White space fix only. Translators can ignore.
Sponsored by: iXsystems
This commit is contained in:
Dru Lavigne
parent
becf1f15a0
commit
5590783268
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=44286
1 changed files with 146 additions and 149 deletions
|
|
@ -1744,10 +1744,10 @@ nis_client_enable="YES"</programlisting>
|
|||
logins.</para>
|
||||
|
||||
<para>To prevent specified users from logging on to a system,
|
||||
even if they are present in the
|
||||
<acronym>NIS</acronym> database, use <command>vipw</command>
|
||||
to add <literal>-<replaceable>username</replaceable></literal> with the correct number
|
||||
of colons towards the end of
|
||||
even if they are present in the <acronym>NIS</acronym>
|
||||
database, use <command>vipw</command> to add
|
||||
<literal>-<replaceable>username</replaceable></literal> with
|
||||
the correct number of colons towards the end of
|
||||
<filename>/etc/master.passwd</filename> on the client,
|
||||
where <replaceable>username</replaceable> is the username of
|
||||
a user to bar from logging in. The line with the blocked
|
||||
|
|
@ -4394,7 +4394,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
|
|||
Binaries are stored in the <filename>bin</filename> and
|
||||
<filename>sbin</filename> subdirectories of the server
|
||||
root, and configuration files are stored in
|
||||
<filename class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para>
|
||||
<filename
|
||||
class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -4485,7 +4486,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
|
|||
<screen>&prompt.root; <userinput>service apache24 start</userinput></screen>
|
||||
|
||||
<para>The <command>httpd</command> service can be tested by
|
||||
entering <literal>http://<replaceable>localhost</replaceable></literal>
|
||||
entering
|
||||
<literal>http://<replaceable>localhost</replaceable></literal>
|
||||
in a web browser, replacing
|
||||
<replaceable>localhost</replaceable> with the fully-qualified
|
||||
domain name of the machine running <command>httpd</command>,
|
||||
|
|
@ -5658,27 +5660,26 @@ Logging to FILE /var/log/messages</screen>
|
|||
Configuration</title>
|
||||
|
||||
<para><acronym>iSCSI</acronym> is a way to share storage over a
|
||||
network. Unlike
|
||||
<acronym>NFS</acronym>, which works at the
|
||||
file system level, <acronym>iSCSI</acronym> works at the
|
||||
block device level.</para>
|
||||
|
||||
network. Unlike <acronym>NFS</acronym>, which works at the file
|
||||
system level, <acronym>iSCSI</acronym> works at the block device
|
||||
level.</para>
|
||||
|
||||
<para>In <acronym>iSCSI</acronym> terminology, the system that
|
||||
shares the storage is
|
||||
known as the <emphasis>target</emphasis>. The storage can be a
|
||||
physical disk, or an area representing multiple disks or a
|
||||
portion of a physical disk. For example, if the disk(s) are
|
||||
formatted with <acronym>ZFS</acronym>, a zvol can be created to
|
||||
use as the <acronym>iSCSI</acronym> storage.</para>
|
||||
|
||||
shares the storage is known as the <emphasis>target</emphasis>.
|
||||
The storage can be a physical disk, or an area representing
|
||||
multiple disks or a portion of a physical disk. For example, if
|
||||
the disk(s) are formatted with <acronym>ZFS</acronym>, a zvol
|
||||
can be created to use as the <acronym>iSCSI</acronym>
|
||||
storage.</para>
|
||||
|
||||
<para>The clients which access the <acronym>iSCSI</acronym>
|
||||
storage are called <emphasis>initiators</emphasis>.
|
||||
To initiators, the storage available through
|
||||
storage are called <emphasis>initiators</emphasis>. To
|
||||
initiators, the storage available through
|
||||
<acronym>iSCSI</acronym> appears as a raw, unformatted disk
|
||||
known as a <acronym>LUN</acronym>.
|
||||
Device nodes for the disk appear in <filename>/dev/</filename> and the device must be
|
||||
known as a <acronym>LUN</acronym>. Device nodes for the disk
|
||||
appear in <filename>/dev/</filename> and the device must be
|
||||
separately formatted and mounted.</para>
|
||||
|
||||
|
||||
<para>Beginning with 10.0-RELEASE, &os; provides a native,
|
||||
kernel-based <acronym>iSCSI</acronym> target and initiator.
