1009ea47eSEdward Tomasz Napierala.\" Copyright (c) 2012 The FreeBSD Foundation 2009ea47eSEdward Tomasz Napierala.\" All rights reserved. 3009ea47eSEdward Tomasz Napierala.\" 4009ea47eSEdward Tomasz Napierala.\" This software was developed by Edward Tomasz Napierala under sponsorship 5009ea47eSEdward Tomasz Napierala.\" from the FreeBSD Foundation. 6009ea47eSEdward Tomasz Napierala.\" 7009ea47eSEdward Tomasz Napierala.\" Redistribution and use in source and binary forms, with or without 8009ea47eSEdward Tomasz Napierala.\" modification, are permitted provided that the following conditions 9009ea47eSEdward Tomasz Napierala.\" are met: 10009ea47eSEdward Tomasz Napierala.\" 1. Redistributions of source code must retain the above copyright 11009ea47eSEdward Tomasz Napierala.\" notice, this list of conditions and the following disclaimer. 12009ea47eSEdward Tomasz Napierala.\" 2. Redistributions in binary form must reproduce the above copyright 13009ea47eSEdward Tomasz Napierala.\" notice, this list of conditions and the following disclaimer in the 14009ea47eSEdward Tomasz Napierala.\" documentation and/or other materials provided with the distribution. 15009ea47eSEdward Tomasz Napierala.\" 16009ea47eSEdward Tomasz Napierala.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17009ea47eSEdward Tomasz Napierala.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18009ea47eSEdward Tomasz Napierala.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19009ea47eSEdward Tomasz Napierala.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20009ea47eSEdward Tomasz Napierala.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21009ea47eSEdward Tomasz Napierala.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22009ea47eSEdward Tomasz Napierala.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23009ea47eSEdward Tomasz Napierala.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24009ea47eSEdward Tomasz Napierala.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25009ea47eSEdward Tomasz Napierala.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26009ea47eSEdward Tomasz Napierala.\" SUCH DAMAGE. 27009ea47eSEdward Tomasz Napierala.\" 28009ea47eSEdward Tomasz Napierala.\" $FreeBSD$ 29009ea47eSEdward Tomasz Napierala.\" 30*c63d8c3bSEdward Tomasz Napierala.Dd April 24, 2014 31009ea47eSEdward Tomasz Napierala.Dt CTL.CONF 5 32009ea47eSEdward Tomasz Napierala.Os 33009ea47eSEdward Tomasz Napierala.Sh NAME 34009ea47eSEdward Tomasz Napierala.Nm ctl.conf 35009ea47eSEdward Tomasz Napierala.Nd CAM Target Layer / iSCSI target daemon configuration file 36009ea47eSEdward Tomasz Napierala.Sh DESCRIPTION 37009ea47eSEdward Tomasz NapieralaThe 38009ea47eSEdward Tomasz Napierala.Nm 39009ea47eSEdward Tomasz Napieralaconfiguration file is used by the 40009ea47eSEdward Tomasz Napierala.Xr ctld 8 41009ea47eSEdward Tomasz Napieraladaemon. 42009ea47eSEdward Tomasz NapieralaLines starting with 43009ea47eSEdward Tomasz Napierala.Ql # 44*c63d8c3bSEdward Tomasz Napieralaare interpreted as comments. 45009ea47eSEdward Tomasz NapieralaThe general syntax of the 46009ea47eSEdward Tomasz Napierala.Nm 47009ea47eSEdward Tomasz Napieralafile is: 48009ea47eSEdward Tomasz Napierala.Bd -literal -offset indent 49009ea47eSEdward Tomasz Napieralapidfile <path> 50009ea47eSEdward Tomasz Napierala 51009ea47eSEdward Tomasz Napieralaauth-group <name> { 52009ea47eSEdward Tomasz Napierala chap <user> <secret> 53009ea47eSEdward Tomasz Napierala ... 54009ea47eSEdward Tomasz Napierala} 55009ea47eSEdward Tomasz Napierala 56009ea47eSEdward Tomasz Napieralaportal-group <name> { 57009ea47eSEdward Tomasz Napierala listen <address> 58009ea47eSEdward Tomasz Napierala listen-iser <address> 59009ea47eSEdward Tomasz Napierala discovery-auth-group <name> 60009ea47eSEdward Tomasz Napierala ... 