svn commit: r44286 - head/en_US.ISO8859-1/books/handbook/network-servers
Dru Lavigne
dru at FreeBSD.org
Wed Mar 19 14:08:07 UTC 2014
Author: dru
Date: Wed Mar 19 14:08:07 2014
New Revision: 44286
URL: http://svnweb.freebsd.org/changeset/doc/44286
Log:
White space fix only. Translators can ignore.
Sponsored by: iXsystems
Modified:
head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Mar 19 13:50:10 2014 (r44285)
+++ head/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml Wed Mar 19 14:08:07 2014 (r44286)
@@ -1744,10 +1744,10 @@ nis_client_enable="YES"</programlisting>
logins.</para>
<para>To prevent specified users from logging on to a system,
- even if they are present in the
- <acronym>NIS</acronym> database, use <command>vipw</command>
- to add <literal>-<replaceable>username</replaceable></literal> with the correct number
- of colons towards the end of
+ even if they are present in the <acronym>NIS</acronym>
+ database, use <command>vipw</command> to add
+ <literal>-<replaceable>username</replaceable></literal> with
+ the correct number of colons towards the end of
<filename>/etc/master.passwd</filename> on the client,
where <replaceable>username</replaceable> is the username of
a user to bar from logging in. The line with the blocked
@@ -4394,7 +4394,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key
Binaries are stored in the <filename>bin</filename> and
<filename>sbin</filename> subdirectories of the server
root, and configuration files are stored in
- <filename class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para>
+ <filename
+ class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para>
</listitem>
</varlistentry>
@@ -4485,7 +4486,8 @@ $include Kexample.com.+005+nnnnn.ZSK.key
<screen>&prompt.root; <userinput>service apache24 start</userinput></screen>
<para>The <command>httpd</command> service can be tested by
- entering <literal>http://<replaceable>localhost</replaceable></literal>
+ entering
+ <literal>http://<replaceable>localhost</replaceable></literal>
in a web browser, replacing
<replaceable>localhost</replaceable> with the fully-qualified
domain name of the machine running <command>httpd</command>,
@@ -5658,27 +5660,26 @@ Logging to FILE /var/log/messages</scree
Configuration</title>
<para><acronym>iSCSI</acronym> is a way to share storage over a
- network. Unlike
- <acronym>NFS</acronym>, which works at the
- file system level, <acronym>iSCSI</acronym> works at the
- block device level.</para>
-
+ network. Unlike <acronym>NFS</acronym>, which works at the file
+ system level, <acronym>iSCSI</acronym> works at the block device
+ level.</para>
+
<para>In <acronym>iSCSI</acronym> terminology, the system that
- shares the storage is
- known as the <emphasis>target</emphasis>. The storage can be a
- physical disk, or an area representing multiple disks or a
- portion of a physical disk. For example, if the disk(s) are
- formatted with <acronym>ZFS</acronym>, a zvol can be created to
- use as the <acronym>iSCSI</acronym> storage.</para>
-
+ shares the storage is known as the <emphasis>target</emphasis>.
+ The storage can be a physical disk, or an area representing
+ multiple disks or a portion of a physical disk. For example, if
+ the disk(s) are formatted with <acronym>ZFS</acronym>, a zvol
+ can be created to use as the <acronym>iSCSI</acronym>
+ storage.</para>
+
<para>The clients which access the <acronym>iSCSI</acronym>
- storage are called <emphasis>initiators</emphasis>.
- To initiators, the storage available through
+ storage are called <emphasis>initiators</emphasis>. To
+ initiators, the storage available through
<acronym>iSCSI</acronym> appears as a raw, unformatted disk
- known as a <acronym>LUN</acronym>.
- Device nodes for the disk appear in <filename>/dev/</filename> and the device must be
+ known as a <acronym>LUN</acronym>. Device nodes for the disk
+ appear in <filename>/dev/</filename> and the device must be
separately formatted and mounted.</para>
-
+
<para>Beginning with 10.0-RELEASE, &os; provides a native,
kernel-based <acronym>iSCSI</acronym> target and initiator.