|
||||
This section describes how to configure a &os; system as a
|
||||
|
|
@ -5688,28 +5689,26 @@ Logging to FILE /var/log/messages</screen>
|
|||
<title>Configuring an <acronym>iSCSI</acronym> Target</title>
|
||||
|
||||
<note>
|
||||
<para>The native <acronym>iSCSI</acronym> target is
|
||||
supported starting with &os; 10.0-RELEASE. To use
|
||||
<acronym>iSCSI</acronym> in older versions of &os;, install a
|
||||
userspace target from the Ports Collection, such as
|
||||
<package>net/istgt</package>. This chapter only describes the
|
||||
native target.</para>
|
||||
<para>The native <acronym>iSCSI</acronym> target is supported
|
||||
starting with &os; 10.0-RELEASE. To use
|
||||
<acronym>iSCSI</acronym> in older versions of &os;, install
|
||||
a userspace target from the Ports Collection, such as
|
||||
<package>net/istgt</package>. This chapter only describes
|
||||
the native target.</para>
|
||||
</note>
|
||||
|
||||
<para>To configure an <acronym>iSCSI</acronym> target,
|
||||
create the
|
||||
<filename>/etc/ctl.conf</filename> configuration file, add
|
||||
a line to <filename>/etc/rc.conf</filename> to
|
||||
make sure the &man.ctld.8;
|
||||
daemon is automatically started at boot, and then start the
|
||||
daemon.</para>
|
||||
<para>To configure an <acronym>iSCSI</acronym> target, create
|
||||
the <filename>/etc/ctl.conf</filename> configuration file, add
|
||||
a line to <filename>/etc/rc.conf</filename> to make sure the
|
||||
&man.ctld.8; daemon is automatically started at boot, and then
|
||||
start the daemon.</para>
|
||||
|
||||
<para>The following is an example of a simple
|
||||
<filename>/etc/ctl.conf</filename>
|
||||
configuration file. Refer to &man.ctl.conf.5; for a more
|
||||
complete description of this file's available options.</para>
|
||||
<para>The following is an example of a simple
|
||||
<filename>/etc/ctl.conf</filename> configuration file. Refer
|
||||
to &man.ctl.conf.5; for a more complete description of this
|
||||
file's available options.</para>
|
||||
|
||||
<programlisting>portal-group pg0 {
|
||||
<programlisting>portal-group pg0 {
|
||||
discovery-auth-group no-authentication
|
||||
listen 0.0.0.0
|
||||
listen [::]
|
||||
|
|
@ -5725,86 +5724,78 @@ target iqn.2012-06.com.example:target0 {
|
|||
}
|
||||
}</programlisting>
|
||||
|
||||
<para>The first entry defines the <literal>pg0</literal>
|
||||
portal group. Portal groups define which network addresses the
|
||||
&man.ctld.8;
|
||||
daemon will listen on. The <literal>discovery-auth-group
|
||||
no-authentication</literal> entry indicates that any initiator is
|
||||
allowed to perform <acronym>iSCSI</acronym> target
|
||||
discovery without authentication. Lines three and four
|
||||
configure &man.ctld.8; to
|
||||
listen on all <acronym>IPv4</acronym>
|
||||
(<literal>listen 0.0.0.0</literal>) and
|
||||
<acronym>IPv6</acronym> (<literal>listen [::]</literal>)
|
||||
addresses on the default port of 3260.</para>
|
||||
|
||||
<para>It is not necessary
|
||||
to define a portal group as there is a built-in portal group called
|
||||
<literal>default</literal>. In this case, the difference between
|
||||
<literal>default</literal> and <literal>pg0</literal>
|
||||
is that with <literal>default</literal>, target
|
||||
discovery is always
|
||||
denied, while with <literal>pg0</literal>, it is always
|
||||
allowed.</para>
|
||||
<para>The first entry defines the <literal>pg0</literal> portal
|
||||
group. Portal groups define which network addresses the
|
||||
&man.ctld.8; daemon will listen on. The
|
||||
<literal>discovery-auth-group no-authentication</literal>
|
||||
entry indicates that any initiator is allowed to perform
|
||||
<acronym>iSCSI</acronym> target discovery without
|
||||
authentication. Lines three and four configure &man.ctld.8;
|
||||
to listen on all <acronym>IPv4</acronym>
|
||||
(<literal>listen 0.0.0.0</literal>) and
|
||||
<acronym>IPv6</acronym> (<literal>listen [::]</literal>)
|
||||
addresses on the default port of 3260.</para>
|
||||
|
||||
<para>The second entry defines a single
|
||||
target. Target has two possible
|
||||
meanings: a machine serving <acronym>iSCSI</acronym> or
|
||||
a named group of <acronym>LUNs</acronym>. This
|
||||
example uses the latter meaning, where
|
||||
<literal>iqn.2012-06.com.example:target0</literal> is the
|
||||
target name. This target name is suitable for testing purposes.