61009ea47eSEdward Tomasz Napierala} 62009ea47eSEdward Tomasz Napierala 63009ea47eSEdward Tomasz Napieralatarget <name> { 64009ea47eSEdward Tomasz Napierala auth-group <name> 65009ea47eSEdward Tomasz Napierala portal-group <name> 66009ea47eSEdward Tomasz Napierala lun <number> { 67009ea47eSEdward Tomasz Napierala path <path> 68009ea47eSEdward Tomasz Napierala } 69009ea47eSEdward Tomasz Napierala ... 70009ea47eSEdward Tomasz Napierala} 71009ea47eSEdward Tomasz Napierala.Ed 72009ea47eSEdward Tomasz Napierala.Ss global level 73009ea47eSEdward Tomasz NapieralaThe following statements are available at the global level: 74009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 75009ea47eSEdward Tomasz Napierala.It Ic auth-group Aq Ar name 76009ea47eSEdward Tomasz NapieralaOpens an auth-group section, defining an authentication group, 77009ea47eSEdward Tomasz Napieralawhich can then be assigned to any number of targets. 78009ea47eSEdward Tomasz Napierala.It Ic debug Aq Ar level 79009ea47eSEdward Tomasz NapieralaSpecifies debug level. 80009ea47eSEdward Tomasz NapieralaThe default is 0. 81009ea47eSEdward Tomasz Napierala.It Ic maxproc Aq Ar number 82009ea47eSEdward Tomasz NapieralaSpecifies limit for concurrently running child processes handling 83009ea47eSEdward Tomasz Napieralaincoming connections. 84009ea47eSEdward Tomasz NapieralaThe default is 30. 85009ea47eSEdward Tomasz NapieralaSetting it to 0 disables the limit. 86009ea47eSEdward Tomasz Napierala.It Ic pidfile Aq Ar path 87009ea47eSEdward Tomasz NapieralaSpecifies path to pidfile. 88009ea47eSEdward Tomasz NapieralaThe default is 89009ea47eSEdward Tomasz Napierala.Pa /var/run/ctld.pid . 90009ea47eSEdward Tomasz Napierala.It Ic portal-group Aq Ar name 91009ea47eSEdward Tomasz NapieralaOpens a portal-group section, defining a portal group, 92009ea47eSEdward Tomasz Napieralawhich can then be assigned to any number of targets. 93009ea47eSEdward Tomasz Napierala.It Ic target Aq Ar name 94009ea47eSEdward Tomasz NapieralaOpens a target configuration section. 95009ea47eSEdward Tomasz Napierala.It Ic timeout Aq Ar seconds 96009ea47eSEdward Tomasz NapieralaSpecifies timeout for login session, after which the connection 97009ea47eSEdward Tomasz Napieralawill be forcibly terminated. 98009ea47eSEdward Tomasz NapieralaThe default is 60. 99009ea47eSEdward Tomasz NapieralaSetting it to 0 disables the timeout. 100009ea47eSEdward Tomasz Napierala.El 101c095756fSEdward Tomasz Napierala.Ss auth-group level 102009ea47eSEdward Tomasz NapieralaThe following statements are available at the auth-group level: 103009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 104df9900fbSEdward Tomasz Napierala.It Ic auth-type Ao Ar type Ac 105df9900fbSEdward Tomasz NapieralaSpecifies authentication type. 106e76ce448SEdward Tomasz NapieralaType can be either "none", "deny", "chap", or "chap-mutual". 107df9900fbSEdward Tomasz NapieralaIn most cases it is not neccessary to set the type using this clause; 108df9900fbSEdward Tomasz Napieralait is usually used to disable authentication for a given auth-group. 109009ea47eSEdward Tomasz Napierala.It Ic chap Ao Ar user Ac Aq Ar secret 110009ea47eSEdward Tomasz NapieralaSpecifies CHAP authentication credentials. 111009ea47eSEdward Tomasz Napierala.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 112009ea47eSEdward Tomasz NapieralaSpecifies mutual CHAP authentication credentials. 113009ea47eSEdward Tomasz NapieralaNote that for any auth-group, configuration may contain either chap, 114009ea47eSEdward Tomasz Napieralaor chap-mutual entries; it's an error to mix them. 1158cb2e958SEdward Tomasz Napierala.It Ic initiator-name Ao Ar initiator-name Ac 1168cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator name. 1178cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1188cb2e958SEdward Tomasz Napieralaname. 