This section describes how to configure a &os; system as a
@@ -5688,28 +5689,26 @@ Logging to FILE /var/log/messages</scree
<title>Configuring an <acronym>iSCSI</acronym> Target</title>
<note>
- <para>The native <acronym>iSCSI</acronym> target is
- supported starting with &os; 10.0-RELEASE. To use
- <acronym>iSCSI</acronym> in older versions of &os;, install a
- userspace target from the Ports Collection, such as
- <package>net/istgt</package>. This chapter only describes the
- native target.</para>
+ <para>The native <acronym>iSCSI</acronym> target is supported
+ starting with &os; 10.0-RELEASE. To use
+ <acronym>iSCSI</acronym> in older versions of &os;, install
+ a userspace target from the Ports Collection, such as
+ <package>net/istgt</package>. This chapter only describes
+ the native target.</para>
</note>
- <para>To configure an <acronym>iSCSI</acronym> target,
- create the
- <filename>/etc/ctl.conf</filename> configuration file, add
- a line to <filename>/etc/rc.conf</filename> to
- make sure the &man.ctld.8;
- daemon is automatically started at boot, and then start the
- daemon.</para>
-
- <para>The following is an example of a simple
- <filename>/etc/ctl.conf</filename>
- configuration file. Refer to &man.ctl.conf.5; for a more
- complete description of this file's available options.</para>
+ <para>To configure an <acronym>iSCSI</acronym> target, create
+ the <filename>/etc/ctl.conf</filename> configuration file, add
+ a line to <filename>/etc/rc.conf</filename> to make sure the
+ &man.ctld.8; daemon is automatically started at boot, and then
+ start the daemon.</para>
+
+ <para>The following is an example of a simple
+ <filename>/etc/ctl.conf</filename> configuration file. Refer
+ to &man.ctl.conf.5; for a more complete description of this
+ file's available options.</para>
- <programlisting>portal-group pg0 {
+ <programlisting>portal-group pg0 {
discovery-auth-group no-authentication
listen 0.0.0.0
listen [::]
@@ -5725,86 +5724,78 @@ target iqn.2012-06.com.example:target0 {
}
}</programlisting>
- <para>The first entry defines the <literal>pg0</literal>
- portal group. Portal groups define which network addresses the
- &man.ctld.8;
- daemon will listen on. The <literal>discovery-auth-group
- no-authentication</literal> entry indicates that any initiator is
- allowed to perform <acronym>iSCSI</acronym> target
- discovery without authentication. Lines three and four
- configure &man.ctld.8; to
- listen on all <acronym>IPv4</acronym>
- (<literal>listen 0.0.0.0</literal>) and
- <acronym>IPv6</acronym> (<literal>listen [::]</literal>)
- addresses on the default port of 3260.</para>
-
- <para>It is not necessary
- to define a portal group as there is a built-in portal group called
- <literal>default</literal>. In this case, the difference between
- <literal>default</literal> and <literal>pg0</literal>
- is that with <literal>default</literal>, target
- discovery is always
- denied, while with <literal>pg0</literal>, it is always
- allowed.</para>
-
- <para>The second entry defines a single
- target. Target has two possible
- meanings: a machine serving <acronym>iSCSI</acronym> or
- a named group of <acronym>LUNs</acronym>. This
- example uses the latter meaning, where
- <literal>iqn.2012-06.com.example:target0</literal> is the
- target name. This target name is suitable for testing purposes.
