1 .\" Copyright (c) 2012 The FreeBSD Foundation
2 .\" All rights reserved.
4 .\" This software was developed by Edward Tomasz Napierala under sponsorship
5 .\" from the FreeBSD Foundation.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
10 .\" 1. Redistributions of source code must retain the above copyright
11 .\" notice, this list of conditions and the following disclaimer.
12 .\" 2. Redistributions in binary form must reproduce the above copyright
13 .\" notice, this list of conditions and the following disclaimer in the
14 .\" documentation and/or other materials provided with the distribution.
16 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .Dd September 11, 2014
35 .Nd CAM Target Layer / iSCSI target daemon configuration file
39 configuration file is used by the
44 are interpreted as comments.
45 The general syntax of the
48 .Bd -literal -offset indent
51 .No auth-group Ar name No {
52 .Dl chap Ar user Ar secret
56 .No portal-group Ar name No {
58 .Dl listen-iser Ar address
59 .Dl discovery-auth-group Ar name
64 .Dl auth-group Ar name
65 .Dl portal-group Ar name
66 .Dl lun Ar number No {
73 .Bl -tag -width indent
74 .It Ic auth-group Ar name
77 configuration context,
78 defining a new auth-group,
79 which can then be assigned to any number of targets.
81 The debug verbosity level.
83 .It Ic maxproc Ar number
84 The limit for concurrently running child processes handling
87 A setting of 0 disables the limit.
88 .It Ic pidfile Ar path
89 The path to the pidfile.
91 .Pa /var/run/ctld.pid .
92 .It Ic portal-group Ar name
95 configuration context,
96 which can then be assigned to any number of targets.
100 configuration context, which can contain one or more
103 .It Ic timeout Ar seconds
104 The timeout for login sessions, after which the connection
105 will be forcibly terminated.
107 A setting of 0 disables the timeout.
109 .Ss auth-group Context
110 .Bl -tag -width indent
112 .It Ic auth-type Ar type
113 Sets the authentication type.
120 In most cases it is not necessary to set the type using this clause;
121 it is usually used to disable authentication for a given
123 .It Ic chap Ar user Ar secret
124 A set of CHAP authentication credentials.
127 the configuration may only contain either
131 entries; it is an error to mix them.
132 .It Ic chap-mutual Ar user Ar secret Ar mutualuser Ar mutualsecret
133 A set of mutual CHAP authentication credentials.
136 the configuration may only contain either
140 entries; it is an error to mix them.
141 .It Ic initiator-name Ar initiator-name
142 An iSCSI initiator name.
143 Only initiators with a name matching one of the defined
144 names will be allowed to connect.
145 If not defined, there will be no restrictions based on initiator
147 .It Ic initiator-portal Ar address Ns Op / Ns Ar prefixlen
148 An iSCSI initiator portal: an IPv4 or IPv6 address, optionally
149 followed by a literal slash and a prefix length.
150 Only initiators with an address matching one of the defined
151 addresses will be allowed to connect.
152 If not defined, there will be no restrictions based on initiator
155 .Ss portal-group Context
156 .Bl -tag -width indent
157 .It Ic discovery-auth-group Ar name
158 Assign a previously defined authentication group to the portal group,
159 to be used for target discovery.
160 By default, portal groups that do not specify their own auth settings,
161 using clauses such as
169 which denies discovery.
172 .Qq Ar no-authentication ,
174 to permit discovery without authentication.
175 .It Ic listen Ar address
176 An IPv4 or IPv6 address and port to listen on for incoming connections.
177 .It Ic listen-iser Ar address
178 An IPv4 or IPv6 address and port to listen on for incoming connections
179 using iSER (iSCSI over RDMA) protocol.
182 .Bl -tag -width indent
184 Assign a human-readable description to the target.
186 .It Ic auth-group Ar name
187 Assign a previously defined authentication group to the target.
188 By default, targets that do not specify their own auth settings,
189 using clauses such as
197 which denies all access.
200 .Qq Ar no-authentication ,
201 may be used to permit access
202 without authentication.
203 Note that targets must only use one of
204 .Sy auth-group , chap , No or Sy chap-mutual ;
205 it is a configuration error to mix multiple types in one target.
206 .It Ic auth-type Ar type
207 Sets the authentication type.
214 In most cases it is not necessary to set the type using this clause;
215 it is usually used to disable authentication for a given
217 This clause is mutually exclusive with
220 both in a single target.
221 .It Ic chap Ar user Ar secret
222 A set of CHAP authentication credentials.
223 Note that targets must only use one of
224 .Sy auth-group , chap , No or Sy chap-mutual ;
225 it is a configuration error to mix multiple types in one target.
226 .It Ic chap-mutual Ar user Ar secret Ar mutualuser Ar mutualsecret
227 A set of mutual CHAP authentication credentials.
228 Note that targets must only use one of
229 .Sy auth-group , chap , No or Sy chap-mutual ;
230 it is a configuration error to mix multiple types in one target.
231 .It Ic initiator-name Ar initiator-name
232 An iSCSI initiator name.
233 Only initiators with a name matching one of the defined
234 names will be allowed to connect.
235 If not defined, there will be no restrictions based on initiator
237 This clause is mutually exclusive with
240 both in a single target.
241 .It Ic initiator-portal Ar address Ns Op / Ns Ar prefixlen
242 An iSCSI initiator portal: an IPv4 or IPv6 address, optionally
243 followed by a literal slash and a prefix length.
244 Only initiators with an address matching one of the defined
245 addresses will be allowed to connect.
246 If not defined, there will be no restrictions based on initiator
248 This clause is mutually exclusive with
251 both in a single target.
252 .It Ic portal-group Ar name
253 Assign a previously defined portal group to the target.
254 The default portal group is
256 which makes the target available
257 on TCP port 3260 on all configured IPv4 and IPv6 addresses.
261 configuration context, defining a LUN exported by the parent target.
264 .Bl -tag -width indent
265 .It Ic backend Ar block No | Ar ramdisk
266 The CTL backend to use for a given LUN.
271 block is used for LUNs backed
272 by files or disk device nodes; ramdisk is a bitsink device, used mostly for
274 The default backend is block.
275 .It Ic blocksize Ar size
276 The blocksize visible to the initiator.
277 The default blocksize is 512.
278 .It Ic device-id Ar string
279 The SCSI Device Identification string presented to the initiator.
280 .It Ic option Ar name Ar value
281 The CTL-specific options passed to the kernel.
282 All CTL-specific options are documented in the
287 The path to the file or device node used to back the LUN.
288 .It Ic serial Ar string
289 The SCSI serial number presented to the initiator.
291 The LUN size, in bytes.
294 .Bl -tag -width ".Pa /etc/ctl.conf" -compact
296 The default location of the
302 pidfile /var/run/ctld.pid
304 auth-group example2 {
305 chap-mutual "user" "secret" "mutualuser" "mutualsecret"
306 chap-mutual "user2" "secret2" "mutualuser" "mutualsecret"
307 initiator-portal 192.168.1.1/16
310 portal-group example2 {
311 discovery-auth-group no-authentication
318 target iqn.2012-06.com.example:target0 {
319 alias "Example target"
320 auth-group no-authentication
322 path /dev/zvol/example_0
328 target iqn.2012-06.com.example:target3 {
329 chap chapuser chapsecret
331 path /dev/zvol/example_3
335 target iqn.2012-06.com.example:target2 {
337 portal-group example2
339 path /dev/zvol/example2_0
342 path /dev/zvol/example2_1
354 configuration file functionality for
357 .An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org
358 under sponsorship from the FreeBSD Foundation.