nbdkit man page

nbdkit — toolkit for creating NBD servers

Synopsis

 nbdkit [-e EXPORTNAME] [--exit-with-parent] [-f]
        [--filter=FILTER ...] [-g GROUP] [-i IPADDR]
        [--log=stderr|syslog]
        [--newstyle] [--oldstyle] [-P PIDFILE] [-p PORT] [-r]
        [--run CMD] [-s] [--selinux-label LABEL] [-t THREADS]
        [--tls=off|on|require] [--tls-certificates /path/to/certificates]
        [--tls-psk /path/to/pskfile] [--tls-verify-peer]
        [-U SOCKET] [-u USER] [-v] [-V]
        PLUGIN [key=value [key=value [...]]]

 nbdkit --dump-config

 nbdkit PLUGIN --dump-plugin

Description

Network Block Device (NBD) is a network protocol for accessing block devices over the network.  Block devices are hard disks and things that behave like hard disks such as disk images and virtual machines.

"nbdkit" is both a toolkit for creating NBD servers from "unconventional" sources and the name of an NBD server.

To create a new Network Block Device source, all you need to do is write a few glue functions, possibly in C, or perhaps in a high level language like Perl or Python.  The liberal licensing of nbdkit is meant to allow you to link nbdkit with proprietary libraries or to include nbdkit in proprietary code.

If you want to write an nbdkit plugin, you should read nbdkit-plugin(3).

Several plugins may be found in "$libdir/nbdkit/plugins".  You can give the full path to the plugin, like this:

 nbdkit $libdir/nbdkit/plugins/nbdkit-file-plugin.so [...]

but it is usually more convenient to use this equivalent syntax:

 nbdkit file [...]

$libdir is set at compile time.  To print it out, do:

 nbdkit --dump-config

Examples

Basic file serving

Serve file disk.img on port 10809 using nbdkit-file-plugin(1):

 nbdkit file file=disk.img

Run the nbdkit-example3-plugin(1) and connect to it using guestfish(1):

 nbdkit example3 size=1G
 guestfish --ro --format=raw -a nbd://localhost

Serve file disk.img on port 10809, requiring clients to use encrypted (TLS) connections:

 nbdkit --tls=require file file=disk.img

Combining plugins and filters

Serve only the first partition from compressed disk image disk.img.xz, combining nbdkit-xz-plugin(1) and nbdkit-partition-filter(1):

                     plugin name and plugin parameter
                                  │
                            ┌─────┴────┐
                            │          │
 nbdkit --filter=partition  xz file=disk.img.xz  partition=1
                │                                   │
                └───────────────┬───────────────────┘
                                │
                filter name and filter parameter

Display information

Display information about nbdkit or a specific plugin:

 nbdkit --help
 nbdkit --version
 nbdkit --dump-config
 nbdkit example1 --help
 nbdkit example1 --dump-plugin

Global Options

--help

Display brief command line usage information and exit.

--dump-config

Dump out the compile-time configuration values and exit. See nbdkit-probing(1).

--dump-plugin

Dump out information about the plugin and exit. See nbdkit-probing(1).

--exit-with-parent

If the parent process exits, we exit.  This can be used to avoid complicated cleanup or orphaned nbdkit processes.  There are some important caveats with this, see "EXIT WITH PARENT" in nbdkit-captive(1).

An alternative to this is "CAPTIVE NBDKIT" in nbdkit-captive(1).

This option implies --foreground.

-e EXPORTNAME
--export EXPORTNAME
--export-name EXPORTNAME
--exportname EXPORTNAME

Set the exportname.

If not set, exportname "" (empty string) is used.  Exportnames are not allowed with the oldstyle protocol.

-f
--foreground
--no-fork

Don't fork into the background.

--filter FILTER

Add a filter before the plugin.  This option may be given one or more times to stack filters in front of the plugin.  They are processed in the order they appear on the command line.  See "Filters" and nbdkit-filter(3).

-g GROUP
--group GROUP

Change group to "GROUP" after starting up.  A group name or numeric group ID can be used.

The server needs sufficient permissions to be able to do this. Normally this would mean starting the server up as root.

See also -u.