|
||||
For actual use, change <literal>com.example</literal>
|
||||
to the real domain name, reversed. The
|
||||
<literal>2012-06</literal> represents the year and month of
|
||||
acquiring control of that domain name, and
|
||||
<literal>target0</literal> can be any value. Any
|
||||
number of targets can be defined in this configuration
|
||||
file.</para>
|
||||
<para>It is not necessary to define a portal group as there is a
|
||||
built-in portal group called <literal>default</literal>. In
|
||||
this case, the difference between <literal>default</literal>
|
||||
and <literal>pg0</literal> is that with
|
||||
<literal>default</literal>, target discovery is always denied,
|
||||
while with <literal>pg0</literal>, it is always
|
||||
allowed.</para>
|
||||
|
||||
<para>The <literal>auth-group no-authentication</literal> line allows
|
||||
all initiators to connect to the specified target and
|
||||
<literal>portal-group pg0</literal> makes the target
|
||||
reachable through the <literal>pg0</literal> portal
|
||||
group.</para>
|
||||
<para>The second entry defines a single target. Target has two
|
||||
possible meanings: a machine serving <acronym>iSCSI</acronym>
|
||||
or a named group of <acronym>LUNs</acronym>. This example
|
||||
uses the latter meaning, where
|
||||
<literal>iqn.2012-06.com.example:target0</literal> is the
|
||||
target name. This target name is suitable for testing
|
||||
purposes. For actual use, change
|
||||
<literal>com.example</literal> to the real domain name,
|
||||
reversed. The <literal>2012-06</literal> represents the year
|
||||
and month of acquiring control of that domain name, and
|
||||
<literal>target0</literal> can be any value. Any number of
|
||||
targets can be defined in this configuration file.</para>
|
||||
|
||||
<para>The next section defines the <acronym>LUN</acronym>. To the
|
||||
initiator, each <acronym>LUN</acronym> will be visible as a
|
||||
separate disk device. Multiple
|
||||
<acronym>LUNs</acronym> can be defined for each target.
|
||||
Each <acronym>LUN</acronym> is identified by a number, where
|
||||
<acronym>LUN</acronym> 0 is mandatory. The
|
||||
<literal>path /data/target0-0</literal> line defines the full
|
||||
path to a file or zvol backing the <acronym>LUN</acronym>.
|
||||
That path must exist before starting &man.ctld.8;.
|
||||
The second line is optional and specifies the size of the
|
||||
<acronym>LUN</acronym>.</para>
|
||||
<para>The <literal>auth-group no-authentication</literal> line
|
||||
allows all initiators to connect to the specified target and
|
||||
<literal>portal-group pg0</literal> makes the target reachable
|
||||
through the <literal>pg0</literal> portal group.</para>
|
||||
|
||||
<para>Next, to make sure the &man.ctld.8;
|
||||
daemon is started at boot, add this line to
|
||||
<filename>/etc/rc.conf</filename>:</para>
|
||||
<para>The next section defines the <acronym>LUN</acronym>. To
|
||||
the initiator, each <acronym>LUN</acronym> will be visible as
|
||||
a separate disk device. Multiple <acronym>LUNs</acronym> can
|
||||
be defined for each target. Each <acronym>LUN</acronym> is
|
||||
identified by a number, where <acronym>LUN</acronym> 0 is
|
||||
mandatory. The <literal>path /data/target0-0</literal> line
|
||||
defines the full path to a file or zvol backing the
|
||||
<acronym>LUN</acronym>. That path must exist before starting
|
||||
&man.ctld.8;. The second line is optional and specifies the
|
||||
size of the <acronym>LUN</acronym>.</para>
|
||||
|
||||
<programlisting>ctld_enable="YES"</programlisting>
|
||||
<para>Next, to make sure the &man.ctld.8; daemon is started at
|
||||
boot, add this line to
|
||||
<filename>/etc/rc.conf</filename>:</para>
|
||||
|
||||
<para>To start &man.ctld.8; now,
|
||||
run this command:</para>
|
||||
<programlisting>ctld_enable="YES"</programlisting>
|
||||
|
||||
<screen>&prompt.root; <userinput>service ctld start</userinput></screen>
|
||||
<para>To start &man.ctld.8; now, run this command:</para>
|
||||
|
||||
<para>As the &man.ctld.8;
|
||||
daemon is started, it reads <filename>/etc/ctl.conf</filename>.