1198cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with names matching one of defined 1208cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 1218cb2e958SEdward Tomasz Napierala.It Ic initiator-portal Ao Ar address Ac 1228cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator portal - IPv4 or IPv6 address. 1238cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1248cb2e958SEdward Tomasz Napieralaaddress. 1258cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with addresses matching one of defined 1268cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 127009ea47eSEdward Tomasz Napierala.El 128009ea47eSEdward Tomasz Napierala.Ss portal-group level 129009ea47eSEdward Tomasz NapieralaThe following statements are available at the portal-group level: 130009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 131009ea47eSEdward Tomasz Napierala.It Ic discovery-auth-group Aq Ar name 132*c63d8c3bSEdward Tomasz NapieralaAssigns previously defined authentication group to the portal group, 133009ea47eSEdward Tomasz Napieralato be used for target discovery. 134ccb1f04dSEdward Tomasz NapieralaBy default, portal groups that do not specify their own auth settings, 135ccb1f04dSEdward Tomasz Napieralausing clauses such as "chap" or "initiator-name", are assigned 136ccb1f04dSEdward Tomasz Napieralapredefined auth-group "default", which denies discovery. 137ccb1f04dSEdward Tomasz NapieralaAnother predefined auth-group, "no-authentication", may be used 138ccb1f04dSEdward Tomasz Napieralato permit discovery without authentication. 139009ea47eSEdward Tomasz Napierala.It Ic listen Aq Ar address 140009ea47eSEdward Tomasz NapieralaSpecifies IPv4 or IPv6 address and port to listen on for incoming connections. 141009ea47eSEdward Tomasz Napierala.It Ic listen-iser Aq Ar address 142009ea47eSEdward Tomasz NapieralaSpecifies IPv4 or IPv6 address and port to listen on for incoming connections 143009ea47eSEdward Tomasz Napieralausing iSER (iSCSI over RDMA) protocol. 144009ea47eSEdward Tomasz Napierala.El 145009ea47eSEdward Tomasz Napierala.Ss target level: 146009ea47eSEdward Tomasz NapieralaThe following statements are available at the target level: 147009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 148009ea47eSEdward Tomasz Napierala.It Ic alias Aq Ar text 149*c63d8c3bSEdward Tomasz NapieralaAssigns human-readable description to the target. 150009ea47eSEdward Tomasz NapieralaThere is no default. 151009ea47eSEdward Tomasz Napierala.It Ic auth-group Aq Ar name 152*c63d8c3bSEdward Tomasz NapieralaAssigns previously defined authentication group to the target. 153affb88f5SEdward Tomasz NapieralaBy default, targets that do not specify their own auth settings, 154affb88f5SEdward Tomasz Napieralausing clauses such as "chap" or "initiator-name", are assigned 155affb88f5SEdward Tomasz Napieralapredefined auth-group "default", which denies all access. 156affb88f5SEdward Tomasz NapieralaAnother predefined auth-group, "no-authentication", may be used to permit access 157009ea47eSEdward Tomasz Napieralawithout authentication. 158df9900fbSEdward Tomasz Napierala.It Ic auth-type Ao Ar type Ac 159df9900fbSEdward Tomasz NapieralaSpecifies authentication type. 160e76ce448SEdward Tomasz NapieralaType can be either "none", "deny", "chap", or "chap-mutual". 161df9900fbSEdward Tomasz NapieralaIn most cases it is not neccessary to set the type using this clause; 162df9900fbSEdward Tomasz Napieralait is usually used to disable authentication for a given target. 163df9900fbSEdward Tomasz NapieralaThis clause is mutually exclusive with auth-group; one cannot use 164df9900fbSEdward Tomasz Napieralaboth in a single target. 165009ea47eSEdward Tomasz Napierala.It Ic chap Ao Ar user Ac Aq Ar secret 166009ea47eSEdward Tomasz NapieralaSpecifies CHAP authentication credentials. 