Date: Wed, 19 Mar 2014 14:08:07 +0000 (UTC) From: Dru Lavigne <dru@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44286 - head/en_US.ISO8859-1/books/handbook/network-servers Message-ID: <201403191408.s2JE876m066421@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dru Date: Wed Mar 19 14:08:07 2014 New Revision: 44286 URL: http://svnweb.freebsd.org/changeset/doc/44286 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Mar 19 13:50:10 2014 (r44285) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Mar 19 14:08:07 2014 (r44286) @@ -1744,10 +1744,10 @@ nis_client_enable="YES"</programlisting> logins.</para> <para>To prevent specified users from logging on to a system, - even if they are present in the - <acronym>NIS</acronym> database, use <command>vipw</command> - to add <literal>-<replaceable>username</replaceable></literal> with the correct number - of colons towards the end of + even if they are present in the <acronym>NIS</acronym> + database, use <command>vipw</command> to add + <literal>-<replaceable>username</replaceable></literal> with + the correct number of colons towards the end of <filename>/etc/master.passwd</filename> on the client, where <replaceable>username</replaceable> is the username of a user to bar from logging in. The line with the blocked @@ -4394,7 +4394,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key Binaries are stored in the <filename>bin</filename> and <filename>sbin</filename> subdirectories of the server root, and configuration files are stored in - <filename class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para> + <filename + class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para> </listitem> </varlistentry> @@ -4485,7 +4486,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key <screen>&prompt.root; <userinput>service apache24 start</userinput></screen> <para>The <command>httpd</command> service can be tested by - entering <literal>http://<replaceable>localhost</replaceable></literal>; + entering + <literal>http://<replaceable>localhost</replaceable></literal>; in a web browser, replacing <replaceable>localhost</replaceable> with the fully-qualified domain name of the machine running <command>httpd</command>, @@ -5658,27 +5660,26 @@ Logging to FILE /var/log/messages</scree Configuration</title> <para><acronym>iSCSI</acronym> is a way to share storage over a - network. Unlike - <acronym>NFS</acronym>, which works at the - file system level, <acronym>iSCSI</acronym> works at the - block device level.</para> - + network. Unlike <acronym>NFS</acronym>, which works at the file + system level, <acronym>iSCSI</acronym> works at the block device + level.</para> + <para>In <acronym>iSCSI</acronym> terminology, the system that - shares the storage is - known as the <emphasis>target</emphasis>. The storage can be a - physical disk, or an area representing multiple disks or a - portion of a physical disk. For example, if the disk(s) are - formatted with <acronym>ZFS</acronym>, a zvol can be created to - use as the <acronym>iSCSI</acronym> storage.</para> - + shares the storage is known as the <emphasis>target</emphasis>. + The storage can be a physical disk, or an area representing + multiple disks or a portion of a physical disk. For example, if + the disk(s) are formatted with <acronym>ZFS</acronym>, a zvol + can be created to use as the <acronym>iSCSI</acronym> + storage.</para> + <para>The clients which access the <acronym>iSCSI</acronym> - storage are called <emphasis>initiators</emphasis>. - To initiators, the storage available through + storage are called <emphasis>initiators</emphasis>. To + initiators, the storage available through <acronym>iSCSI</acronym> appears as a raw, unformatted disk - known as a <acronym>LUN</acronym>. - Device nodes for the disk appear in <filename>/dev/</filename> and the device must be + known as a <acronym>LUN</acronym>. Device nodes for the disk + appear in <filename>/dev/</filename> and the device must be separately formatted and mounted.</para> - + <para>Beginning with 10.0-RELEASE, &os; provides a native, kernel-based <acronym>iSCSI</acronym> target and initiator. This section describes how to configure a &os; system as a @@ -5688,28 +5689,26 @@ Logging to FILE /var/log/messages</scree <title>Configuring an <acronym>iSCSI</acronym> Target</title> <note> - <para>The native <acronym>iSCSI</acronym> target is - supported starting with &os; 10.0-RELEASE. To use - <acronym>iSCSI</acronym> in older versions of &os;, install a - userspace target from the Ports Collection, such as - <package>net/istgt</package>. This chapter only describes the - native target.</para> + <para>The native <acronym>iSCSI</acronym> target is supported + starting with &os; 10.0-RELEASE. To use + <acronym>iSCSI</acronym> in older versions of &os;, install + a userspace target from the Ports Collection, such as + <package>net/istgt</package>. This chapter only describes + the native target.