- For actual use, change <literal>com.example</literal>
- to the real domain name, reversed. The
- <literal>2012-06</literal> represents the year and month of
- acquiring control of that domain name, and
- <literal>target0</literal> can be any value. Any
- number of targets can be defined in this configuration
- file.</para>
-
- <para>The <literal>auth-group no-authentication</literal> line allows
- all initiators to connect to the specified target and
- <literal>portal-group pg0</literal> makes the target
- reachable through the <literal>pg0</literal> portal
- group.</para>
-
- <para>The next section defines the <acronym>LUN</acronym>. To the
- initiator, each <acronym>LUN</acronym> will be visible as a
- separate disk device. Multiple
- <acronym>LUNs</acronym> can be defined for each target.
- Each <acronym>LUN</acronym> is identified by a number, where
- <acronym>LUN</acronym> 0 is mandatory. The
- <literal>path /data/target0-0</literal> line defines the full
- path to a file or zvol backing the <acronym>LUN</acronym>.
- That path must exist before starting &man.ctld.8;.
- The second line is optional and specifies the size of the
- <acronym>LUN</acronym>.</para>
+ <para>The first entry defines the <literal>pg0</literal> portal
+ group. Portal groups define which network addresses the
+ &man.ctld.8; daemon will listen on. The
+ <literal>discovery-auth-group no-authentication</literal>
+ entry indicates that any initiator is allowed to perform
+ <acronym>iSCSI</acronym> target discovery without
+ authentication. Lines three and four configure &man.ctld.8;
+ to listen on all <acronym>IPv4</acronym>
+ (<literal>listen 0.0.0.0</literal>) and
+ <acronym>IPv6</acronym> (<literal>listen [::]</literal>)
+ addresses on the default port of 3260.</para>
+
+ <para>It is not necessary to define a portal group as there is a
+ built-in portal group called <literal>default</literal>. In
+ this case, the difference between <literal>default</literal>
+ and <literal>pg0</literal> is that with
+ <literal>default</literal>, target discovery is always denied,
+ while with <literal>pg0</literal>, it is always
+ allowed.</para>
+
+ <para>The second entry defines a single target. Target has two
+ possible meanings: a machine serving <acronym>iSCSI</acronym>
+ or a named group of <acronym>LUNs</acronym>. This example
+ uses the latter meaning, where
+ <literal>iqn.2012-06.com.example:target0</literal> is the
+ target name. This target name is suitable for testing
+ purposes. For actual use, change
+ <literal>com.example</literal> to the real domain name,
+ reversed. The <literal>2012-06</literal> represents the year
+ and month of acquiring control of that domain name, and
+ <literal>target0</literal> can be any value. Any number of
+ targets can be defined in this configuration file.</para>
+
+ <para>The <literal>auth-group no-authentication</literal> line
+ allows all initiators to connect to the specified target and
+ <literal>portal-group pg0</literal> makes the target reachable
+ through the <literal>pg0</literal> portal group.</para>
+
+ <para>The next section defines the <acronym>LUN</acronym>. To
+ the initiator, each <acronym>LUN</acronym> will be visible as
+ a separate disk device. Multiple <acronym>LUNs</acronym> can
+ be defined for each target. Each <acronym>LUN</acronym> is
+ identified by a number, where <acronym>LUN</acronym> 0 is
+ mandatory. The <literal>path /data/target0-0</literal> line
+ defines the full path to a file or zvol backing the
+ <acronym>LUN</acronym>. That path must exist before starting
+ &man.ctld.8;. The second line is optional and specifies the
+ size of the <acronym>LUN</acronym>.</para>
- <para>Next, to make sure the &man.ctld.8;
- daemon is started at boot, add this line to
- <filename>/etc/rc.conf</filename>:</para>
+ <para>Next, to make sure the &man.ctld.8; daemon is started at
+ boot, add this line to
+ <filename>/etc/rc.conf</filename>:</para>
- <programlisting>ctld_enable="YES"</programlisting>
+ <programlisting>ctld_enable="YES"</programlisting>
- <para>To start &man.ctld.8; now,
- run this command:</para>
+ <para>To start &man.ctld.8; now, run this command:</para>
- <screen>&prompt.root; <userinput>service ctld start</userinput></screen>
+ <screen>&prompt.root; <userinput>service ctld start</userinput></screen>
- <para>As the &man.ctld.8;
- daemon is started, it reads <filename>/etc/ctl.conf</filename>.
