From owner-svn-doc-head@FreeBSD.ORG Wed Mar 19 14:08:07 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8D2DCACD; Wed, 19 Mar 2014 14:08:07 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 77307B61; Wed, 19 Mar 2014 14:08:07 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s2JE87cD066422; Wed, 19 Mar 2014 14:08:07 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s2JE876m066421; Wed, 19 Mar 2014 14:08:07 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201403191408.s2JE876m066421@svn.freebsd.org> From: Dru Lavigne Date: Wed, 19 Mar 2014 14:08:07 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r44286 - head/en_US.ISO8859-1/books/handbook/network-servers X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2014 14:08:07 -0000 Author: dru Date: Wed Mar 19 14:08:07 2014 New Revision: 44286 URL: http://svnweb.freebsd.org/changeset/doc/44286 Log: White space fix only. Translators can ignore. Sponsored by: iXsystems Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Mar 19 13:50:10 2014 (r44285) +++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Mar 19 14:08:07 2014 (r44286) @@ -1744,10 +1744,10 @@ nis_client_enable="YES" logins. To prevent specified users from logging on to a system, - even if they are present in the - NIS database, use vipw - to add -username with the correct number - of colons towards the end of + even if they are present in the NIS + database, use vipw to add + -username with + the correct number of colons towards the end of /etc/master.passwd on the client, where username is the username of a user to bar from logging in. The line with the blocked @@ -4394,7 +4394,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key Binaries are stored in the bin and sbin subdirectories of the server root, and configuration files are stored in - etc/apache2x. + etc/apache2x. @@ -4485,7 +4486,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key &prompt.root; service apache24 start The httpd service can be tested by - entering http://localhost + entering + http://localhost in a web browser, replacing localhost with the fully-qualified domain name of the machine running httpd, @@ -5658,27 +5660,26 @@ Logging to FILE /var/log/messages iSCSI is a way to share storage over a - network. Unlike - NFS, which works at the - file system level, iSCSI works at the - block device level. - + network. Unlike NFS, which works at the file + system level, iSCSI works at the block device + level. + In iSCSI terminology, the system that - shares the storage is - known as the target. The storage can be a - physical disk, or an area representing multiple disks or a - portion of a physical disk. For example, if the disk(s) are - formatted with ZFS, a zvol can be created to - use as the iSCSI storage. - + shares the storage is known as the target. + The storage can be a physical disk, or an area representing + multiple disks or a portion of a physical disk. For example, if + the disk(s) are formatted with ZFS, a zvol + can be created to use as the iSCSI + storage. + The clients which access the iSCSI - storage are called initiators. - To initiators, the storage available through + storage are called initiators. To + initiators, the storage available through iSCSI appears as a raw, unformatted disk - known as a LUN. - Device nodes for the disk appear in /dev/ and the device must be + known as a LUN. Device nodes for the disk + appear in /dev/ and the device must be separately formatted and mounted. - + Beginning with 10.0-RELEASE, &os; provides a native, kernel-based iSCSI target and initiator. This section describes how to configure a &os; system as a @@ -5688,28 +5689,26 @@ Logging to FILE /var/log/messagesConfiguring an iSCSI Target - The native iSCSI target is - supported starting with &os; 10.0-RELEASE. To use - iSCSI in older versions of &os;, install a - userspace target from the Ports Collection, such as - net/istgt. This chapter only describes the - native target. + The native iSCSI target is supported + starting with &os; 10.0-RELEASE. To use + iSCSI in older versions of &os;, install + a userspace target from the Ports Collection, such as + net/istgt. This chapter only describes + the native target. - To configure an iSCSI target, - create the - /etc/ctl.conf configuration file, add - a line to /etc/rc.conf to - make sure the &man.ctld.8; - daemon is automatically started at boot, and then start the - daemon. - - The following is an example of a simple - /etc/ctl.conf - configuration file. Refer to &man.ctl.conf.5; for a more - complete description of this file's available options. + To configure an iSCSI target, create + the /etc/ctl.conf configuration file, add + a line to /etc/rc.conf to make sure the + &man.ctld.8; daemon is automatically started at boot, and then + start the daemon. + + The following is an example of a simple + /etc/ctl.conf configuration file. Refer + to &man.ctl.conf.5; for a more complete description of this + file's available options. - portal-group pg0 { + portal-group pg0 { discovery-auth-group no-authentication listen 0.0.0.0 listen [::] @@ -5725,86 +5724,78 @@ target iqn.2012-06.com.example:target0 { } } - The first entry defines the pg0 - portal group. Portal groups define which network addresses the - &man.ctld.8; - daemon will listen on. The discovery-auth-group - no-authentication entry indicates that any initiator is - allowed to perform iSCSI target - discovery without authentication. Lines three and four - configure &man.ctld.8; to - listen on all IPv4 - (listen 0.0.0.0) and - IPv6 (listen [::]) - addresses on the default port of 3260. - - It is not necessary - to define a portal group as there is a built-in portal group called - default. In this case, the difference between - default and pg0 - is that with default, target - discovery is always - denied, while with pg0, it is always - allowed. - - The second entry defines a single - target. Target has two possible - meanings: a machine serving iSCSI or - a named group of LUNs. This - example uses the latter meaning, where - iqn.2012-06.com.example:target0 is the - target name. This target name is suitable for testing purposes. - For actual use, change com.example - to the real domain name, reversed. The - 2012-06 represents the year and month of - acquiring control of that domain name, and - target0 can be any value. Any - number of targets can be defined in this configuration - file. - - The auth-group no-authentication line allows - all initiators to connect to the specified target and - portal-group pg0 makes the target - reachable through the pg0 portal - group. - - The next section defines the LUN. To the - initiator, each LUN will be visible as a - separate disk device. Multiple - LUNs can be defined for each target. - Each LUN is identified by a number, where - LUN 0 is mandatory. The - path /data/target0-0 line defines the full - path to a file or zvol backing the LUN. - That path must exist before starting &man.ctld.8;. - The second line is optional and specifies the size of the - LUN. + The first entry defines the pg0 portal + group. Portal groups define which network addresses the + &man.ctld.8; daemon will listen on. The + discovery-auth-group no-authentication + entry indicates that any initiator is allowed to perform + iSCSI target discovery without + authentication. Lines three and four configure &man.ctld.8; + to listen on all IPv4 + (listen 0.0.0.0) and + IPv6 (listen [::]) + addresses on the default port of 3260. + + It is not necessary to define a portal group as there is a + built-in portal group called default. In + this case, the difference between default + and pg0 is that with + default, target discovery is always denied, + while with pg0, it is always + allowed. + + The second entry defines a single target. Target has two + possible meanings: a machine serving iSCSI + or a named group of LUNs. This example + uses the latter meaning, where + iqn.2012-06.com.example:target0 is the + target name. This target name is suitable for testing + purposes. For actual use, change + com.example to the real domain name, + reversed. The 2012-06 represents the year + and month of acquiring control of that domain name, and + target0 can be any value. Any number of + targets can be defined in this configuration file. + + The auth-group no-authentication line + allows all initiators to connect to the specified target and + portal-group pg0 makes the target reachable + through the pg0 portal group. + + The next section defines the LUN. To + the initiator, each LUN will be visible as + a separate disk device. Multiple LUNs can + be defined for each target. Each LUN is + identified by a number, where LUN 0 is + mandatory. The path /data/target0-0 line + defines the full path to a file or zvol backing the + LUN. That path must exist before starting + &man.ctld.8;. The second line is optional and specifies the + size of the LUN. - Next, to make sure the &man.ctld.8; - daemon is started at boot, add this line to - /etc/rc.conf: + Next, to make sure the &man.ctld.8; daemon is started at + boot, add this line to + /etc/rc.conf: - ctld_enable="YES" + ctld_enable="YES" - To start &man.ctld.8; now, - run this command: + To start &man.ctld.8; now, run this command: - &prompt.root; service ctld start + &prompt.root; service ctld start - As the &man.ctld.8; - daemon is started, it reads /etc/ctl.conf. - If this file is edited after the daemon starts, use this - command so that the changes take - effect immediately: + As the &man.ctld.8; daemon is started, it reads + /etc/ctl.conf. If this file is edited + after the daemon starts, use this command so that the changes + take effect immediately: - &prompt.root; service ctld reload + &prompt.root; service ctld reload Authentication - The previous example is inherently insecure as it uses no - authentication, granting anyone full access to - all targets. To require a username and password to access + The previous example is inherently insecure as it uses + no authentication, granting anyone full access to all + targets. To require a username and password to access targets, modify the configuration as follows: auth-group ag0 { @@ -5830,16 +5821,17 @@ target iqn.2012-06.com.example:target0 { The auth-group section defines username and password pairs. An initiator trying to connect to iqn.2012-06.com.example:target0 must - first specify a defined username and secret. However, target discovery is still - permitted without authentication. To require target discovery authentication, - set discovery-auth-group to a defined + first specify a defined username and secret. However, + target discovery is still permitted without authentication. + To require target discovery authentication, set + discovery-auth-group to a defined auth-group name instead of no-authentication. - It is common to define a - single exported target for every initiator. As a shorthand - for the syntax above, the username and password can be - specified directly