-i IPADDR
--ip-addr IPADDR
--ipaddr IPADDR

Listen on the specified interface.  The default is to listen on all interfaces.  See also -p.

--log=stderr
--log=syslog

Send error messages to either standard error (--log=stderr) or to the system log (--log=syslog).  For an explanation of what this does and how the default is chosen, see "LOGGING" in nbdkit-service(1).

-n
--new-style
--newstyle

Use the newstyle NBD protocol protocol.  This is the default in nbdkit ≥ 1.3.  In earlier versions the default was oldstyle.

See "New Style VS Old Style Protocol" below.

-o
--old-style
--oldstyle

Use the oldstyle NBD protocol.  This was the default in nbdkit ≤ 1.2, but now the default is newstyle.  Note this is incompatible with newer features such as export names and TLS.

See "New Style VS Old Style Protocol" below.

-P PIDFILE
--pid-file PIDFILE
--pidfile PIDFILE

Write "PIDFILE" (containing the process ID of the server) after nbdkit becomes ready to accept connections.

If the file already exists, it is overwritten.  nbdkit does not delete the file when it exits.

-p PORT
--port PORT

Change the TCP/IP port number on which nbdkit serves requests. The default is 10809.  See also -i.

-r
--read-only
--readonly

The export will be read-only.  If a client writes, then it will get an error.

Note that some plugins inherently don't support writes.  With those plugins the -r option is added implicitly.

nbdkit-cow-filter(1) can be placed over read-only plugins to provide copy-on-write (or "snapshot") functionality.  If you are using qemu as a client then it also supports snapshots.

--run CMD

Run nbdkit as a captive subprocess of "CMD".  When "CMD" exits, nbdkit is killed.  See "CAPTIVE NBDKIT" in nbdkit-captive(1).

This option implies --foreground.

-s
--single
--stdin

Don't fork.  Handle a single NBD connection on stdin/stdout.  After stdin closes, the server exits.

You can use this option to run nbdkit from inetd or similar superservers; or just for testing; or if you want to run nbdkit in a non-conventional way.  Note that if you want to run nbdkit from systemd, then it may be better to use "SOCKET ACTIVATION" in nbdkit-service(1) instead of this option.

This option implies --foreground.

--selinux-label SOCKET-LABEL

Apply the SELinux label "SOCKET-LABEL" to the nbdkit listening socket.

The common — perhaps only — use of this option is to allow libvirt guests which are using SELinux and sVirt confinement to access nbdkit Unix domain sockets:

 nbdkit --selinux-label system_u:object_r:svirt_t:s0 ...
-t THREADS
--threads THREADS

Set the number of threads to be used per connection, which in turn controls the number of outstanding requests that can be processed at once.  Only matters for plugins with thread_model=parallel (where it defaults to 16).  To force serialized behavior (useful if the client is not prepared for out-of-order responses), set this to 1.

--tls=off
--tls=on
--tls=require

Disable, enable or require TLS (authentication and encryption support).  See nbdkit-tls(1).

--tls-certificates /path/to/certificates

Set the path to the TLS certificates directory.  If not specified, some built-in paths are checked.  See nbdkit-tls(1) for more details.

--tls-psk /path/to/pskfile

Set the path to the pre-shared keys (PSK) file.  If used, this overrides certificate authentication.  There is no built-in path.  See nbdkit-tls(1) for more details.

--tls-verify-peer

Enables TLS client certificate verification.  The default is not to check the client's certificate.

-U SOCKET
--unix SOCKET
-U -
--unix -

Accept connections on the Unix domain socket "SOCKET" (which is a path).

nbdkit creates this socket, but it will probably have incorrect permissions (too permissive).  If it is a problem that some unauthorized user could connect to this socket between the time that nbdkit starts up and the authorized user connects, then put the socket into a directory that has restrictive permissions.

nbdkit does not delete the socket file when it exits.  The caller should delete the socket file after use (else if you try to start nbdkit up again you will get an "Address already in use" error).

If the socket name is - then nbdkit generates a randomly named private socket.  This is useful with "CAPTIVE NBDKIT" in nbdkit-captive(1).

-u USER
--user USER

Change user to "USER" after starting up.  A user name or numeric user ID can be used.