|
||||
If this file is edited after the daemon starts, use this
|
||||
command so that the changes take
|
||||
effect immediately:</para>
|
||||
<screen>&prompt.root; <userinput>service ctld start</userinput></screen>
|
||||
|
||||
<screen>&prompt.root; <userinput>service ctld reload</userinput></screen>
|
||||
<para>As the &man.ctld.8; daemon is started, it reads
|
||||
<filename>/etc/ctl.conf</filename>. If this file is edited
|
||||
after the daemon starts, use this command so that the changes
|
||||
take effect immediately:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>service ctld reload</userinput></screen>
|
||||
|
||||
<sect3>
|
||||
<title>Authentication</title>
|
||||
|
||||
<para>The previous example is inherently insecure as it uses no
|
||||
authentication, granting anyone full access to
|
||||
all targets. To require a username and password to access
|
||||
<para>The previous example is inherently insecure as it uses
|
||||
no authentication, granting anyone full access to all
|
||||
targets. To require a username and password to access
|
||||
targets, modify the configuration as follows:</para>
|
||||
|
||||
<programlisting>auth-group ag0 {
|
||||
|
|
@ -5830,16 +5821,17 @@ target iqn.2012-06.com.example:target0 {
|
|||
<para>The <literal>auth-group</literal> section defines
|
||||
username and password pairs. An initiator trying to connect
|
||||
to <literal>iqn.2012-06.com.example:target0</literal> must
|
||||
first specify a defined username and secret. However, target discovery is still
|
||||
permitted without authentication. To require target discovery authentication,
|
||||
set <literal>discovery-auth-group</literal> to a defined
|
||||
first specify a defined username and secret. However,
|
||||
target discovery is still permitted without authentication.
|
||||
To require target discovery authentication, set
|
||||
<literal>discovery-auth-group</literal> to a defined
|
||||
<literal>auth-group</literal> name instead of
|
||||
<literal>no-authentication</literal>.</para>
|
||||
|
||||
<para>It is common to define a
|
||||
single exported target for every initiator. As a shorthand
|
||||
for the syntax above, the username and password can be
|
||||
specified directly in the target entry:</para>
|
||||
<para>It is common to define a single exported target for
|
||||
every initiator. As a shorthand for the syntax above, the
|
||||
username and password can be specified directly in the
|
||||
target entry:</para>
|
||||
|
||||
<programlisting>target iqn.2012-06.com.example:target0 {
|
||||
portal-group pg0
|
||||
|
|
@ -5857,28 +5849,26 @@ target iqn.2012-06.com.example:target0 {
|
|||
<title>Configuring an <acronym>iSCSI</acronym> Initiator</title>
|
||||
|
||||
<note>
|
||||
<para>The <acronym>iSCSI</acronym> initiator described in this section is
|
||||
supported starting with &os; 10.0-RELEASE. To use the
|
||||
<acronym>iSCSI</acronym> initiator available in older
|
||||
versions, refer to &man.iscontrol.8;.</para>
|
||||
<para>The <acronym>iSCSI</acronym> initiator described in this
|
||||
section is supported starting with &os; 10.0-RELEASE. To
|
||||
use the <acronym>iSCSI</acronym> initiator available in
|
||||
older versions, refer to &man.iscontrol.8;.</para>
|
||||
</note>
|
||||
|
||||
<para>The <acronym>iSCSI</acronym> initiator requires that the &man.iscsid.8;
|
||||
daemon is running. This daemon does not use a configuration file. To
|
||||
start it automatically at boot, add this line to
|
||||
<filename>/etc/rc.conf</filename>:</para>
|
||||
<para>The <acronym>iSCSI</acronym> initiator requires that the
|
||||
&man.iscsid.8; daemon is running. This daemon does not use a
|
||||
configuration file. To start it automatically at boot, add
|
||||
this line to <filename>/etc/rc.conf</filename>:</para>
|
||||
|
||||
<programlisting>iscsid_enable="YES"</programlisting>
|
||||
|
||||
<para>To start &man.iscsid.8; now,
|
||||
run this command:</para>
|
||||
<para>To start &man.iscsid.8; now, run this command:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>service iscsid start</userinput></screen>
|
||||
|
||||
<para>Connecting to a target can be done with or without an
|
||||
<filename>/etc/iscsi.conf</filename>
|
||||
configuration file. This section demonstrates both types of
|
||||
connections.</para>
|
||||
<filename>/etc/iscsi.conf</filename> configuration file. This
|
||||
section demonstrates both types of connections.</para>
|
||||
|
||||
<sect3>
|
||||
<title>Connecting to a Target Without a Configuration
|
||||
|
|
@ -5891,15 +5881,16 @@ target iqn.2012-06.com.example:target0 {
|
|||