167009ea47eSEdward Tomasz NapieralaNote that targets must use either auth-group, or chap, 168009ea47eSEdward Tomasz Napieralaor chap-mutual clauses; it's a configuration error to mix them in one target. 169009ea47eSEdward Tomasz Napierala.It Ic chap-mutual Ao Ar user Ac Ao Ar secret Ac Ao Ar mutualuser Ac Aq Ar mutualsecret 170009ea47eSEdward Tomasz NapieralaSpecifies mutual CHAP authentication credentials. 1715292c670SEdward Tomasz NapieralaNote that targets must use either auth-group, chap, or 172009ea47eSEdward Tomasz Napieralachap-mutual clauses; it's a configuration error to mix them in one target. 1738cb2e958SEdward Tomasz Napierala.It Ic initiator-name Ao Ar initiator-name Ac 1748cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator name. 1758cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1768cb2e958SEdward Tomasz Napieralaname. 1778cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with names matching one of defined 1788cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 1798cb2e958SEdward Tomasz NapieralaThis clause is mutually exclusive with auth-group; one cannot use 1808cb2e958SEdward Tomasz Napieralaboth in a single target. 1818cb2e958SEdward Tomasz Napierala.It Ic initiator-portal Ao Ar address Ac 1828cb2e958SEdward Tomasz NapieralaSpecifies iSCSI initiator portal - IPv4 or IPv6 address. 1838cb2e958SEdward Tomasz NapieralaIf not defined, there will be no restrictions based on initiator 1848cb2e958SEdward Tomasz Napieralaaddress. 1858cb2e958SEdward Tomasz NapieralaOtherwise, only initiators with addresses matching one of defined 1868cb2e958SEdward Tomasz Napieralaones will be allowed to connect. 1878cb2e958SEdward Tomasz NapieralaThis clause is mutually exclusive with auth-group; one cannot use 1888cb2e958SEdward Tomasz Napieralaboth in a single target. 189009ea47eSEdward Tomasz Napierala.It Ic portal-group Aq Ar name 190*c63d8c3bSEdward Tomasz NapieralaAssigns previously defined portal group to the target. 191009ea47eSEdward Tomasz NapieralaDefault portal group is "default", which makes the target available 192009ea47eSEdward Tomasz Napieralaon TCP port 3260 on all configured IPv4 and IPv6 addresses. 193009ea47eSEdward Tomasz Napierala.It Ic lun Aq Ar number 194009ea47eSEdward Tomasz NapieralaOpens a lun configuration section, defining LUN exported by a target. 195009ea47eSEdward Tomasz Napierala.El 196009ea47eSEdward Tomasz Napierala.Ss lun level 197009ea47eSEdward Tomasz NapieralaThe following statements are available at the lun level: 198009ea47eSEdward Tomasz Napierala.Bl -tag -width indent 199009ea47eSEdward Tomasz Napierala.It Ic backend Ao Ar block | Ar ramdisk Ac 200009ea47eSEdward Tomasz NapieralaSpecifies the CTL backend to use for a given LUN. 201009ea47eSEdward Tomasz NapieralaValid choices are 202009ea47eSEdward Tomasz Napierala.Dq block 203009ea47eSEdward Tomasz Napieralaand 204009ea47eSEdward Tomasz Napierala.Dq ramdisk ; 205009ea47eSEdward Tomasz Napieralablock is used for LUNs backed 206*c63d8c3bSEdward Tomasz Napieralaby files or disk device nodes; ramdisk is a bitsink device, used mostly for 207009ea47eSEdward Tomasz Napieralatesting. 208009ea47eSEdward Tomasz NapieralaThe default backend is block. 209009ea47eSEdward Tomasz Napierala.It Ic blocksize Aq Ar size 210009ea47eSEdward Tomasz NapieralaSpecifies blocksize visible to the initiator. 211009ea47eSEdward Tomasz NapieralaThe default blocksize is 512. 212009ea47eSEdward Tomasz Napierala.It Ic device-id Aq Ar string 213009ea47eSEdward Tomasz NapieralaSpecifies SCSI Device Identification string presented to the initiator. 214009ea47eSEdward Tomasz Napierala.It Ic option Ao Ar name Ac Aq Ar value 215009ea47eSEdward Tomasz NapieralaSpecifies CTL-specific options passed to the kernel. 