The server needs sufficient permissions to be able to do this. Normally this would mean starting the server up as root.

See also -g.

-v
--verbose

Enable verbose messages.

It's a good idea to use -f as well so the process does not fork into the background (but not required).

-V
--version

Print the version number of nbdkit and exit.

Plugin Configuration

After specifying the plugin name you can (optionally, it depends on the plugin) give plugin configuration on the command line in the form of "key=value".  For example:

 nbdkit file file=disk.img

To list all the options supported by a plugin, do:

 nbdkit --help file

To dump information about a plugin, do:

 nbdkit file --dump-plugin

Magic script parameter

As a special case, if the first plugin argument does not contain an '=' character then it is assumed to be "script=value".

That allows scripting language plugins like nbdkit-perl-plugin(1) to do:

 nbdkit perl foo.pl [args...]

which has the same meaning as:

 nbdkit perl script=foo.pl [args...]

Shebang scripts

You can use "#!" to run nbdkit plugins written in most scripting languages.  The file should be executable.  For example:

 #!/usr/sbin/nbdkit perl
 sub open {
   # etc
 }

(see nbdkit-perl-plugin(3) for a full example).

Filters

One or more filters can be placed in front of an nbdkit plugin to modify the behaviour of the plugin, using the --filter parameter. Filters can be used for example to limit requests to an offset/limit, add copy-on-write support, or inject delays or errors (for testing).

     NBD     ┌─────────┐    ┌─────────┐          ┌────────┐
  client ───▶│ filter1 │───▶│ filter2 │── ─ ─ ──▶│ plugin │
 request     └─────────┘    └─────────┘          └────────┘

Several existing filters are available in the $filterdir.  Use "nbdkit --dump-config" to find the directory name.

How to write filters is described in nbdkit-filter(3).

New Style VS Old Style Protocol

The NBD protocol comes in two incompatible forms that we call "oldstyle" and "newstyle".  Unfortunately which protocol you should use depends on the client and cannot be known in advance, nor can it be negotiated from the server side.

nbdkit defaults to the newstyle protocol since nbdkit ≥ 1.3. Use the -e or --exportname flag to set the optional exportname for the newstyle protocol.  Use the -o or --oldstyle flag to force the oldstyle protocol.

Some common clients and the protocol they require:

 Client                          Protocol
 ------------------------------------------------------------
 qemu <= 2.5 without exportname  oldstyle
 qemu <= 2.5 with exportname     newstyle
 qemu >= 2.6                     client can talk either protocol
 nbd-client < 3.10               client can talk either protocol
 nbd-client >= 3.10              newstyle
 any TLS (encrypted) client      newstyle
 nbdkit nbd plugin               client can talk either protocol

If you use qemu ≤ 2.5 without the exportname field against a newstyle server, it will give the error:

 Server requires an export name

If you use qemu ≤ 2.5 with the exportname field against an oldstyle server, it will give the error:

 Server does not support export names

If you use the oldstyle protocol with nbd-client ≥ 3.10, it will give the error:

 Error: It looks like you're trying to connect to an oldstyle server.

If you want to claim compatibility with what the NBD proto.txt document says should be the case (which isn't based in reality), then you should always use newstyle when using port 10809, and use oldstyle on all other ports.

Signals

"nbdkit" responds to the following signals:

"SIGINT"
"SIGQUIT"
"SIGTERM"

The server exits cleanly.

"SIGPIPE"

This signal is ignored.

Environment Variables

"LISTEN_FDS"
"LISTEN_PID"

If present in the environment when nbdkit starts up, these trigger "SOCKET ACTIVATION" in nbdkit-service(1).

See Also

Other topics

nbdkit-captive(1) — Run nbdkit under another process and have it reliably cleaned up.

nbdkit-probing(1) — How to probe for nbdkit configuration and plugins.

nbdkit-service(1) — Run nbdkit as a service, systemd socket activation.

nbdkit-tls(1) — Authentication and encryption of NBD connections (sometimes incorrectly called "SSL").