- If this file is edited after the daemon starts, use this
- command so that the changes take
- effect immediately:</para>
+ <para>As the &man.ctld.8; daemon is started, it reads
+ <filename>/etc/ctl.conf</filename>. If this file is edited
+ after the daemon starts, use this command so that the changes
+ take effect immediately:</para>
- <screen>&prompt.root; <userinput>service ctld reload</userinput></screen>
+ <screen>&prompt.root; <userinput>service ctld reload</userinput></screen>
<sect3>
<title>Authentication</title>
- <para>The previous example is inherently insecure as it uses no
- authentication, granting anyone full access to
- all targets. To require a username and password to access
+ <para>The previous example is inherently insecure as it uses
+ no authentication, granting anyone full access to all
+ targets. To require a username and password to access
targets, modify the configuration as follows:</para>
<programlisting>auth-group ag0 {
@@ -5830,16 +5821,17 @@ target iqn.2012-06.com.example:target0 {
<para>The <literal>auth-group</literal> section defines
username and password pairs. An initiator trying to connect
to <literal>iqn.2012-06.com.example:target0</literal> must
- first specify a defined username and secret. However, target discovery is still
- permitted without authentication. To require target discovery authentication,
- set <literal>discovery-auth-group</literal> to a defined
+ first specify a defined username and secret. However,
+ target discovery is still permitted without authentication.
+ To require target discovery authentication, set
+ <literal>discovery-auth-group</literal> to a defined
<literal>auth-group</literal> name instead of
<literal>no-authentication</literal>.</para>
- <para>It is common to define a
- single exported target for every initiator. As a shorthand
- for the syntax above, the username and password can be
- specified directly in the target entry:</para>
+ <para>It is common to define a single exported target for
+ every initiator. As a shorthand for the syntax above, the
+ username and password can be specified directly in the
+ target entry:</para>
<programlisting>target iqn.2012-06.com.example:target0 {
portal-group pg0
@@ -5857,28 +5849,26 @@ target iqn.2012-06.com.example:target0 {
<title>Configuring an <acronym>iSCSI</acronym> Initiator</title>
<note>
- <para>The <acronym>iSCSI</acronym> initiator described in this section is
- supported starting with &os; 10.0-RELEASE. To use the
- <acronym>iSCSI</acronym> initiator available in older
- versions, refer to &man.iscontrol.8;.</para>
+ <para>The <acronym>iSCSI</acronym> initiator described in this
+ section is supported starting with &os; 10.0-RELEASE. To
+ use the <acronym>iSCSI</acronym> initiator available in
+ older versions, refer to &man.iscontrol.8;.</para>
</note>
- <para>The <acronym>iSCSI</acronym> initiator requires that the &man.iscsid.8;
- daemon is running. This daemon does not use a configuration file. To
- start it automatically at boot, add this line to
- <filename>/etc/rc.conf</filename>:</para>
+ <para>The <acronym>iSCSI</acronym> initiator requires that the
+ &man.iscsid.8; daemon is running. This daemon does not use a
+ configuration file. To start it automatically at boot, add
+ this line to <filename>/etc/rc.conf</filename>:</para>
<programlisting>iscsid_enable="YES"</programlisting>
- <para>To start &man.iscsid.8; now,
- run this command:</para>
+ <para>To start &man.iscsid.8; now, run this command:</para>
<screen>&prompt.root; <userinput>service iscsid start</userinput></screen>
<para>Connecting to a target can be done with or without an
- <filename>/etc/iscsi.conf</filename>
- configuration file. This section demonstrates both types of
- connections.</para>
+ <filename>/etc/iscsi.conf</filename> configuration file. This
+ section demonstrates both types of connections.</para>
<sect3>
<title>Connecting to a Target Without a Configuration
@@ -5891,15 +5881,16 @@ target iqn.2012-06.com.example:target0 {