in the target entry: + It is common to define a single exported target for + every initiator. As a shorthand for the syntax above, the + username and password can be specified directly in the + target entry: target iqn.2012-06.com.example:target0 { portal-group pg0 @@ -5857,28 +5849,26 @@ target iqn.2012-06.com.example:target0 { Configuring an <acronym>iSCSI</acronym> Initiator - The iSCSI initiator described in this section is - supported starting with &os; 10.0-RELEASE. To use the - iSCSI initiator available in older - versions, refer to &man.iscontrol.8;. + The iSCSI initiator described in this + section is supported starting with &os; 10.0-RELEASE. To + use the iSCSI initiator available in + older versions, refer to &man.iscontrol.8;. - The iSCSI initiator requires that the &man.iscsid.8; - daemon is running. This daemon does not use a configuration file. To - start it automatically at boot, add this line to - /etc/rc.conf: + The iSCSI initiator requires that the + &man.iscsid.8; daemon is running. This daemon does not use a + configuration file. To start it automatically at boot, add + this line to /etc/rc.conf: iscsid_enable="YES" - To start &man.iscsid.8; now, - run this command: + To start &man.iscsid.8; now, run this command: &prompt.root; service iscsid start Connecting to a target can be done with or without an - /etc/iscsi.conf - configuration file. This section demonstrates both types of - connections. + /etc/iscsi.conf configuration file. This + section demonstrates both types of connections. Connecting to a Target Without a Configuration @@ -5891,15 +5881,16 @@ target iqn.2012-06.com.example:target0 { <screen>&prompt.root; <userinput>iscsictl -A -p <replaceable>10.10.10.10</replaceable> -t <replaceable>iqn.2012-06.com.example:target0</replaceable></userinput></screen> <para>To verify if the connection succeeded, run - <command>iscsictl</command> without any - arguments. The output should look similar to this:</para> + <command>iscsictl</command> without any arguments. The + output should look similar to this:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</programlisting> - <para>In this example, the <acronym>iSCSI</acronym> session was - successfully established, with <filename>/dev/da0</filename> - representing the attached <acronym>LUN</acronym>. If the + <para>In this example, the <acronym>iSCSI</acronym> session + was successfully established, with + <filename>/dev/da0</filename> representing the attached + <acronym>LUN</acronym>. If the <literal>iqn.2012-06.com.example:target0</literal> target exports more than one <acronym>LUN</acronym>, multiple device nodes will be shown in that section of the @@ -5907,25 +5898,28 @@ iqn.2012-06.com.example:target0 <screen>Connected: da0 da1 da2.</screen> - <para>Any errors will be reported in the output, as well as the system logs. - For example, this message usually means that the &man.iscsid.8; - daemon is not running:</para> + <para>Any errors will be reported in the output, as well as + the system logs. For example, this message usually means + that the &man.iscsid.8; daemon is not running:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.10 Waiting for iscsid(8)</programlisting> - <para>The following message suggests a networking problem, such as - a wrong <acronym>IP</acronym> address or port:</para> + <para>The following message suggests a networking problem, + such as a wrong <acronym>IP</acronym> address or + port:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.11 Connection refused</programlisting> - <para>This message means that the specified target name is wrong:</para> + <para>This message means that the specified target name is + wrong:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:atrget0 10.10.10.10 Not found</programlisting> - <para>This message means that the target requires authentication:</para> + <para>This message means that the target requires + authentication:</para> <programlisting>Target name Target portal State iqn.2012-06.com.example:target0 10.10.10.10 Authentication failed</programlisting> @@ -5953,19 +5947,22 @@ iqn.2012-06.com.example:target0 }</programlisting> <para>The <literal>t0</literal> specifies a nickname for the - configuration file section. It will be used by the initiator to - specify which configuration to use. The other lines - specify the parameters to use during connection. The <literal>TargetAddress</literal> - and <literal>TargetName</literal> are mandatory, whereas the other options are optional. In - this example, the <acronym>CHAP</acronym> username and secret - are shown.</para> + configuration file section. It will be used by the + initiator to specify which configuration to use. The other + lines specify the parameters to use during connection. The + <literal>TargetAddress</literal> and + <literal>TargetName</literal> are mandatory, whereas the + other options are optional. In this example, the + <acronym>CHAP</acronym> username and secret are + shown.</para> - <para>To connect to the defined target, specify the nickname:</para> + <para>To connect to the defined target, specify the + nickname:</para> <screen>&prompt.root; <userinput>iscsictl -An <replaceable>t0</replaceable></userinput></screen> - <para>Alternately, to connect to all targets defined in the configuration - file, use:</para> + <para>Alternately, to connect to all targets defined in the + configuration file, use:</para> <screen>&prompt.root; <userinput>iscsictl -Aa</userinput></screen>