Provided by: nbdkit_1.16.2-1ubuntu3_amd64 
NAME
nbdkit - toolkit for creating NBD servers
SYNOPSIS
nbdkit [-D|--debug PLUGIN|FILTER.FLAG=N]
[-e|--exportname EXPORTNAME] [--exit-with-parent]
[--filter FILTER ...] [-f|--foreground]
[-g|--group GROUP] [-i|--ipaddr IPADDR]
[--log stderr|syslog|null]
[-n|--newstyle] [--mask-handshake MASK] [--no-sr] [-o|--oldstyle]
[-P|--pidfile PIDFILE]
[-p|--port PORT] [-r|--readonly]
[--run CMD] [-s|--single] [--selinux-label LABEL]
[-t|--threads THREADS]
[--tls off|on|require]
[--tls-certificates /path/to/certificates]
[--tls-psk /path/to/pskfile] [--tls-verify-peer]
[-U|--unix SOCKET] [-u|--user USER]
[-v|--verbose] [-V|--version] [--vsock]
PLUGIN [[KEY=]VALUE [KEY=VALUE [...]]]
nbdkit --dump-config
nbdkit PLUGIN --dump-plugin
nbdkit --help
DESCRIPTION
Network Block Device (NBD) is a network protocol for accessing block devices over the
network. Block devices are hard disks and things that behave like hard disks such as disk
images and virtual machines.
nbdkit is both a toolkit for creating NBD servers from “unconventional” sources, and the
name of an NBD server. nbdkit ships with many plugins for performing common tasks like
serving local files.
Plugins and filters
nbdkit is different from other NBD servers because you can easily create new Network Block
Device sources by writing a few glue functions, possibly in C, or perhaps in a high level
language like Perl or Python. The liberal licensing of nbdkit is meant to allow you to
link nbdkit with proprietary libraries or to include nbdkit in proprietary code.
If you want to write your own nbdkit plugin you should read nbdkit-plugin(3).
nbdkit also has a concept of filters which can be layered on top of plugins. Several
filters are provided with nbdkit and if you want to write your own you should read
nbdkit-filter(3).
EXAMPLES
Basic file serving
· Serve file disk.img on port 10809 using nbdkit-file-plugin(1), and connect to it using
guestfish(1):
nbdkit file disk.img
guestfish --rw --format=raw -a nbd://localhost
· Serve file disk.img on port 10809, requiring clients to use encrypted (TLS)
connections:
nbdkit --tls=require file disk.img
Other nbdkit plugins
· Create a 1MB disk with one empty partition entirely on the command line using
nbdkit-data-plugin(1):
nbdkit data size=1M \
data="@0x1b8 0xf8 0x21 0xdc 0xeb 0 0 0 0
2 0 0x83 0x20 0x20 0 1 0 0 0 0xff 0x7
@0x1fe 0x55 0xaa"
· Forward an NBD connection to a remote server over HTTPS or SSH using
nbdkit-curl-plugin(1) or nbdkit-ssh-plugin(1):
nbdkit -r curl https://example.com/disk.img
nbdkit ssh host=example.com /var/tmp/disk.img
· Create a RAM disk using nbdkit-memory-plugin(1):
nbdkit memory 64M
· Create a floppy disk image containing files from a local directory using
nbdkit-floppy-plugin(1):
nbdkit floppy dir/
Combining plugins and filters
· Serve only the first partition from compressed disk image disk.img.xz, combining
nbdkit-partition-filter(1), nbdkit-xz-filter(1) and nbdkit-file-plugin(1).
nbdkit --filter=partition --filter=xz file disk.img.xz partition=1
To understand this command line:
plugin name and plugin parameter
│
┌───────┴──────┐
│ │
nbdkit --filter=partition --filter=xz file disk.img.xz partition=1
│ │ │
└──────────────┴────┬─────────────────────┘
│
filters and filter parameter
· Create a scratch, empty nbdkit device and inject errors and delays, for testing
clients, using nbdkit-memory-plugin(1), nbdkit-error-filter(1) and
nbdkit-delay-filter(1):
nbdkit --filter=error --filter=delay memory 100M \
error-rate=10% rdelay=1 wdelay=1
Writing plugins in scripting languages
· Write a simple, custom plugin entirely on the command line in shell script using
nbdkit-sh-plugin(3):
nbdkit sh - <<'EOF'
case "$1" in
get_size) echo 1M ;;
pread) dd if=/dev/zero count=$3 iflag=count_bytes ;;
*) exit 2 ;;
esac
EOF
Display information
Display information about nbdkit or a specific plugin:
nbdkit --help
nbdkit --version
nbdkit --dump-config
nbdkit example1 --help
nbdkit example1 --dump-plugin
GLOBAL OPTIONS
--help
Display brief command line usage information and exit.
