EN JA
CTL.CONF(5)
CTL.CONF(5) FreeBSD File Formats Manual CTL.CONF(5)

NAME

ctl.confCAM Target Layer / iSCSI target daemon configuration file

DESCRIPTION

The ctl.conf configuration file is used by the ctld(8) daemon. Lines starting with ‘ #’ are interpreted as comments. The general syntax of the ctl.conf file is:

pidfile path 
 
auth-group name { 

   
chap user secret
...
}
 
portal-group name {
listen address
listen-iser address
discovery-auth-group name
...
}
 
target name {
auth-group name
portal-group name
lun number {
path path
}
...
}

Global Context

auth-group name
Create an auth-group configuration context, defining a new auth-group, which can then be assigned to any number of targets.
debug level
The debug verbosity level. The default is 0.
maxproc number
The limit for concurrently running child processes handling incoming connections. The default is 30. A setting of 0 disables the limit.
pidfile path
The path to the pidfile. The default is /var/run/ctld.pid.
portal-group name
Create a portal-group configuration context, defining a new portal-group, which can then be assigned to any number of targets.
target name
Create a target configuration context, which can contain one or more lun contexts.
timeout seconds
The timeout for login sessions, after which the connection will be forcibly terminated. The default is 60. A setting of 0 disables the timeout.

auth-group Context

 
auth-type type
Sets the authentication type. Type can be either “ none”, “ deny”, “ chap”, or “ chap-mutual”. In most cases it is not necessary to set the type using this clause; it is usually used to disable authentication for a given auth-group.
chap user secret
A set of CHAP authentication credentials. Note that for any auth-group, the configuration may only contain either chap or chap-mutual entries; it is an error to mix them.
chap-mutual user secret mutualuser mutualsecret
A set of mutual CHAP authentication credentials. Note that for any auth-group, the configuration may only contain either chap or chap-mutual entries; it is an error to mix them.
initiator-name initiator-name
An iSCSI initiator name. Only initiators with a name matching one of the defined names will be allowed to connect. If not defined, there will be no restrictions based on initiator name.
initiator-portal address[ / prefixlen]
An iSCSI initiator portal: an IPv4 or IPv6 address, optionally followed by a literal slash and a prefix length. Only initiators with an address matching one of the defined addresses will be allowed to connect. If not defined, there will be no restrictions based on initiator address.

portal-group Context

discovery-auth-group name
Assign a previously defined authentication group to the portal group, to be used for target discovery. By default, portal groups that do not specify their own auth settings, using clauses such as chap or initiator-name, are assigned predefined auth-groupdefault”, which denies discovery. Another predefined auth-group, “ no-authentication”, may be used to permit discovery without authentication.
listen address
An IPv4 or IPv6 address and port to listen on for incoming connections.
listen-iser address
An IPv4 or IPv6 address and port to listen on for incoming connections using iSER (iSCSI over RDMA) protocol.

target Context

alias text
Assign a human-readable description to the target. There is no default.
auth-group name
Assign a previously defined authentication group to the target. By default, targets that do not specify their own auth settings, using clauses such as chap or initiator-name, are assigned predefined auth-groupdefault”, which denies all access. Another predefined auth-group, “ no-authentication”, may be used to permit access without authentication. Note that targets must only use one of auth-group, chap, or chap-mutual; it is a configuration error to mix multiple types in one target.
auth-type type
Sets the authentication type. Type can be either “ none”, “ deny”, “ chap”, or “ chap-mutual”. In most cases it is not necessary to set the type using this clause; it is usually used to disable authentication for a given target. This clause is mutually exclusive with auth-group; one cannot use both in a single target.
chap user secret
A set of CHAP authentication credentials. Note that targets must only use one of auth-group, chap, or chap-mutual; it is a configuration error to mix multiple types in one target.
chap-mutual user secret mutualuser mutualsecret
A set of mutual CHAP authentication credentials. Note that targets must only use one of auth-group, chap, or chap-mutual; it is a configuration error to mix multiple types in one target.
initiator-name initiator-name
An iSCSI initiator name. Only initiators with a name matching one of the defined names will be allowed to connect. If not defined, there will be no restrictions based on initiator name. This clause is mutually exclusive with auth-group; one cannot use both in a single target.
initiator-portal address[ / prefixlen]
An iSCSI initiator portal: an IPv4 or IPv6 address, optionally followed by a literal slash and a prefix length. Only initiators with an address matching one of the defined addresses will be allowed to connect. If not defined, there will be no restrictions based on initiator address. This clause is mutually exclusive with auth-group; one cannot use both in a single target.
portal-group name
Assign a previously defined portal group to the target. The default portal group is “ default”, which makes the target available on TCP port 3260 on all configured IPv4 and IPv6 addresses.
lun number
Create a lun configuration context, defining a LUN exported by the parent target.

lun Context

backend block | ramdisk
The CTL backend to use for a given LUN. Valid choices are “ block” and “ ramdisk”; block is used for LUNs backed by files or disk device nodes; ramdisk is a bitsink device, used mostly for testing. The default backend is block.
blocksize size
The blocksize visible to the initiator. The default blocksize is 512.
device-id string
The SCSI Device Identification string presented to the initiator.
option name value
The CTL-specific options passed to the kernel. All CTL-specific options are documented in the OPTIONS section of ctladm(8).
path path
The path to the file or device node used to back the LUN.
serial string
The SCSI serial number presented to the initiator.
size size
The LUN size, in bytes.

FILES

/etc/ctl.conf
The default location of the ctld(8) configuration file.

EXAMPLES

pidfile /var/run/ctld.pid 
 
auth-group example2 { 
 chap-mutual "user" "secret" "mutualuser" "mutualsecret" 
 chap-mutual "user2" "secret2" "mutualuser" "mutualsecret" 
} 
 
portal-group example2 { 
 discovery-auth-group no-authentication 
 listen 127.0.0.1 
 listen 0.0.0.0:3261 
 listen [::]:3261 
 listen [fe80::be:ef] 
} 
 
target iqn.2012-06.com.example:target0 { 
 alias "Example target" 
 auth-group no-authentication 
 lun 0 { 
  path /dev/zvol/example_0 
  blocksize 4096 
  size 4G 
 } 
} 
 
target iqn.2012-06.com.example:target3 { 
 chap chapuser chapsecret 
 lun 0 { 
  path /dev/zvol/example_3 
 } 
} 
 
target iqn.2012-06.com.example:target2 { 
 auth-group example2 
 portal-group example2 
 lun 0 { 
  path /dev/zvol/example2_0 
 } 
 lun 1 { 
  path /dev/zvol/example2_1 
  option foo bar 
 } 
}

SEE ALSO

ctl(4), ctladm(8), ctld(8)

AUTHORS

The ctl.conf configuration file functionality for ctld(8) was developed by Edward Tomasz Napierala <trasz@FreeBSD.org> under sponsorship from the FreeBSD Foundation.
September 14, 2014 FreeBSD