Ao Ar address Ac 1808cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator portal - IPv4 or IPv6 address. 1818cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1828cb2e958SEdward Tomasz Napieralaaddress. 1838cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with addresses matching one of defined 1848cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 1858cb2e958SEdward Tomasz NapieralaThis clause is mutually exclusive with auth-group; one cannot use 1868cb2e958SEdward Tomasz Napieralaboth in a single target. 187009ea47eSEdward Tomasz Napierala.It Ic portal-group Aq Ar name 188009ea47eSEdward Tomasz NapieralaAssigns previously defined portal group to that target. 189009ea47eSEdward Tomasz NapieralaDefault portal group is "default", which makes the target available 190009ea47eSEdward Tomasz Napieralaon TCP port 3260 on all configured IPv4 and IPv6 addresses. 191009ea47eSEdward Tomasz Napierala.It Ic lun Aq Ar number 192009ea47eSEdward Tomasz NapieralaOpens a lun configuration section, defining LUN exported by a target. 193009ea47eSEdward Tomasz Napierala.El 194009ea47eSEdward Tomasz Napierala.Ss lun level 195009ea47eSEdward Tomasz NapieralaThe following statements are available at the lun level: 196009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 197009ea47eSEdward Tomasz Napierala.It Ic backend Ao Ar block | Ar ramdisk Ac 198009ea47eSEdward Tomasz NapieralaSpecifies the CTL backend to use for a given LUN. 199009ea47eSEdward Tomasz NapieralaValid choices are 200009ea47eSEdward Tomasz Napierala.Dq block 201009ea47eSEdward Tomasz Napieralaand 202009ea47eSEdward Tomasz Napierala.Dq ramdisk ; 203009ea47eSEdward Tomasz Napieralablock is used for LUNs backed 204009ea47eSEdward Tomasz Napieralaby files in the filesystem; ramdisk is a bitsink device, used mostly for 205009ea47eSEdward Tomasz Napieralatesting. 206009ea47eSEdward Tomasz NapieralaThe default backend is block. 207009ea47eSEdward Tomasz Napierala.It Ic blocksize Aq Ar size 208009ea47eSEdward Tomasz NapieralaSpecifies blocksize visible to the initiator. 209009ea47eSEdward Tomasz NapieralaThe default blocksize is 512. 210009ea47eSEdward Tomasz Napierala.It Ic device-id Aq Ar string 211009ea47eSEdward Tomasz NapieralaSpecifies SCSI Device Identification string presented to the initiator. 212009ea47eSEdward Tomasz Napierala.It Ic option Ao Ar name Ac Aq Ar value 213009ea47eSEdward Tomasz NapieralaSpecifies CTL-specific options passed to the kernel. 214009ea47eSEdward Tomasz Napierala.It Ic path Aq Ar path 215009ea47eSEdward Tomasz NapieralaSpecifies path to file used to back the LUN. 216009ea47eSEdward Tomasz Napierala.It Ic serial Aq Ar string 217009ea47eSEdward Tomasz NapieralaSpecifies SCSI serial number presented to the initiator. 218009ea47eSEdward Tomasz Napierala.It Ic size Aq Ar size 219009ea47eSEdward Tomasz NapieralaSpecifies LUN size, in bytes. 