</para> </note> - <para>To configure an <acronym>iSCSI</acronym> target, - create the - <filename>/etc/ctl.conf</filename> configuration file, add - a line to <filename>/etc/rc.conf</filename> to - make sure the &man.ctld.8; - daemon is automatically started at boot, and then start the - daemon.</para> - - <para>The following is an example of a simple - <filename>/etc/ctl.conf</filename> - configuration file. Refer to &man.ctl.conf.5; for a more - complete description of this file's available options.</para> + <para>To configure an <acronym>iSCSI</acronym> target, create + the <filename>/etc/ctl.conf</filename> configuration file, add + a line to <filename>/etc/rc.conf</filename> to make sure the + &man.ctld.8; daemon is automatically started at boot, and then + start the daemon.</para> + + <para>The following is an example of a simple + <filename>/etc/ctl.conf</filename> configuration file. Refer + to &man.ctl.conf.5; for a more complete description of this + file's available options.</para> - <programlisting>portal-group pg0 { + <programlisting>portal-group pg0 { discovery-auth-group no-authentication listen 0.0.0.0 listen [::] @@ -5725,86 +5724,78 @@ target iqn.2012-06.com.example:target0 { } }</programlisting> - <para>The first entry defines the <literal>pg0</literal> - portal group. Portal groups define which network addresses the - &man.ctld.8; - daemon will listen on. The <literal>discovery-auth-group - no-authentication</literal> entry indicates that any initiator is - allowed to perform <acronym>iSCSI</acronym> target - discovery without authentication. Lines three and four - configure &man.ctld.8; to - listen on all <acronym>IPv4</acronym> - (<literal>listen 0.0.0.0</literal>) and - <acronym>IPv6</acronym> (<literal>listen [::]</literal>) - addresses on the default port of 3260.</para> - - <para>It is not necessary - to define a portal group as there is a built-in portal group called - <literal>default</literal>. In this case, the difference between - <literal>default</literal> and <literal>pg0</literal> - is that with <literal>default</literal>, target - discovery is always - denied, while with <literal>pg0</literal>, it is always - allowed.</para> - - <para>The second entry defines a single - target. Target has two possible - meanings: a machine serving <acronym>iSCSI</acronym> or - a named group of <acronym>LUNs</acronym>. This - example uses the latter meaning, where - <literal>iqn.2012-06.com.example:target0</literal> is the - target name. This target name is suitable for testing purposes. - For actual use, change <literal>com.example</literal> - to the real domain name, reversed. The - <literal>2012-06</literal> represents the year and month of - acquiring control of that domain name, and - <literal>target0</literal> can be any value. Any - number of targets can be defined in this configuration - file.</para> - - <para>The <literal>auth-group no-authentication</literal> line allows - all initiators to connect to the specified target and - <literal>portal-group pg0</literal> makes the target - reachable through the <literal>pg0</literal> portal - group.</para> - - <para>The next section defines the <acronym>LUN</acronym>. To the - initiator, each <acronym>LUN</acronym> will be visible as a - separate disk device. Multiple - <acronym>LUNs</acronym> can be defined for each target. - Each <acronym>LUN</acronym> is identified by a number, where - <acronym>LUN</acronym> 0 is mandatory. The - <literal>path /data/target0-0</literal> line defines the full - path to a file or zvol backing the <acronym>LUN</acronym>. - That path must exist before starting &man.ctld.8;. - The second line is optional and specifies the size of the - <acronym>LUN</acronym>.</para> + <para>The first entry defines the <literal>pg0</literal> portal + group. Portal groups define which network addresses the + &man.ctld.8; daemon will listen on. The + <literal>discovery-auth-group no-authentication</literal> + entry indicates that any initiator is allowed to perform + <acronym>iSCSI</acronym> target discovery without + authentication. Lines three and four configure &man.ctld.8; + to listen on all <acronym>IPv4</acronym> + (<literal>listen 0.0.0.0</literal>) and + <acronym>IPv6</acronym> (<literal>listen [::]</literal>) + addresses on the default port of 3260.</para> + + <para>It is not necessary to define a portal group as there is a + built-in portal group called <literal>default</literal>. In + this case, the difference between <literal>default</literal> + and <literal>pg0</literal> is that with + <literal>default</literal>, target discovery is always denied, + while with <literal>pg0</literal>, it is always + allowed.