-D PLUGIN.FLAG=N
-D FILTER.FLAG=N
--debug PLUGIN.FLAG=N
--debug FILTER.FLAG=N
Set the plugin or filter Debug Flag called "FLAG" to the integer value "N". See
"Debug Flags" in nbdkit-plugin(3).
--dump-config
Dump out the compile-time configuration values and exit. See nbdkit-probing(1).
--dump-plugin
Dump out information about the plugin and exit. See nbdkit-probing(1).
--exit-with-parent
If the parent process exits, we exit. This can be used to avoid complicated cleanup
or orphaned nbdkit processes. There are some important caveats with this, see "EXIT
WITH PARENT" in nbdkit-captive(1).
An alternative to this is "CAPTIVE NBDKIT" in nbdkit-captive(1).
This option implies --foreground.
-e EXPORTNAME
--export EXPORTNAME
--export-name EXPORTNAME
--exportname EXPORTNAME
Set the exportname.
If not set, exportname "" (empty string) is used. Exportnames are not allowed with
the oldstyle protocol.
-f
--foreground
--no-fork
Don't fork into the background.
--filter FILTER
Add a filter before the plugin. This option may be given one or more times to stack
filters in front of the plugin. They are processed in the order they appear on the
command line. See "FILTERS" and nbdkit-filter(3).
-g GROUP
--group GROUP
Change group to "GROUP" after starting up. A group name or numeric group ID can be
used.
The server needs sufficient permissions to be able to do this. Normally this would
mean starting the server up as root.
See also -u.
-i IPADDR
--ip-addr IPADDR
--ipaddr IPADDR
Listen on the specified interface. The default is to listen on all interfaces. See
also -p.
--log=stderr
--log=syslog
--log=null
Send error messages to standard error (--log=stderr), or to the system log
(--log=syslog), or discard them completely (--log=null, not recommended for normal
use).
The default is to send error messages to stderr, unless nbdkit forks into the
background in which case they are sent to syslog.
For more details see "LOGGING" in nbdkit-service(1).
-n
--new-style
--newstyle
Use the newstyle NBD protocol. This is the default in nbdkit ≥ 1.3. In earlier
versions the default was oldstyle. See nbdkit-protocol(1).
--no-sr
Do not advertise structured replies. A client must request structured replies to take
advantage of block status and potential sparse reads; however, as structured reads are
not a mandatory part of the newstyle NBD protocol, this option can be used to debug
client fallbacks for dealing with older servers. See nbdkit-protocol(1).
-o
--old-style
--oldstyle
Use the oldstyle NBD protocol. This was the default in nbdkit ≤ 1.2, but now the
default is newstyle. Note this is incompatible with newer features such as export
names and TLS. See nbdkit-protocol(1).
-P PIDFILE
--pid-file PIDFILE
--pidfile PIDFILE
Write "PIDFILE" (containing the process ID of the server) after nbdkit becomes ready
to accept connections.
If the file already exists, it is overwritten. nbdkit does not delete the file when
it exits.
-p PORT
--port PORT
Change the TCP/IP port number on which nbdkit serves requests. The default is 10809.
See also -i.
-r
--read-only
--readonly
The export will be read-only. If a client writes, then it will get an error.
Note that some plugins inherently don't support writes. With those plugins the -r
option is added implicitly.
nbdkit-cow-filter(1) can be placed over read-only plugins to provide copy-on-write (or
"snapshot") functionality. If you are using qemu as a client then it also supports
snapshots.
--run CMD
Run nbdkit as a captive subprocess of "CMD". When "CMD" exits, nbdkit is killed. See
"CAPTIVE NBDKIT" in nbdkit-captive(1).
This option implies --foreground.
-s
--single
--stdin
Don't fork. Handle a single NBD connection on stdin/stdout. After stdin closes, the
server exits.
You can use this option to run nbdkit from inetd or similar superservers; or just for
testing; or if you want to run nbdkit in a non-conventional way. Note that if you
want to run nbdkit from systemd, then it may be better to use "SOCKET ACTIVATION" in
nbdkit-service(1) instead of this option.
This option implies --foreground.
--selinux-label SOCKET-LABEL
Apply the SELinux label "SOCKET-LABEL" to the nbdkit listening socket.