<screen>&prompt.root; <userinput>iscsictl -A -p <replaceable>10.10.10.10</replaceable> -t <replaceable>iqn.2012-06.com.example:target0</replaceable></userinput></screen>
|
||||
|
||||
<para>To verify if the connection succeeded, run
|
||||
<command>iscsictl</command> without any
|
||||
arguments. The output should look similar to this:</para>
|
||||
<command>iscsictl</command> without any arguments. The
|
||||
output should look similar to this:</para>
|
||||
|
||||
<programlisting>Target name Target portal State
|
||||
iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</programlisting>
|
||||
|
||||
<para>In this example, the <acronym>iSCSI</acronym> session was
|
||||
successfully established, with <filename>/dev/da0</filename>
|
||||
representing the attached <acronym>LUN</acronym>. If the
|
||||
<para>In this example, the <acronym>iSCSI</acronym> session
|
||||
was successfully established, with
|
||||
<filename>/dev/da0</filename> representing the attached
|
||||
<acronym>LUN</acronym>. If the
|
||||
<literal>iqn.2012-06.com.example:target0</literal> target
|
||||
exports more than one <acronym>LUN</acronym>, multiple
|
||||
device nodes will be shown in that section of the
|
||||
|
|
@ -5907,25 +5898,28 @@ iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</
|
|||
|
||||
<screen>Connected: da0 da1 da2.</screen>
|
||||
|
||||
<para>Any errors will be reported in the output, as well as the system logs.
|
||||
For example, this message usually means that the &man.iscsid.8;
|
||||
daemon is not running:</para>
|
||||
<para>Any errors will be reported in the output, as well as
|
||||
the system logs. For example, this message usually means
|
||||
that the &man.iscsid.8; daemon is not running:</para>
|
||||
|
||||
<programlisting>Target name Target portal State
|
||||
iqn.2012-06.com.example:target0 10.10.10.10 Waiting for iscsid(8)</programlisting>
|
||||
|
||||
<para>The following message suggests a networking problem, such as
|
||||
a wrong <acronym>IP</acronym> address or port:</para>
|
||||
<para>The following message suggests a networking problem,
|
||||
such as a wrong <acronym>IP</acronym> address or
|
||||
port:</para>
|
||||
|
||||
<programlisting>Target name Target portal State
|
||||
iqn.2012-06.com.example:target0 10.10.10.11 Connection refused</programlisting>
|
||||
|
||||
<para>This message means that the specified target name is wrong:</para>
|
||||
<para>This message means that the specified target name is
|
||||
wrong:</para>
|
||||
|
||||
<programlisting>Target name Target portal State
|
||||
iqn.2012-06.com.example:atrget0 10.10.10.10 Not found</programlisting>
|
||||
|
||||
<para>This message means that the target requires authentication:</para>
|
||||
<para>This message means that the target requires
|
||||
authentication:</para>
|
||||
|
||||
<programlisting>Target name Target portal State
|
||||
iqn.2012-06.com.example:target0 10.10.10.10 Authentication failed</programlisting>
|
||||
|
|
@ -5953,19 +5947,22 @@ iqn.2012-06.com.example:target0 10.10.10.10 Authentication f
|
|||
}</programlisting>
|
||||
|
||||
<para>The <literal>t0</literal> specifies a nickname for the
|
||||
configuration file section. It will be used by the initiator to
|
||||
specify which configuration to use. The other lines
|
||||
specify the parameters to use during connection. The <literal>TargetAddress</literal>
|
||||
and <literal>TargetName</literal> are mandatory, whereas the other options are optional. In
|
||||
this example, the <acronym>CHAP</acronym> username and secret
|
||||
are shown.</para>
|
||||
configuration file section. It will be used by the
|
||||
initiator to specify which configuration to use. The other
|
||||
lines specify the parameters to use during connection. The
|
||||
<literal>TargetAddress</literal> and
|
||||
<literal>TargetName</literal> are mandatory, whereas the
|
||||
other options are optional. In this example, the
|
||||
<acronym>CHAP</acronym> username and secret are
|
||||
shown.</para>
|
||||
|
||||
<para>To connect to the defined target, specify the nickname:</para>
|
||||
<para>To connect to the defined target, specify the
|
||||
nickname:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>iscsictl -An <replaceable>t0</replaceable></userinput></screen>
|
||||
|
||||
<para>Alternately, to connect to all targets defined in the configuration
|
||||
file, use:</para>
|
||||
<para>Alternately, to connect to all targets defined in the
|
||||
configuration file, use:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>iscsictl -Aa</userinput></screen>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue