targetd(8) System Manager's Manual targetd(8)NAME
targetd
DESCRIPTION
targetd is a service to allow the remote configuration of block device volumes and file systems within dedicated pools. Block devices can
be exported to other hosts via iSCSI, and filesystems can be exported via NFS.
USAGE
Run targetd as root.
CONFIGURATION
targetd uses /etc/target/targetd.yaml for configuration. It is in YAML format. targetd currently uses scalar values and collection values,
see example for details.
CONFIGURATION FILE SETTINGS
block_pools
Sets the LVM Volume Group(s) that targetd will use to allocate volumes. Defaults to "vg-targetd".
Alternatively, targetd can allocate thinp (thin-provisioned) volumes out of a thinpool LV. These should be listed as "<vgname>/<poolname>",
with the VG and thinpool LV names separated by a "/". These should already be created; targetd will not create VGs or thinpool LVs.
fs_pools
Sets the mount point(s) that targetd will use to export filesystems over NFS. Defaults to none.
user
password
Sets the username and password required to use the remote API. "user" defaults to admin, but password must be set prior to using targetd.
target_name
Sets the iSCSI target name that targetd will use. Default is iqn.2003-01.org.linux-iscsi.<hostname>:targetd.
ssl
ssl_key
ssl_cert
Settings for enabling SSL/TLS encryption. ssl defaults to off. If enabled, it will default to looking for key and cert files named tar-
getd_key.pem and targetd_cert.pem in /etc/target. These paths may also be specified, using the ssl_key and ssl_cert config settings.
Key and self-signed cert may be generated using openssl:
openssl genrsa -out targetd_key.pem 2048
openssl req -new -x509 -key targetd_key.pem -out targetd_cert.pem -days 9999
FILES
/etc/target/targetd.yaml
/etc/target/targetd_key.pem
/etc/target/targetd_cert.pem
SEE ALSO
The remote API is defined at
<https://github.com/agrover/targetd/blob/master/API.md>.
targetcli(8), lvm(8), lsmcli(8)AUTHOR
Written by Andy Grover <agrover@redhat.com>.
REPORTING BUGS
Report bugs via <targetd-devel@lists.fedorahosted.org>
or <https://github.com/agrover/targetd/issues>
targetd(8)
Check Out this Related Man Page
SYSTEMD-JOURNAL-UPLOAD(8) systemd-journal-upload SYSTEMD-JOURNAL-UPLOAD(8)NAME
systemd-journal-upload - Send journal messages over the network
SYNOPSIS
systemd-journal-upload [OPTIONS...] [-u/--url=URL] [SOURCES...]
DESCRIPTION
systemd-journal-upload will upload journal entries to the URL specified with --url. Unless limited by one of the options specified below,
all journal entries accessible to the user the program is running as will be uploaded, and then the program will wait and send new entries
as they become available.
OPTIONS -u, --url=[https://]URL, --url=[http://]URL
Upload to the specified address. URL may specify either just the hostname or both the protocol and hostname. https is the default.
--system, --user
Limit uploaded entries to entries from system services and the kernel, or to entries from services of current user. This has the same
meaning as --system and --user options for journalctl(1). If neither is specified, all accessible entries are uploaded.
-m, --merge
Upload entries interleaved from all available journals, including other machines. This has the same meaning as --merge option for
journalctl(1).
-D, --directory=DIR
Takes a directory path as argument. Upload entries from the specified journal directory DIR instead of the default runtime and system
journal paths. This has the same meaning as --directory option for journalctl(1).
--file=GLOB
Takes a file glob as an argument. Upload entries from the specified journal files matching GLOB instead of the default runtime and
system journal paths. May be specified multiple times, in which case files will be suitably interleaved. This has the same meaning as
--file option for journalctl(1).
--cursor=
Upload entries from the location in the journal specified by the passed cursor. This has the same meaning as --cursor option for
journalctl(1).
--after-cursor=
Upload entries from the location in the journal after the location specified by the this cursor. This has the same meaning as
--after-cursor option for journalctl(1).
--save-state[=PATH]
Upload entries from the location in the journal after the location specified by the cursor saved in file at PATH
(/var/lib/systemd/journal-upload/state by default). After an entry is successfully uploaded, update this file with the cursor of that
entry.
--follow[=BOOL]
If set to yes, then systemd-journal-upload waits for input.
--key=
Takes a path to a SSL key file in PEM format. Defaults to /etc/ssl/private/journal-upload.pem.
--cert=
Takes a path to a SSL certificate file in PEM format. Defaults to /etc/ssl/certs/journal-upload.pem.
--trust=
Takes a path to a SSL CA certificate file in PEM format, or all. If all is set, then certificate checking will be disabled. Defaults to
/etc/ssl/ca/trusted.pem.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
EXIT STATUS
On success, 0 is returned; otherwise, a non-zero failure code is returned.
EXAMPLES
Example 1. Setting up certificates for authentication
Certificates signed by a trusted authority are used to verify that the server to which messages are uploaded is legitimate, and vice versa,
that the client is trusted.
A suitable set of certificates can be generated with openssl:
openssl req -newkey rsa:2048 -days 3650 -x509 -nodes
-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
cat >ca.conf <<EOF
[ ca ]
default_ca = this
[ this ]
new_certs_dir = .
certificate = ca.pem
database = ./index
private_key = ca.key
serial = ./serial
default_days = 3650
default_md = default
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
touch index
echo 0001 >serial
SERVER=server
CLIENT=client
openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
Generated files ca.pem, server.pem, and server.key should be installed on server, and ca.pem, client.pem, and client.key on the client. The
location of those files can be specified using TrustedCertificateFile=, ServerCertificateFile=, ServerKeyFile=, in
/etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf, respectively. The default locations can be queried by using
systemd-journal-remote --help and systemd-journal-upload --help.
SEE ALSO systemd-journal-remote(8), journalctl(1), systemd-journald.service(8), systemd-journal-gatewayd.service(8)systemd 237SYSTEMD-JOURNAL-UPLOAD(8)