CTL.CONF(5) |
FreeBSD File Formats Manual |
CTL.CONF(5) |
NAME
ctl.conf —
CAM Target Layer / iSCSI target daemon configuration file
DESCRIPTION
The
ctl.conf configuration file is used by the
ctld(8) daemon. Lines starting with ‘
#
’ are interpreted as comments. The general syntax of the
ctl.conf file is:
pidfile path
auth-group name {
chap user secret
...
}
portal-group name {
listen address
listen-iser address
discovery-auth-group name
...
}
target name {
auth-group name
portal-group name
lun number {
path path
}
...
}
Global Context
-
auth-group
name
-
Create an
auth-group configuration context, defining a new auth-group, which can then be assigned to any number of targets.
-
debug
level
-
The debug verbosity level. The default is 0.
-
maxproc
number
-
The limit for concurrently running child processes handling incoming connections. The default is 30. A setting of 0 disables the limit.
-
pidfile
path
-
The path to the pidfile. The default is
/var/run/ctld.pid.
-
portal-group
name
-
Create a
portal-group configuration context, defining a new portal-group, which can then be assigned to any number of targets.
-
target
name
-
Create a
target configuration context, which can contain one or more
lun contexts.
-
timeout
seconds
-
The timeout for login sessions, after which the connection will be forcibly terminated. The default is 60. A setting of 0 disables the timeout.
auth-group Context
-
auth-type
type
-
Sets the authentication type. Type can be either “
none”, “
deny”, “
chap”, or “
chap-mutual”. In most cases it is not necessary to set the type using this clause; it is usually used to disable authentication for a given
auth-group.
-
chap
user
secret
-
A set of CHAP authentication credentials. Note that for any
auth-group, the configuration may only contain either
chap or
chap-mutual entries; it is an error to mix them.
-
chap-mutual
user
secret
mutualuser
mutualsecret
-
A set of mutual CHAP authentication credentials. Note that for any
auth-group, the configuration may only contain either
chap or
chap-mutual entries; it is an error to mix them.
-
initiator-name
initiator-name
-
An iSCSI initiator name. Only initiators with a name matching one of the defined names will be allowed to connect. If not defined, there will be no restrictions based on initiator name.
-
initiator-portal
address[
/ prefixlen]
-
An iSCSI initiator portal: an IPv4 or IPv6 address, optionally followed by a literal slash and a prefix length. Only initiators with an address matching one of the defined addresses will be allowed to connect. If not defined, there will be no restrictions based on initiator address.
portal-group Context
-
discovery-auth-group
name
-
Assign a previously defined authentication group to the portal group, to be used for target discovery. By default, portal groups that do not specify their own auth settings, using clauses such as
chap or
initiator-name, are assigned predefined
auth-group “
default”, which denies discovery. Another predefined
auth-group, “
no-authentication”, may be used to permit discovery without authentication.
-
listen
address
-
An IPv4 or IPv6 address and port to listen on for incoming connections.
-
listen-iser
address
-
An IPv4 or IPv6 address and port to listen on for incoming connections using iSER (iSCSI over RDMA) protocol.
target Context
-
alias
text
-
Assign a human-readable description to the target. There is no default.
-
auth-group
name
-
Assign a previously defined authentication group to the target. By default, targets that do not specify their own auth settings, using clauses such as
chap or
initiator-name, are assigned predefined
auth-group “
default”, which denies all access. Another predefined
auth-group, “
no-authentication”, may be used to permit access without authentication. Note that targets must only use one of
auth-group,
chap, or
chap-mutual; it is a configuration error to mix multiple types in one target.
-
auth-type
type
-
Sets the authentication type. Type can be either “
none”, “
deny”, “
chap”, or “
chap-mutual”. In most cases it is not necessary to set the type using this clause; it is usually used to disable authentication for a given
target. This clause is mutually exclusive with
auth-group; one cannot use both in a single target.
-
chap
user
secret
-
A set of CHAP authentication credentials. Note that targets must only use one of
auth-group,
chap, or
chap-mutual; it is a configuration error to mix multiple types in one target.
-
chap-mutual
user
secret
mutualuser
mutualsecret
-
A set of mutual CHAP authentication credentials. Note that targets must only use one of
auth-group,
chap, or
chap-mutual; it is a configuration error to mix multiple types in one target.
-
initiator-name
initiator-name
-
An iSCSI initiator name. Only initiators with a name matching one of the defined names will be allowed to connect. If not defined, there will be no restrictions based on initiator name. This clause is mutually exclusive with
auth-group; one cannot use both in a single target.
-
initiator-portal
address[
/ prefixlen]
-
An iSCSI initiator portal: an IPv4 or IPv6 address, optionally followed by a literal slash and a prefix length. Only initiators with an address matching one of the defined addresses will be allowed to connect. If not defined, there will be no restrictions based on initiator address. This clause is mutually exclusive with
auth-group; one cannot use both in a single target.
-
portal-group
name
-
Assign a previously defined portal group to the target. The default portal group is “
default”, which makes the target available on TCP port 3260 on all configured IPv4 and IPv6 addresses.
-
lun
number
-
Create a
lun configuration context, defining a LUN exported by the parent target.
lun Context
-
backend
block |
ramdisk
-
The CTL backend to use for a given LUN. Valid choices are “
block” and “
ramdisk”; block is used for LUNs backed by files or disk device nodes; ramdisk is a bitsink device, used mostly for testing. The default backend is block.
-
blocksize
size
-
The blocksize visible to the initiator. The default blocksize is 512.
-
device-id
string
-
The SCSI Device Identification string presented to the initiator.
-
option
name
value
-
The CTL-specific options passed to the kernel. All CTL-specific options are documented in the
OPTIONS section of
ctladm(8).
-
path
path
-
The path to the file or device node used to back the LUN.
-
serial
string
-
The SCSI serial number presented to the initiator.
-
size
size
-
The LUN size, in bytes.
FILES
-
/etc/ctl.conf
-
The default location of the
ctld(8) configuration file.
EXAMPLES
pidfile /var/run/ctld.pid
auth-group example2 {
chap-mutual "user" "secret" "mutualuser" "mutualsecret"
chap-mutual "user2" "secret2" "mutualuser" "mutualsecret"
}
portal-group example2 {
discovery-auth-group no-authentication
listen 127.0.0.1
listen 0.0.0.0:3261
listen [::]:3261
listen [fe80::be:ef]
}
target iqn.2012-06.com.example:target0 {
alias "Example target"
auth-group no-authentication
lun 0 {
path /dev/zvol/example_0
blocksize 4096
size 4G
}
}
target iqn.2012-06.com.example:target3 {
chap chapuser chapsecret
lun 0 {
path /dev/zvol/example_3
}
}
target iqn.2012-06.com.example:target2 {
auth-group example2
portal-group example2
lun 0 {
path /dev/zvol/example2_0
}
lun 1 {
path /dev/zvol/example2_1
option foo bar
}
}
AUTHORS
The
ctl.conf configuration file functionality for
ctld(8) was developed by
Edward Tomasz Napierala <trasz@FreeBSD.org> under sponsorship from the FreeBSD Foundation.