<screen>&prompt.root; <userinput>iscsictl -A -p <replaceable>10.10.10.10</replaceable> -t <replaceable>iqn.2012-06.com.example:target0</replaceable></userinput></screen>
<para>To verify if the connection succeeded, run
- <command>iscsictl</command> without any
- arguments. The output should look similar to this:</para>
+ <command>iscsictl</command> without any arguments. The
+ output should look similar to this:</para>
<programlisting>Target name Target portal State
iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</programlisting>
- <para>In this example, the <acronym>iSCSI</acronym> session was
- successfully established, with <filename>/dev/da0</filename>
- representing the attached <acronym>LUN</acronym>. If the
+ <para>In this example, the <acronym>iSCSI</acronym> session
+ was successfully established, with
+ <filename>/dev/da0</filename> representing the attached
+ <acronym>LUN</acronym>. If the
<literal>iqn.2012-06.com.example:target0</literal> target
exports more than one <acronym>LUN</acronym>, multiple
device nodes will be shown in that section of the
@@ -5907,25 +5898,28 @@ iqn.2012-06.com.example:target0
<screen>Connected: da0 da1 da2.</screen>
- <para>Any errors will be reported in the output, as well as the system logs.
- For example, this message usually means that the &man.iscsid.8;
- daemon is not running:</para>
+ <para>Any errors will be reported in the output, as well as
+ the system logs. For example, this message usually means
+ that the &man.iscsid.8; daemon is not running:</para>
<programlisting>Target name Target portal State
iqn.2012-06.com.example:target0 10.10.10.10 Waiting for iscsid(8)</programlisting>
- <para>The following message suggests a networking problem, such as
- a wrong <acronym>IP</acronym> address or port:</para>
+ <para>The following message suggests a networking problem,
+ such as a wrong <acronym>IP</acronym> address or
+ port:</para>
<programlisting>Target name Target portal State
iqn.2012-06.com.example:target0 10.10.10.11 Connection refused</programlisting>
- <para>This message means that the specified target name is wrong:</para>
+ <para>This message means that the specified target name is
+ wrong:</para>
<programlisting>Target name Target portal State
iqn.2012-06.com.example:atrget0 10.10.10.10 Not found</programlisting>
- <para>This message means that the target requires authentication:</para>
+ <para>This message means that the target requires
+ authentication:</para>
<programlisting>Target name Target portal State
iqn.2012-06.com.example:target0 10.10.10.10 Authentication failed</programlisting>
@@ -5953,19 +5947,22 @@ iqn.2012-06.com.example:target0
}</programlisting>
<para>The <literal>t0</literal> specifies a nickname for the
- configuration file section. It will be used by the initiator to
- specify which configuration to use. The other lines
- specify the parameters to use during connection. The <literal>TargetAddress</literal>
- and <literal>TargetName</literal> are mandatory, whereas the other options are optional. In
- this example, the <acronym>CHAP</acronym> username and secret
- are shown.</para>
+ configuration file section. It will be used by the
+ initiator to specify which configuration to use. The other
+ lines specify the parameters to use during connection. The
+ <literal>TargetAddress</literal> and
+ <literal>TargetName</literal> are mandatory, whereas the
+ other options are optional. In this example, the
+ <acronym>CHAP</acronym> username and secret are
+ shown.</para>
- <para>To connect to the defined target, specify the nickname:</para>
+ <para>To connect to the defined target, specify the
+ nickname:</para>
<screen>&prompt.root; <userinput>iscsictl -An <replaceable>t0</replaceable></userinput></screen>
- <para>Alternately, to connect to all targets defined in the configuration
- file, use:</para>
+ <para>Alternately, to connect to all targets defined in the
+ configuration file, use:</para>
<screen>&prompt.root; <userinput>iscsictl -Aa</userinput></screen>
More information about the svn-doc-head
mailing list