The common — perhaps only — use of this option is to allow libvirt guests which are
using SELinux and sVirt confinement to access nbdkit Unix domain sockets:
nbdkit --selinux-label system_u:object_r:svirt_t:s0 ...
-t THREADS
--threads THREADS
Set the number of threads to be used per connection, which in turn controls the number
of outstanding requests that can be processed at once. Only matters for plugins with
thread_model=parallel (where it defaults to 16). To force serialized behavior (useful
if the client is not prepared for out-of-order responses), set this to 1.
--tls=off
--tls=on
--tls=require
Disable, enable or require TLS (authentication and encryption support). See
nbdkit-tls(1).
--tls-certificates /path/to/certificates
Set the path to the TLS certificates directory. If not specified, some built-in paths
are checked. See nbdkit-tls(1) for more details.
--tls-psk /path/to/pskfile
Set the path to the pre-shared keys (PSK) file. If used, this overrides certificate
authentication. There is no built-in path. See nbdkit-tls(1) for more details.
--tls-verify-peer
Enables TLS client certificate verification. The default is not to check the client's
certificate.
-U SOCKET
--unix SOCKET
-U -
--unix -
Accept connections on the Unix domain socket "SOCKET" (which is a path).
nbdkit creates this socket, but it will probably have incorrect permissions (too
permissive). If it is a problem that some unauthorized user could connect to this
socket between the time that nbdkit starts up and the authorized user connects, then
put the socket into a directory that has restrictive permissions.
nbdkit does not delete the socket file when it exits. The caller should delete the
socket file after use (else if you try to start nbdkit up again you will get an
"Address already in use" error).
If the socket name is - then nbdkit generates a randomly named private socket. This
is useful with "CAPTIVE NBDKIT" in nbdkit-captive(1).
-u USER
--user USER
Change user to "USER" after starting up. A user name or numeric user ID can be used.
The server needs sufficient permissions to be able to do this. Normally this would
mean starting the server up as root.
See also -g.
-v
--verbose
Enable verbose messages.
It's a good idea to use -f as well so the process does not fork into the background
(but not required).
-V
--version
Print the version number of nbdkit and exit.
--vsock
Use the AF_VSOCK protocol (instead of TCP/IP). You must use this in conjunction with
-p/--port. See "AF_VSOCK" in nbdkit-service(1).
PLUGIN NAME
You can give the full path to the plugin, like this:
nbdkit $libdir/nbdkit/plugins/nbdkit-file-plugin.so [...]
but it is usually more convenient to use this equivalent syntax:
nbdkit file [...]
$libdir is set at compile time. To print it out, do:
nbdkit --dump-config
PLUGIN CONFIGURATION
After specifying the plugin name you can (optionally, it depends on the plugin) give
plugin configuration on the command line in the form of "key=value". For example:
nbdkit file file=disk.img
To list all the options supported by a plugin, do:
nbdkit --help file
To dump information about a plugin, do:
nbdkit file --dump-plugin
Magic parameters
Some plugins declare a special "magic config key". This is a key which is assumed if no
"key=" part is present. For example:
nbdkit file disk.img
is assumed to be "file=disk.img" because the file plugin declares "file" as its magic
config key. There can be ambiguity in the parsing of magic config keys if the value might
look like a "key=value". If there could be ambiguity then modify the value, eg. by
prefixing it with "./"
There is also a special exception for plugins which do not declare a magic config key, but
where the first plugin argument does not contain an '=' character: it is assumed to be
"script=value". This is used by scripting language plugins:
nbdkit perl foo.pl [args...]
has the same meaning as:
nbdkit perl script=foo.pl [args...]
Shebang scripts
You can use "#!" to run nbdkit plugins written in most scripting languages. The file
should be executable. For example:
#!/usr/sbin/nbdkit perl
sub open {
# etc
}
(see nbdkit-perl-plugin(3) for a full example).
SIGNALS
nbdkit responds to the following signals:
"SIGINT"
"SIGQUIT"
"SIGTERM"
The server exits cleanly.
"SIGPIPE"
This signal is ignored.
ENVIRONMENT VARIABLES
"LISTEN_FDS"
"LISTEN_PID"
If present in the environment when nbdkit starts up, these trigger "SOCKET ACTIVATION"
in nbdkit-service(1).