Plugins

nbdkit-curl-plugin(1), nbdkit-data-plugin(1), nbdkit-example1-plugin(1), nbdkit-example2-plugin(1), nbdkit-example3-plugin(1), nbdkit-example4-plugin(1), nbdkit-ext2-plugin(1), nbdkit-file-plugin(1), nbdkit-guestfs-plugin(1), nbdkit-gzip-plugin(1), nbdkit-libvirt-plugin(1), nbdkit-lua-plugin(1), nbdkit-memory-plugin(1), nbdkit-nbd-plugin(1), nbdkit-null-plugin(1), nbdkit-ocaml-plugin(1), nbdkit-pattern-plugin(1), nbdkit-perl-plugin(1), nbdkit-python-plugin(1), nbdkit-random-plugin(1), nbdkit-ruby-plugin(1), nbdkit-split-plugin(1), nbdkit-streaming-plugin(1), nbdkit-tar-plugin(1), nbdkit-tcl-plugin(1), nbdkit-vddk-plugin(1), nbdkit-xz-plugin(1), nbdkit-zero-plugin(1) .

Filters

nbdkit-blocksize-filter(1), nbdkit-cache-filter(1), nbdkit-cow-filter(1), nbdkit-delay-filter(1), nbdkit-error-filter(1), nbdkit-fua-filter(1), nbdkit-log-filter(1), nbdkit-nozero-filter(1), nbdkit-offset-filter(1), nbdkit-partition-filter(1), nbdkit-truncate-filter(1) .

For developers

nbdkit-plugin(3), nbdkit-filter(3).

Writing plugins in other programming languages

nbdkit-lua-plugin(3), nbdkit-ocaml-plugin(3), nbdkit-perl-plugin(3), nbdkit-python-plugin(3), nbdkit-ruby-plugin(3), nbdkit-tcl-plugin(3).

NBD clients

qemu(1), nbd-client(1), guestfish(1).

Other NBD servers

qemu-nbd(1), nbd-server(1), https://bitbucket.org/hirofuchi/xnbd.

Documentation for the NBD protocol

https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md, https://nbd.sourceforge.io/.

Similar protocols

https://en.wikipedia.org/wiki/iSCSI, https://en.wikipedia.org/wiki/ATA_over_Ethernet, https://en.wikipedia.org/wiki/Fibre_Channel_over_Ethernet.

Other manual pages of interest

gnutls_priority_init(3), qemu-img(1), psktool(1), systemd.socket(5).

Authors

Eric Blake

Richard W.M. Jones

Pino Toscano

License

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Referenced By

guestfs-hacking(1), nbdkit-blocksize-filter(1), nbdkit-cache-filter(1), nbdkit-captive(1), nbdkit-cow-filter(1), nbdkit-curl-plugin(1), nbdkit-data-plugin(1), nbdkit-delay-filter(1), nbdkit-error-filter(1), nbdkit-example1-plugin(1), nbdkit-example2-plugin(1), nbdkit-example3-plugin(1), nbdkit-example4-plugin(1), nbdkit-ext2-plugin(1), nbdkit-file-plugin(1), nbdkit-filter(3), nbdkit-fua-filter(1), nbdkit-guestfs-plugin(1), nbdkit-gzip-plugin(1), nbdkit-libvirt-plugin(1), nbdkit-log-filter(1), nbdkit-lua-plugin(3), nbdkit-memory-plugin(1), nbdkit-nbd-plugin(1), nbdkit-nozero-filter(1), nbdkit-null-plugin(1), nbdkit-ocaml-plugin(3), nbdkit-offset-filter(1), nbdkit-partition-filter(1), nbdkit-pattern-plugin(1), nbdkit-perl-plugin(3), nbdkit-plugin(3), nbdkit-probing(1), nbdkit-python-plugin(3), nbdkit-random-plugin(1), nbdkit-ruby-plugin(3), nbdkit-service(1), nbdkit-split-plugin(1), nbdkit-streaming-plugin(1), nbdkit-tar-plugin(1), nbdkit-tcl-plugin(3), nbdkit-tls(1), nbdkit-truncate-filter(1), nbdkit-vddk-plugin(1), nbdkit-xz-plugin(1), nbdkit-zero-plugin(1), virt-p2v(1), virt-v2v(1).

2018-08-14 nbdkit-1.5.5 Virtualization Support