216009ea47eSEdward Tomasz Napierala.It Ic path Aq Ar path 217*c63d8c3bSEdward Tomasz NapieralaSpecifies path to file or device node used to back the LUN. 218009ea47eSEdward Tomasz Napierala.It Ic serial Aq Ar string 219009ea47eSEdward Tomasz NapieralaSpecifies SCSI serial number presented to the initiator. 220009ea47eSEdward Tomasz Napierala.It Ic size Aq Ar size 221009ea47eSEdward Tomasz NapieralaSpecifies LUN size, in bytes. 222009ea47eSEdward Tomasz Napierala.El 223009ea47eSEdward Tomasz Napierala.Sh FILES 224009ea47eSEdward Tomasz Napierala.Bl -tag -width ".Pa /etc/ctl.conf" -compact 225009ea47eSEdward Tomasz Napierala.It Pa /etc/ctl.conf 226009ea47eSEdward Tomasz NapieralaThe default location of the 227009ea47eSEdward Tomasz Napierala.Xr ctld 8 228009ea47eSEdward Tomasz Napieralaconfiguration file. 229009ea47eSEdward Tomasz Napierala.El 230009ea47eSEdward Tomasz Napierala.Sh EXAMPLES 231009ea47eSEdward Tomasz Napierala.Bd -literal 232009ea47eSEdward Tomasz Napieralapidfile /var/run/ctld.pid 233009ea47eSEdward Tomasz Napierala 234009ea47eSEdward Tomasz Napieralaauth-group example2 { 235009ea47eSEdward Tomasz Napierala chap-mutual "user" "secret" "mutualuser" "mutualsecret" 236009ea47eSEdward Tomasz Napierala chap-mutual "user2" "secret2" "mutualuser" "mutualsecret" 237009ea47eSEdward Tomasz Napierala} 238009ea47eSEdward Tomasz Napierala 239009ea47eSEdward Tomasz Napieralaportal-group example2 { 240009ea47eSEdward Tomasz Napierala discovery-auth-group no-authentication 241009ea47eSEdward Tomasz Napierala listen 127.0.0.1 242009ea47eSEdward Tomasz Napierala listen 0.0.0.0:3261 243009ea47eSEdward Tomasz Napierala listen [::]:3261 244009ea47eSEdward Tomasz Napierala listen [fe80::be:ef] 245009ea47eSEdward Tomasz Napierala} 246009ea47eSEdward Tomasz Napierala 247009ea47eSEdward Tomasz Napieralatarget iqn.2012-06.com.example:target0 { 248*c63d8c3bSEdward Tomasz Napierala alias "Example target" 249009ea47eSEdward Tomasz Napierala auth-group no-authentication 250009ea47eSEdward Tomasz Napierala lun 0 { 251009ea47eSEdward Tomasz Napierala path /dev/zvol/example_0 252009ea47eSEdward Tomasz Napierala blocksize 4096 253009ea47eSEdward Tomasz Napierala size 4G 254009ea47eSEdward Tomasz Napierala } 255009ea47eSEdward Tomasz Napierala} 256009ea47eSEdward Tomasz Napierala 257009ea47eSEdward Tomasz Napieralatarget iqn.2012-06.com.example:target3 { 258009ea47eSEdward Tomasz Napierala chap chapuser chapsecret 259009ea47eSEdward Tomasz Napierala lun 0 { 260009ea47eSEdward Tomasz Napierala path /dev/zvol/example_3 261009ea47eSEdward Tomasz Napierala } 262009ea47eSEdward Tomasz Napierala} 263009ea47eSEdward Tomasz Napierala 264009ea47eSEdward Tomasz Napieralatarget iqn.2012-06.com.example:target2 { 265009ea47eSEdward Tomasz Napierala auth-group example2 266009ea47eSEdward Tomasz Napierala portal-group example2 267009ea47eSEdward Tomasz Napierala lun 0 { 268009ea47eSEdward Tomasz Napierala path /dev/zvol/example2_0 269009ea47eSEdward Tomasz Napierala } 270009ea47eSEdward Tomasz Napierala lun 1 { 271009ea47eSEdward Tomasz Napierala path /dev/zvol/example2_1 272009ea47eSEdward Tomasz Napierala option foo bar 273009ea47eSEdward Tomasz Napierala } 274009ea47eSEdward Tomasz Napierala} 275009ea47eSEdward Tomasz Napierala.Ed 276009ea47eSEdward Tomasz Napierala.Sh SEE ALSO 277009ea47eSEdward Tomasz Napierala.Xr ctl 4 , 278009ea47eSEdward Tomasz Napierala.Xr ctladm 8 , 279009ea47eSEdward Tomasz Napierala.Xr ctld 8 280009ea47eSEdward Tomasz Napierala.Sh AUTHORS 281009ea47eSEdward Tomasz NapieralaThe 282009ea47eSEdward Tomasz Napierala.Nm 283009ea47eSEdward Tomasz Napieralaconfiguration file functionality for 284009ea47eSEdward Tomasz Napierala.Xr ctld 8 285009ea47eSEdward Tomasz Napieralawas developed by 286009ea47eSEdward Tomasz Napierala.An Edward Tomasz Napierala Aq trasz@FreeBSD.org 287009ea47eSEdward Tomasz Napieralaunder sponsorship from the FreeBSD Foundation. 288