NAME

SYNOPSIS

 nbdkit [-D|--debug PLUGIN|FILTER|nbdkit.FLAG=N]
        [-e|--exportname EXPORTNAME] [--exit-with-parent]
        [--filter FILTER ...] [-f|--foreground]
        [-g|--group GROUP] [-i|--ipaddr IPADDR]
        [--log stderr|syslog|null]
        [-n|--newstyle] [--mask-handshake MASK] [--no-sr] [-o|--oldstyle]
        [-P|--pidfile PIDFILE]
        [-p|--port PORT] [-r|--readonly]
        [--run CMD] [-s|--single] [--selinux-label LABEL] [--swap]
        [-t|--threads THREADS]
        [--tls off|on|require]
        [--tls-certificates /path/to/certificates]
        [--tls-psk /path/to/pskfile] [--tls-verify-peer]
        [-U|--unix SOCKET] [-u|--user USER]
        [-v|--verbose] [-V|--version] [--vsock]
        PLUGIN [[KEY=]VALUE [KEY=VALUE [...]]]
 
 nbdkit --dump-config
 
 nbdkit PLUGIN --dump-plugin
 
 nbdkit --help

DESCRIPTION

nbdkit is both a toolkit for creating NBD servers from “unconventional” sources, and the name of an NBD server. nbdkit ships with many plugins for performing common tasks like serving local files.

EXAMPLES

 nbdkit --help
 nbdkit --version
 nbdkit --dump-config
 nbdkit example1 --help
 nbdkit example1 --dump-plugin

GLOBAL OPTIONS

--help

Display brief command line usage information and exit.

-D PLUGIN.FLAG=N

-D FILTER.FLAG=N

--debug PLUGIN.FLAG=N

--debug FILTER.FLAG=N

Set the plugin or filter Debug Flag called "FLAG" to the integer value "N". See "Debug Flags" in nbdkit-plugin(3).

-D nbdkit.FLAG=N

--debug nbdkit.FLAG=N

Set the nbdkit server Debug Flag called "FLAG" to the integer value "N". See "SERVER DEBUG FLAGS" below.

--dump-config

Dump out the compile-time configuration values and exit. See nbdkit-probing(1).

--dump-plugin

Dump out information about the plugin and exit. See nbdkit-probing(1).

--exit-with-parent

If the parent process exits, we exit. This can be used to avoid complicated cleanup or orphaned nbdkit processes. There are some important caveats with this, see "EXIT WITH PARENT" in nbdkit-captive(1).

An alternative to this is "CAPTIVE NBDKIT" in nbdkit-captive(1).

This option implies --foreground.

-e EXPORTNAME

--export EXPORTNAME

--export-name EXPORTNAME

--exportname EXPORTNAME

Set the exportname.

If not set, exportname "" (empty string) is used. Exportnames are not allowed with the oldstyle protocol.

-f

--foreground

--no-fork

Don't fork into the background.

--filter FILTER

Add a filter before the plugin. This option may be given one or more times to stack filters in front of the plugin. They are processed in the order they appear on the command line. See "FILTERS" and nbdkit-filter(3).

-g GROUP

--group GROUP

Change group to "GROUP" after starting up. A group name or numeric group ID can be used.

The server needs sufficient permissions to be able to do this. Normally this would mean starting the server up as root.

See also -u.

-i IPADDR

--ip-addr IPADDR

--ipaddr IPADDR

Listen on the specified interface. The default is to listen on all interfaces. See also -p.

--log=stderr

--log=syslog

--log=null

Send error messages to standard error (--log=stderr), or to the system log (--log=syslog), or discard them completely (--log=null, not recommended for normal use).

The default is to send error messages to stderr, unless nbdkit forks into the background in which case they are sent to syslog.

For more details see "LOGGING" in nbdkit-service(1).

-n

--new-style

--newstyle

Use the newstyle NBD protocol. This is the default in nbdkit ≥ 1.3. In earlier versions the default was oldstyle. See nbdkit-protocol(1).

--no-sr

Do not advertise structured replies. A client must request structured replies to take advantage of block status and potential sparse reads; however, as structured reads are not a mandatory part of the newstyle NBD protocol, this option can be used to debug client fallbacks for dealing with older servers. See nbdkit-protocol(1).

-o

--old-style

--oldstyle

Use the oldstyle NBD protocol. This was the default in nbdkit ≤ 1.2, but now the default is newstyle. Note this is incompatible with newer features such as export names and TLS. See nbdkit-protocol(1).

-P PIDFILE

--pid-file PIDFILE

--pidfile PIDFILE

Write "PIDFILE" (containing the process ID of the server) after nbdkit becomes ready to accept connections.

If the file already exists, it is overwritten. nbdkit does not delete the file when it exits.

-p PORT

--port PORT

Change the TCP/IP port number on which nbdkit serves requests. The default is 10809. See also -i.

-r

--read-only

--readonly

The export will be read-only. If a client writes, then it will get an error.

Note that some plugins inherently don't support writes. With those plugins the -r option is added implicitly.

nbdkit-cow-filter(1) can be placed over read-only plugins to provide copy-on-write (or "snapshot") functionality. If you are using qemu as a client then it also supports snapshots.

--run CMD

Run nbdkit as a captive subprocess of "CMD". When "CMD" exits, nbdkit is killed. See "CAPTIVE NBDKIT" in nbdkit-captive(1).