220009ea47eSEdward Tomasz Napierala.El 221009ea47eSEdward Tomasz Napierala.Sh FILES 222009ea47eSEdward Tomasz Napierala.Bl -tag -width ".Pa /etc/ctl.conf" -compact 223009ea47eSEdward Tomasz Napierala.It Pa /etc/ctl.conf 224009ea47eSEdward Tomasz NapieralaThe default location of the 225009ea47eSEdward Tomasz Napierala.Xr ctld 8 226009ea47eSEdward Tomasz Napieralaconfiguration file. 227009ea47eSEdward Tomasz Napierala.El 228009ea47eSEdward Tomasz Napierala.Sh EXAMPLES 229009ea47eSEdward Tomasz Napierala.Bd -literal 230009ea47eSEdward Tomasz Napieralapidfile /var/run/ctld.pid 231009ea47eSEdward Tomasz Napierala 232009ea47eSEdward Tomasz Napieralaauth-group example2 { 233009ea47eSEdward Tomasz Napierala chap-mutual "user" "secret" "mutualuser" "mutualsecret" 234009ea47eSEdward Tomasz Napierala chap-mutual "user2" "secret2" "mutualuser" "mutualsecret" 235009ea47eSEdward Tomasz Napierala} 236009ea47eSEdward Tomasz Napierala 237009ea47eSEdward Tomasz Napieralaportal-group example2 { 238009ea47eSEdward Tomasz Napierala discovery-auth-group no-authentication 239009ea47eSEdward Tomasz Napierala listen 127.0.0.1 240009ea47eSEdward Tomasz Napierala listen 0.0.0.0:3261 241009ea47eSEdward Tomasz Napierala listen [::]:3261 242009ea47eSEdward Tomasz Napierala listen [fe80::be:ef] 243009ea47eSEdward Tomasz Napierala} 244009ea47eSEdward Tomasz Napierala 245009ea47eSEdward Tomasz Napieralatarget iqn.2012-06.com.example:target0 { 246009ea47eSEdward Tomasz Napierala alias "Testing target" 247009ea47eSEdward Tomasz Napierala auth-group no-authentication 248009ea47eSEdward Tomasz Napierala lun 0 { 249009ea47eSEdward Tomasz Napierala path /dev/zvol/example_0 250009ea47eSEdward Tomasz Napierala blocksize 4096 251009ea47eSEdward Tomasz Napierala size 4G 252009ea47eSEdward Tomasz Napierala } 253009ea47eSEdward Tomasz Napierala} 254009ea47eSEdward Tomasz Napierala 255009ea47eSEdward Tomasz Napieralatarget iqn.2012-06.com.example:target3 { 256009ea47eSEdward Tomasz Napierala chap chapuser chapsecret 257009ea47eSEdward Tomasz Napierala lun 0 { 258009ea47eSEdward Tomasz Napierala path /dev/zvol/example_3 259009ea47eSEdward Tomasz Napierala } 260009ea47eSEdward Tomasz Napierala} 261009ea47eSEdward Tomasz Napierala 262009ea47eSEdward Tomasz Napieralatarget iqn.2012-06.com.example:target2 { 263009ea47eSEdward Tomasz Napierala auth-group example2 264009ea47eSEdward Tomasz Napierala portal-group example2 265009ea47eSEdward Tomasz Napierala lun 0 { 266009ea47eSEdward Tomasz Napierala path /dev/zvol/example2_0 267009ea47eSEdward Tomasz Napierala } 268009ea47eSEdward Tomasz Napierala lun 1 { 269009ea47eSEdward Tomasz Napierala path /dev/zvol/example2_1 270009ea47eSEdward Tomasz Napierala option foo bar 271009ea47eSEdward Tomasz Napierala } 272009ea47eSEdward Tomasz Napierala} 273009ea47eSEdward Tomasz Napierala.Ed 274009ea47eSEdward Tomasz Napierala.Sh SEE ALSO 275009ea47eSEdward Tomasz Napierala.Xr ctl 4 , 276009ea47eSEdward Tomasz Napierala.Xr ctladm 8 , 277009ea47eSEdward Tomasz Napierala.Xr ctld 8 278009ea47eSEdward Tomasz Napierala.Sh AUTHORS 279009ea47eSEdward Tomasz NapieralaThe 280009ea47eSEdward Tomasz Napierala.Nm 281009ea47eSEdward Tomasz Napieralaconfiguration file functionality for 282009ea47eSEdward Tomasz Napierala.Xr ctld 8 283009ea47eSEdward Tomasz Napieralawas developed by 284009ea47eSEdward Tomasz Napierala.An Edward Tomasz Napierala Aq trasz@FreeBSD.org 285009ea47eSEdward Tomasz Napieralaunder sponsorship from the FreeBSD Foundation. 286