</para> + + <para>The second entry defines a single target. Target has two + possible meanings: a machine serving <acronym>iSCSI</acronym> + or a named group of <acronym>LUNs</acronym>. This example + uses the latter meaning, where + <literal>iqn.2012-06.com.example:target0</literal> is the + target name. This target name is suitable for testing + purposes. For actual use, change + <literal>com.example</literal> to the real domain name, + reversed. The <literal>2012-06</literal> represents the year + and month of acquiring control of that domain name, and + <literal>target0</literal> can be any value. Any number of + targets can be defined in this configuration file.</para> + + <para>The <literal>auth-group no-authentication</literal> line + allows all initiators to connect to the specified target and + <literal>portal-group pg0</literal> makes the target reachable + through the <literal>pg0</literal> portal group.</para> + + <para>The next section defines the <acronym>LUN</acronym>. To + the initiator, each <acronym>LUN</acronym> will be visible as + a separate disk device. Multiple <acronym>LUNs</acronym> can + be defined for each target. Each <acronym>LUN</acronym> is + identified by a number, where <acronym>LUN</acronym> 0 is + mandatory. The <literal>path /data/target0-0</literal> line + defines the full path to a file or zvol backing the + <acronym>LUN</acronym>. That path must exist before starting + &man.ctld.8;. The second line is optional and specifies the + size of the <acronym>LUN</acronym>.</para> - <para>Next, to make sure the &man.ctld.8; - daemon is started at boot, add this line to - <filename>/etc/rc.conf</filename>:</para> + <para>Next, to make sure the &man.ctld.8; daemon is started at + boot, add this line to + <filename>/etc/rc.conf</filename>:</para> - <programlisting>ctld_enable="YES"</programlisting> + <programlisting>ctld_enable="YES"</programlisting> - <para>To start &man.ctld.8; now, - run this command:</para> + <para>To start &man.ctld.8; now, run this command:</para> - <screen>&prompt.root; <userinput>service ctld start</userinput></screen> + <screen>&prompt.root; <userinput>service ctld start</userinput></screen> - <para>As the &man.ctld.8; - daemon is started, it reads <filename>/etc/ctl.conf</filename>. - If this file is edited after the daemon starts, use this - command so that the changes take - effect immediately:</para> + <para>As the &man.ctld.8; daemon is started, it reads + <filename>/etc/ctl.conf</filename>. If this file is edited + after the daemon starts, use this command so that the changes + take effect immediately:</para> - <screen>&prompt.root; <userinput>service ctld reload</userinput></screen> + <screen>&prompt.root; <userinput>service ctld reload</userinput></screen> <sect3> <title>Authentication</title> - <para>The previous example is inherently insecure as it uses no - authentication, granting anyone full access to - all targets. To require a username and password to access + <para>The previous example is inherently insecure as it uses + no authentication, granting anyone full access to all + targets. To require a username and password to access targets, modify the configuration as follows:</para> <programlisting>auth-group ag0 { @@ -5830,16 +5821,17 @@ target iqn.2012-06.com.example:target0 { <para>The <literal>auth-group</literal> section defines username and password pairs. An initiator trying to connect to <literal>iqn.2012-06.com.example:target0</literal> must - first specify a defined username and secret. However, target discovery is still - permitted without authentication. To require target discovery authentication, - set <literal>discovery-auth-group</literal> to a defined + first specify a defined username and secret. However, + target discovery is still permitted without authentication. + To require target discovery authentication, set + <literal>discovery-auth-group</literal> to a defined <literal>auth-group</literal> name instead of <literal>no-authentication</literal>.</para> - <para>It is common to define a - single exported target for every initiator. As a shorthand - for the syntax above, the username and password can be - specified directly in the target entry:</para> + <para>It is common to define a single exported target for + every initiator. As a shorthand for the syntax above, the + username and password can be specified directly in the + target entry:</para> <programlisting>target iqn.2012-06.com.example:target0 { portal-group pg0 @@ -5857,28 +5849,26 @@ target iqn.2012-06.com.example:target0 { <title>Configuring an <acronym>iSCSI</acronym> Initiator</title> <note> - <para>The <acronym>iSCSI</acronym> initiator described in this section is - supported starting with &os; 10.0-RELEASE. To use the - <acronym>iSCSI</acronym> initiator available in older - versions, refer to &man.iscontrol.8;.</para> + <para>The <acronym>iSCSI</acronym> initiator described in this + section is supported starting with &os; 10.0-RELEASE. To + use the <acronym>iSCSI</acronym> initiator available in + older versions, refer to &man.iscontrol.8;.