Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
CTL.CONF(5)		  FreeBSD File Formats Manual		   CTL.CONF(5)

NAME
     ctl.conf -- CAM Target Layer / iSCSI target daemon	configuration file

DESCRIPTION
     The ctl.conf configuration	file is	used by	the ctld(8) daemon.  Lines
     starting with `#' are interpreted as comments.  The general syntax	of the
     ctl.conf file is:

	   pidfile path

	   auth-group name {
		 chap user secret
		 ...
	   }

	   portal-group	name {
		 listen	address
		 listen-iser address
		 discovery-auth-group name
		 ...
	   }

	   target name {
		 auth-group name
		 portal-group name
		 lun number {
		      path path
		 }
		 ...
	   }

   Global Context
     auth-group	name
	     Create an auth-group configuration	context, defining a new	auth-
	     group, which can then be assigned to any number of	targets.

     debug level
	     The debug verbosity level.	 The default is	0.

     maxproc number
	     The limit for concurrently	running	child processes	handling
	     incoming connections.  The	default	is 30.	A setting of 0 dis-
	     ables the limit.

     pidfile path
	     The path to the pidfile.  The default is /var/run/ctld.pid.

     portal-group name
	     Create a portal-group configuration context, defining a new por-
	     tal-group,	which can then be assigned to any number of targets.

     target name
	     Create a target configuration context, which can contain one or
	     more lun contexts.

     timeout seconds
	     The timeout for login sessions, after which the connection	will
	     be	forcibly terminated.  The default is 60.  A setting of 0 dis-
	     ables the timeout.

   auth-group Context
     auth-type type
	     Sets the authentication type.  Type can be	either "none", "deny",
	     "chap", or	"chap-mutual".	In most	cases it is not	necessary to
	     set the type using	this clause; it	is usually used	to disable
	     authentication for	a given	auth-group.

     chap user secret
	     A set of CHAP authentication credentials.	Note that for any
	     auth-group, the configuration may only contain either chap	or
	     chap-mutual entries; it is	an error to mix	them.

     chap-mutual user secret mutualuser	mutualsecret
	     A set of mutual CHAP authentication credentials.  Note that for
	     any auth-group, the configuration may only	contain	either chap or
	     chap-mutual entries; it is	an error to mix	them.

     initiator-name initiator-name
	     An	iSCSI initiator	name.  Only initiators with a name matching
	     one of the	defined	names will be allowed to connect.  If not
	     defined, there will be no restrictions based on initiator name.

     initiator-portal address[/prefixlen]
	     An	iSCSI initiator	portal:	an IPv4	or IPv6	address, optionally
	     followed by a literal slash and a prefix length.  Only initiators
	     with an address matching one of the defined addresses will	be
	     allowed to	connect.  If not defined, there	will be	no restric-
	     tions based on initiator address.

   portal-group	Context
     discovery-auth-group name
	     Assign a previously defined authentication	group to the portal
	     group, to be used for target discovery.  By default, portal
	     groups that do not	specify	their own auth settings, using clauses
	     such as chap or initiator-name, are assigned predefined
	     auth-group	"default", which denies	discovery.  Another predefined
	     auth-group, "no-authentication", may be used to permit discovery
	     without authentication.

     listen address
	     An	IPv4 or	IPv6 address and port to listen	on for incoming	con-
	     nections.

     listen-iser address
	     An	IPv4 or	IPv6 address and port to listen	on for incoming	con-
	     nections using iSER (iSCSI	over RDMA) protocol.

   target Context
     alias text
	     Assign a human-readable description to the	target.	 There is no
	     default.

     auth-group	name
	     Assign a previously defined authentication	group to the target.
	     By	default, targets that do not specify their own auth settings,
	     using clauses such	as chap	or initiator-name, are assigned	prede-
	     fined auth-group "default", which denies all access.  Another
	     predefined	auth-group, "no-authentication", may be	used to	permit
	     access without authentication.  Note that targets must only use
	     one of auth-group,	chap, or chap-mutual; it is a configuration
	     error to mix multiple types in one	target.