SEE ALSO
Other topics
nbdkit-captive(1) — Run nbdkit under another process and have it reliably cleaned up.
nbdkit-loop(1) — Use nbdkit with the Linux kernel client to create loop devices and loop
mounts.
nbdkit-probing(1) — How to probe for nbdkit configuration and plugins.
nbdkit-protocol(1) — Which parts of the NBD protocol nbdkit supports.
nbdkit-security(1) — Lists past security issues in nbdkit.
nbdkit-service(1) — Running nbdkit as a service, and systemd socket activation.
nbdkit-tls(1) — Authentication and encryption of NBD connections (sometimes incorrectly
called "SSL").
Plugins
nbdkit-curl-plugin(1), nbdkit-data-plugin(1), nbdkit-example1-plugin(1),
nbdkit-example2-plugin(1), nbdkit-example3-plugin(1), nbdkit-example4-plugin(1),
nbdkit-ext2-plugin(1), nbdkit-file-plugin(1), nbdkit-floppy-plugin(1),
nbdkit-full-plugin(1), nbdkit-guestfs-plugin(1), nbdkit-gzip-plugin(1),
nbdkit-info-plugin(1), nbdkit-iso-plugin(1), nbdkit-libvirt-plugin(1),
nbdkit-linuxdisk-plugin(1), nbdkit-memory-plugin(1), nbdkit-nbd-plugin(1),
nbdkit-null-plugin(1), nbdkit-partitioning-plugin(1), nbdkit-pattern-plugin(1),
nbdkit-random-plugin(1), nbdkit-split-plugin(1), nbdkit-ssh-plugin(1),
nbdkit-streaming-plugin(1), nbdkit-tar-plugin(1), nbdkit-vddk-plugin(1),
nbdkit-zero-plugin(1) ; nbdkit-lua-plugin(3), nbdkit-ocaml-plugin(3),
nbdkit-perl-plugin(3), nbdkit-python-plugin(3), nbdkit-ruby-plugin(3),
nbdkit-rust-plugin(3), nbdkit-sh-plugin(3), nbdkit-tcl-plugin(3) .
Filters
nbdkit-blocksize-filter(1), nbdkit-cache-filter(1), nbdkit-cacheextents-filter(1),
nbdkit-cow-filter(1), nbdkit-delay-filter(1), nbdkit-error-filter(1),
nbdkit-fua-filter(1), nbdkit-log-filter(1), nbdkit-nocache-filter(1),
nbdkit-noextents-filter(1), nbdkit-noparallel-filter(1), nbdkit-nozero-filter(1),
nbdkit-offset-filter(1), nbdkit-partition-filter(1), nbdkit-rate-filter(1),
nbdkit-readahead-filter(1), nbdkit-retry-filter(1), nbdkit-stats-filter(1),
nbdkit-truncate-filter(1), nbdkit-xz-filter(1) .
For developers
nbdkit-plugin(3), nbdkit-filter(3).
Writing plugins in other programming languages
nbdkit-lua-plugin(3), nbdkit-ocaml-plugin(3), nbdkit-perl-plugin(3),
nbdkit-python-plugin(3), nbdkit-ruby-plugin(3), nbdkit-rust-plugin(3),
nbdkit-sh-plugin(3), nbdkit-tcl-plugin(3) .
Release notes for previous releases of nbdkit
nbdkit-release-notes-1.4(1), nbdkit-release-notes-1.6(1), nbdkit-release-notes-1.8(1),
nbdkit-release-notes-1.10(1), nbdkit-release-notes-1.12(1), nbdkit-release-notes-1.14(1),
nbdkit-release-notes-1.16(1).
NBD clients
guestfish(1), libnbd(3), nbd-client(1), nbdfuse(1), nbdsh(1), qemu(1).
nbdkit links
http://github.com/libguestfs/nbdkit — Source code.
Other NBD servers
qemu-nbd(1), nbd-server(1), https://bitbucket.org/hirofuchi/xnbd.
Documentation for the NBD protocol
https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md,
https://nbd.sourceforge.io/.
Similar protocols
https://en.wikipedia.org/wiki/iSCSI, https://en.wikipedia.org/wiki/ATA_over_Ethernet,
https://en.wikipedia.org/wiki/Fibre_Channel_over_Ethernet.
Other manual pages of interest
gnutls_priority_init(3), qemu-img(1), psktool(1), systemd.socket(5).
AUTHORS
Eric Blake
Richard W.M. Jones
Yann E. MORIN
Nir Soffer
Pino Toscano
COPYRIGHT
Copyright (C) 2013-2019 Red Hat Inc.
LICENSE
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
· Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
· Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
· Neither the name of Red Hat nor the names of its contributors may be used to endorse
or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.