This option implies --foreground.

-s

--single

--stdin

Don't fork. Handle a single NBD connection on stdin/stdout. After stdin closes, the server exits.

You can use this option to run nbdkit from inetd or similar superservers; or just for testing; or if you want to run nbdkit in a non-conventional way. Note that if you want to run nbdkit from systemd, then it may be better to use "SOCKET ACTIVATION" in nbdkit-service(1) instead of this option.

This option implies --foreground.

--selinux-label SOCKET-LABEL

Apply the SELinux label "SOCKET-LABEL" to the nbdkit listening socket.

The common — perhaps only — use of this option is to allow libvirt guests which are using SELinux and sVirt confinement to access nbdkit Unix domain sockets:

 nbdkit --selinux-label system_u:object_r:svirt_t:s0 ...
    

--swap

Specifies that the NBD device will be used as swap space loop mounted on the same machine which is running nbdkit. To avoid deadlocks this locks the whole nbdkit process into memory using mlockall(2). This may require additional permissions, such as starting the server as root or raising the "RLIMIT_MEMLOCK" (ulimit(1) -l) limit on the process.

-t THREADS

--threads THREADS

Set the number of threads to be used per connection, which in turn controls the number of outstanding requests that can be processed at once. Only matters for plugins with thread_model=parallel (where it defaults to 16). To force serialized behavior (useful if the client is not prepared for out-of-order responses), set this to 1.

--tls=off

--tls=on

--tls=require

Disable, enable or require TLS (authentication and encryption support). See nbdkit-tls(1).

--tls-certificates /path/to/certificates

Set the path to the TLS certificates directory. If not specified, some built-in paths are checked. See nbdkit-tls(1) for more details.

--tls-psk /path/to/pskfile

Set the path to the pre-shared keys (PSK) file. If used, this overrides certificate authentication. There is no built-in path. See nbdkit-tls(1) for more details.

--tls-verify-peer

Enables TLS client certificate verification. The default is not to check the client's certificate.

-U SOCKET

--unix SOCKET

-U -

--unix -

Accept connections on the Unix domain socket "SOCKET" (which is a path).

nbdkit creates this socket, but it will probably have incorrect permissions (too permissive). If it is a problem that some unauthorized user could connect to this socket between the time that nbdkit starts up and the authorized user connects, then put the socket into a directory that has restrictive permissions.

nbdkit does not delete the socket file when it exits. The caller should delete the socket file after use (else if you try to start nbdkit up again you will get an "Address already in use" error).

If the socket name is - then nbdkit generates a randomly named private socket. This is useful with "CAPTIVE NBDKIT" in nbdkit-captive(1).

-u USER

--user USER

Change user to "USER" after starting up. A user name or numeric user ID can be used.

The server needs sufficient permissions to be able to do this. Normally this would mean starting the server up as root.

See also -g.

-v

--verbose

Enable verbose messages.

It's a good idea to use -f as well so the process does not fork into the background (but not required).

-V

--version

Print the version number of nbdkit and exit.

The --dump-config option provides separate major and minor numbers and may be easier to parse from shell scripts.

--vsock

Use the AF_VSOCK protocol (instead of TCP/IP). You must use this in conjunction with -p/--port. See "AF_VSOCK" in nbdkit-service(1).

PLUGIN NAME

 nbdkit $libdir/nbdkit/plugins/nbdkit-file-plugin.so [...]

but it is usually more convenient to use this equivalent syntax:

 nbdkit file [...]

$libdir is set at compile time. To print it out, do:

 nbdkit --dump-config

PLUGIN CONFIGURATION

 nbdkit file file=disk.img

To list all the options supported by a plugin, do:

 nbdkit --help file

To dump information about a plugin, do:

 nbdkit file --dump-plugin

 nbdkit file disk.img

 nbdkit perl foo.pl [args...]

 nbdkit perl script=foo.pl [args...]

 #!/usr/sbin/nbdkit perl
 sub open {
   # etc
 }

SERVER DEBUG FLAGS

-D nbdkit.backend.controlpath=0

-D nbdkit.backend.controlpath=1

-D nbdkit.backend.datapath=0

-D nbdkit.backend.datapath=1

These flags control the verbosity of nbdkit backend debugging messages (the ones which show every request processed by the server). The default for both settings is 1 (normal debugging) but you can set them to 0 to suppress these messages.

"-D nbdkit.backend.datapath=0" is the more useful setting which lets you suppress messages about pread, pwrite, zero, trim, etc. commands. When transferring large amounts of data these messages are numerous and not usually very interesting.

"-D nbdkit.backend.controlpath=0" suppresses the non-datapath commands (config, open, close, can_write, etc.)

SIGNALS

"SIGINT"

"SIGQUIT"

"SIGTERM"

The server exits cleanly.

"SIGPIPE"

This signal is ignored.

ENVIRONMENT VARIABLES

"LISTEN_FDS"

"LISTEN_PID"

If present in the environment when nbdkit starts up, these trigger "SOCKET ACTIVATION" in nbdkit-service(1).

SEE ALSO

AUTHORS

Richard W.M. Jones

Yann E. MORIN

Nir Soffer

Pino Toscano

COPYRIGHT

LICENSE

• Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
• Neither the name of Red Hat nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.