     auth-type type
	     Sets the authentication type.  Type can be	either "none", "deny",
	     "chap", or	"chap-mutual".	In most	cases it is not	necessary to
	     set the type using	this clause; it	is usually used	to disable
	     authentication for	a given	target.	 This clause is	mutually
	     exclusive with auth-group;	one cannot use both in a single	tar-
	     get.

     chap user secret
	     A set of CHAP authentication credentials.	Note that targets must
	     only use one of auth-group, chap, or chap-mutual; it is a config-
	     uration error to mix multiple types in one	target.

     chap-mutual user secret mutualuser	mutualsecret
	     A set of mutual CHAP authentication credentials.  Note that tar-
	     gets must only use	one of auth-group, chap, or chap-mutual; it is
	     a configuration error to mix multiple types in one	target.

     initiator-name initiator-name
	     An	iSCSI initiator	name.  Only initiators with a name matching
	     one of the	defined	names will be allowed to connect.  If not
	     defined, there will be no restrictions based on initiator name.
	     This clause is mutually exclusive with auth-group;	one cannot use
	     both in a single target.

     initiator-portal address[/prefixlen]
	     An	iSCSI initiator	portal:	an IPv4	or IPv6	address, optionally
	     followed by a literal slash and a prefix length.  Only initiators
	     with an address matching one of the defined addresses will	be
	     allowed to	connect.  If not defined, there	will be	no restric-
	     tions based on initiator address.	This clause is mutually	exclu-
	     sive with auth-group; one cannot use both in a single target.

     portal-group name
	     Assign a previously defined portal	group to the target.  The
	     default portal group is "default",	which makes the	target avail-
	     able on TCP port 3260 on all configured IPv4 and IPv6 addresses.

     lun number
	     Create a lun configuration	context, defining a LUN	exported by
	     the parent	target.

   lun Context
     backend block | ramdisk
	     The CTL backend to	use for	a given	LUN.  Valid choices are
	     "block" and "ramdisk"; block is used for LUNs backed by files or
	     disk device nodes;	ramdisk	is a bitsink device, used mostly for
	     testing.  The default backend is block.

     blocksize size
	     The blocksize visible to the initiator.  The default blocksize is
	     512.

     device-id string
	     The SCSI Device Identification string presented to	the initiator.

     option name value
	     The CTL-specific options passed to	the kernel.  All CTL-specific
	     options are documented in the OPTIONS section of ctladm(8).

     path path
	     The path to the file or device node used to back the LUN.

     serial string
	     The SCSI serial number presented to the initiator.

     size size
	     The LUN size, in bytes.

FILES
     /etc/ctl.conf  The	default	location of the	ctld(8)	configuration file.

EXAMPLES
     pidfile /var/run/ctld.pid

     auth-group	example2 {
	     chap-mutual "user"	"secret" "mutualuser" "mutualsecret"
	     chap-mutual "user2" "secret2" "mutualuser"	"mutualsecret"
     }

     portal-group example2 {
	     discovery-auth-group no-authentication
	     listen 127.0.0.1
	     listen 0.0.0.0:3261
	     listen [::]:3261
	     listen [fe80::be:ef]
     }

     target iqn.2012-06.com.example:target0 {
	     alias "Example target"
	     auth-group	no-authentication
	     lun 0 {
		     path /dev/zvol/example_0
		     blocksize 4096
		     size 4G
	     }
     }

     target iqn.2012-06.com.example:target3 {
	     chap chapuser chapsecret
	     lun 0 {
		     path /dev/zvol/example_3
	     }
     }

     target iqn.2012-06.com.example:target2 {
	     auth-group	example2
	     portal-group example2
	     lun 0 {
		     path /dev/zvol/example2_0
	     }
	     lun 1 {
		     path /dev/zvol/example2_1
		     option foo	bar
	     }
     }

SEE ALSO
     ctl(4), ctladm(8),	ctld(8)

AUTHORS
     The ctl.conf configuration	file functionality for ctld(8) was developed
     by	Edward Tomasz Napierala	<trasz@FreeBSD.org> under sponsorship from the
     FreeBSD Foundation.

FreeBSD	10.1		      September	14, 2014		  FreeBSD 10.1

NAME | DESCRIPTION | FILES | EXAMPLES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&sektion=5&manpath=FreeBSD+10.1-RELEASE>

home | help