</para> </note> - <para>The <acronym>iSCSI</acronym> initiator requires that the &man.iscsid.8; - daemon is running. This daemon does not use a configuration file. To - start it automatically at boot, add this line to - <filename>/etc/rc.conf</filename>:</para> + <para>The <acronym>iSCSI</acronym> initiator requires that the + &man.iscsid.8; daemon is running. This daemon does not use a + configuration file. To start it automatically at boot, add + this line to <filename>/etc/rc.conf</filename>:</para> <programlisting>iscsid_enable="YES"</programlisting> - <para>To start &man.iscsid.8; now, - run this command:</para> + <para>To start &man.iscsid.8; now, run this command:</para> <screen>&prompt.root; <userinput>service iscsid start</userinput></screen> <para>Connecting to a target can be done with or without an - <filename>/etc/iscsi.conf</filename> - configuration file. This section demonstrates both types of - connections.</para> + <filename>/etc/iscsi.conf</filename> configuration file. This + section demonstrates both types of connections.</para> <sect3> <title>Connecting to a Target Without a Configuration @@ -5891,15 +5881,16 @@ target iqn.2012-06.com.example:target0 { <screen>&prompt.root; <userinput>iscsictl -A -p <replaceable>10.10.10.10</replaceable> -t <replaceable>iqn.2012-06.com.example:target0</replaceable></userinput></screen> <para>To verify if the connection succeeded, run - <command>iscsictl</command> without any - arguments. The output should look similar to this:</para> + <command>iscsictl</command> without any arguments. The + output should look similar to this:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</programlisting> - <para>In this example, the <acronym>iSCSI</acronym> session was - successfully established, with <filename>/dev/da0</filename> - representing the attached <acronym>LUN</acronym>. If the + <para>In this example, the <acronym>iSCSI</acronym> session + was successfully established, with + <filename>/dev/da0</filename> representing the attached + <acronym>LUN</acronym>. If the <literal>iqn.2012-06.com.example:target0</literal> target exports more than one <acronym>LUN</acronym>, multiple device nodes will be shown in that section of the @@ -5907,25 +5898,28 @@ iqn.2012-06.com.example:target0 <screen>Connected: da0 da1 da2.</screen> - <para>Any errors will be reported in the output, as well as the system logs. - For example, this message usually means that the &man.iscsid.8; - daemon is not running:</para> + <para>Any errors will be reported in the output, as well as + the system logs. For example, this message usually means + that the &man.iscsid.8; daemon is not running:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.10 Waiting for iscsid(8)</programlisting> - <para>The following message suggests a networking problem, such as - a wrong <acronym>IP</acronym> address or port:</para> + <para>The following message suggests a networking problem, + such as a wrong <acronym>IP</acronym> address or + port:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.11 Connection refused</programlisting> - <para>This message means that the specified target name is wrong:</para> + <para>This message means that the specified target name is + wrong:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:atrget0 10.10.10.10 Not found</programlisting> - <para>This message means that the target requires authentication:</para> + <para>This message means that the target requires + authentication:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.10 Authentication failed</programlisting> @@ -5953,19 +5947,22 @@ iqn.2012-06.com.example:target0 }</programlisting> <para>The <literal>t0</literal> specifies a nickname for the - configuration file section. It will be used by the initiator to - specify which configuration to use. The other lines - specify the parameters to use during connection. The <literal>TargetAddress</literal> - and <literal>TargetName</literal> are mandatory, whereas the other options are optional. In - this example, the <acronym>CHAP</acronym> username and secret - are shown.</para> + configuration file section. It will be used by the + initiator to specify which configuration to use. The other + lines specify the parameters to use during connection. The + <literal>TargetAddress</literal> and + <literal>TargetName</literal> are mandatory, whereas the + other options are optional. In this example, the + <acronym>CHAP</acronym> username and secret are + shown.</para> - <para>To connect to the defined target, specify the nickname:</para> + <para>To connect to the defined target, specify the + nickname:</para> <screen>&prompt.root; <userinput>iscsictl -An <replaceable>t0</replaceable></userinput></screen> - <para>Alternately, to connect to all targets defined in the configuration - file, use:</para> + <para>Alternately, to connect to all targets defined in the + configuration file, use:</para> <screen>&prompt.root; <userinput>iscsictl -Aa</userinput></screen>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403191408.s2JE876m066421>