isns_config - Man Page

iSNS configuration file

Synopsis

/etc/isns/isnsadm.conf
/etc/isns/isnsd.conf
/etc/isns/isnsdd.conf

Description

All Open-iSNS utilities read their configuration from a file in /etc/isns. There is a separate configuration file for each application, isnsd, isnsadm, and isnsdd. The syntax and the set of supported options is identical, even though some options are specific to e.g. the server. Unless indicated, options are applicable to all utilities.

An Open-iSNS configuration file contains keyword-argument pairs, one per line.  All keywords are case insensitive.

A # character introduces a comment, which extends until the end of the line. Empty lines are ignored.

There are no line continuations, and you cannot use quotes around arguments.

Some options specify timeout values, which are given in units of seconds by default. You can specify an explicit unit, however, such as d (days), h (hours), m (minutes), or s (seconds).

Generic Options

HostName

By default, Open-iSNS applications will retrieve the machine's hostname using the gethostname(3) system call, and use a DNS lookup to look up the canonical name. Using the HostName option, you can overried this. This option is rarely needed.

SourceName

This option is mandatory for all Open-iSNS applications. This should be a name which identifies the client uniquely. There are two readings of RFC 4171; one requires that this is an iSCSI qualified name such as iqn.2001-04.com.example.host, whereas other language in the RFC suggests that this is pretty much a free-format string that just has to be unique (using e.g. the client's fully qualified domain name).

When using DSA authentication, Open-iSNS currently requires the source name to match the key identifier (SPI) of the client's public key.

If left empty, the source name is derived from either from the default initiatorname in /etc/iscsi/initiatorname.iscsi or, failing that, the client's hostname using the IQNPrefix option to generate an iSCSI qualified name.

IQNPrefix

Specifies the iSCSI qualified name prefix; must be of the form iqn.YYYY-MM with YYYY being the year and MM the month.

ServerAddress (client):

This options specifies the host name or address of the iSNS server to talk to. It can optionally be followed by a colon, and a port number.

Instead of a hostname, IPv4 or IPv6 addresses can be used. In order to avoid ambiguities, literal IPv6 addresses must be surrounded by square brackets, as in [2001:4e5f::1].

When specifying a port number, you can use either the numeric port, or a string name to be looked up in /etc/services. When the port is omitted, it defaults to 3205, the IANA assigned port number of iSNS.

If the special string SLP: is used, the client will try to locate the iSNS server through SLP.

SLPRegister (server):

If set to 1, the iSNS daemon will register itself will the SLP service. This allows clients to contact the server without having to configure its address statically.

PIDFile (server):

This specifies the name of the server's PID file, which is /var/run/isnsd.pid by default.

Key Stores and Policy

The current implementation supports two types of key stores.

The simple key store uses a flat directory to store public keys, each key in a file of its own. The file is expected to hold the client's PEM-encoded public key, and it must use the client's SPI as the name. This type of key store is not really recommended, as it does not store any policy information.

A simple key store can be configured by setting the KeyStore option to the path name of the directory.

The recommended approach is to use the database as key store. This uses vendor-specific policy objects to tie SPI string, public key, entity name, source name and other bits of policy together, and store them in a persistent way.

The database key store is configured by setting the KeyStore option to the reserved value DB:, which is also the default.

Currently, Open-iSNS policy objects have the following attributes, besides the SPI:

Source:

This is the source node name the client must use. It defaults to the SPI string.

Functions:

This is a bitmap detailing which functions the client is permitted to invoke. The bit names correspond to the shorthand names used in RFC 4171, such as DevAttrReg, DevAttrQry, etc. The default is to allow registration, query and deregistration, as well as SCNRegister.

Entity name:

This is the entity name assigned to the client. If set, a registration by the client is not permitted to use a different entity name. If the client sends a registration without Entity identifier, the server will assign the entity name given in the policy. The default is to not restrict the entity name.

Object access:

This is a bitfield describing access permissions for each object type. For each object type, you can grant Read and/or Write permissions. Read access applies to the Query and GetNext calls; all other operations require write permission. The default grants read and write access to objects of type Entity, Storage Node, Portal and Portal Group; and read access to Discovery Domains.

Node types:

This bitfield describes which types of storage nodes a client is allowed to register; the valid bit names are target, initiator and control. The default is to restrict nodes to register initiators only.

See Also

RFC 4171, isnsd(8), isnsadm(8).

Authors

Olaf Kirch <olaf.kirch@oracle.com>

Referenced By

isnsadm(8), isnsd(8), isnsdd(8), isnssetup(8).

11 May 2007