Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
QEMU-NBD(8)			     QEMU			   QEMU-NBD(8)

NAME
       qemu-nbd	- QEMU Disk Network Block Device Server

SYNOPSIS
       qemu-nbd	[OPTION]... filename

       qemu-nbd	-L [OPTION]...

       qemu-nbd	-d dev

DESCRIPTION
       Export a	QEMU disk image	using the NBD protocol.

       Other uses:

        Bind a	/dev/nbdX block	device to a QEMU server	(on Linux).

        As a client to	query exports of a remote NBD server.

OPTIONS
       filename	 is a disk image filename, or a	set of block driver options if
       --image-opts is specified.

       dev is an NBD device.

       --object	type,id=ID,...
	      Define a new instance of the type	object class identified	by ID.
	      See the qemu(1) manual page for full details of  the  properties
	      supported. The common object types that it makes sense to	define
	      are  the secret object, which is used to supply passwords	and/or
	      encryption keys, and the tls-creds object, which is used to sup-
	      ply TLS credentials for the qemu-nbd server or client.

       -p, --port=PORT
	      TCP port to listen on as a server, or connect  to	 as  a	client
	      (default 10809).

       -o, --offset=OFFSET
	      The offset into the image.

       -b, --bind=IFACE
	      The  interface to	bind to	as a server, or	connect	to as a	client
	      (default 0.0.0.0).

       -k, --socket=PATH
	      Use a unix socket	with path PATH.

       --image-opts
	      Treat filename as	a set of image options,	 instead  of  a	 plain
	      filename.	 If  this flag is specified, the -f flag should	not be
	      used, instead the	format=	option should be set.

       -f, --format=FMT
	      Force the	use of the block driver	 for  format  FMT  instead  of
	      auto-detecting.

       -r, --read-only
	      Export the disk as read-only.

       -A, --allocation-depth
	      Expose   allocation   depth  information	via  the  qemu:alloca-
	      tion-depth     metadata	  context      accessible      through
	      NBD_OPT_SET_META_CONTEXT.

       -B, --bitmap=NAME
	      If  filename  has	 a  qcow2  persistent bitmap NAME, expose that
	      bitmap via the qemu:dirty-bitmap:NAME metadata context  accessi-
	      ble through NBD_OPT_SET_META_CONTEXT.

       -s, --snapshot
	      Use  filename  as	 an external snapshot, create a	temporary file
	      with backing_file=filename, redirect the write to	the  temporary
	      one.

       -l, --load-snapshot=SNAPSHOT_PARAM
	      Load  an	internal  snapshot inside filename and export it as an
	      read-only	   device,    SNAPSHOT_PARAM	format	  is	 snap-
	      shot.id=[ID],snapshot.name=[NAME]	or [ID_OR_NAME]

       --cache=CACHE
	      The cache	mode to	be used	with the file. Valid values are: none,
	      writeback	 (the  default),  writethrough,	directsync and unsafe.
	      See the documentation of the emulator's -drive cache=...	option
	      for more info.

       -n, --nocache
	      Equivalent to --cache=none.

       --aio=AIO
	      Set the asynchronous I/O mode between threads (the default), na-
	      tive (Linux only), and io_uring (Linux 5.1+).

       --discard=DISCARD
	      Control  whether	discard	(also known as trim or unmap) requests
	      are ignored or passed to the filesystem. DISCARD is one  of  ig-
	      nore (or off), unmap (or on).  The default is ignore.

       --detect-zeroes=DETECT_ZEROES
	      Control  the automatic conversion	of plain zero writes by	the OS
	      to driver-specific optimized zero	write commands.	 DETECT_ZEROES
	      is one of	off, on, or unmap.  unmap converts a zero write	to  an
	      unmap operation and can only be used if DISCARD is set to	unmap.
	      The default is off.

       -c, --connect=DEV
	      Connect filename to NBD device DEV (Linux	only).

       -d, --disconnect
	      Disconnect the device DEV	(Linux only).

       -e, --shared=NUM
	      Allow  up	 to NUM	clients	to share the device (default 1), 0 for
	      unlimited.

       -t, --persistent
	      Don't exit on the	last connection.

       -x, --export-name=NAME
	      Set the  NBD  volume  export  name  (default  of	a  zero-length
	      string).

       -D, --description=DESCRIPTION
	      Set  the	NBD  volume  export  description,  as a	human-readable
	      string.

       -L, --list
	      Connect as a client and list all details about the  exports  ex-
	      posed  by	 a  remote NBD server.	This enables list mode,	and is
	      incompatible with	options	that change behavior related to	a spe-
	      cific export (such as --export-name, --offset, ...).

       --tls-creds=ID
	      Enable mandatory TLS encryption for the server by	setting	the ID
	      of the  TLS  credentials	object	previously  created  with  the
	      --object	option;	or provide the credentials needed for connect-
	      ing as a client in list mode.

       --tls-hostname=hostname
	      When validating an x509 certificate received over	a TLS  connec-
	      tion,  the  hostname that	the NBD	client used to connect will be
	      checked against information in the server	provided  certificate.
	      Sometimes	 it might be required to override the hostname used to
	      perform this check. For example, if the NBD client  is  using  a
	      tunnel  from  localhost  to  connect  to	the remote server, the
	      --tls-hostname option should be used to set the  officially  ex-
	      pected  hostname of the remote NBD server. This can also be used
	      if accessing NBD over a UNIX socket where	there is  no  inherent
	      hostname	available. This	is only	permitted when acting as a NBD
	      client with the --list option.

       --fork Fork off the server process and exit the parent once the	server
	      is running.

       --pid-file=PATH
	      Store the	server's process ID in the given file.

       --tls-authz=ID
	      Specify  the  ID	of a qauthz object previously created with the
	      --object option. This will be used to authorize connecting users
	      against their x509 distinguished name.

       -v, --verbose
	      Display extra debugging information. This	option also keeps  the
	      original	STDERR	stream	open if	the qemu-nbd process is	daemo-
	      nized due	to other options like --fork or	-c.

       -h, --help
	      Display this help	and exit.

       -V, --version
	      Display version information and exit.

       -T, --trace [[enable=]PATTERN][,events=FILE][,file=FILE]
	      Specify tracing options.

	      [enable=]PATTERN
		 Immediately enable events matching PATTERN (either event name
		 or a globbing pattern).  This option  is  only	 available  if
		 QEMU has been compiled	with the simple, log or	ftrace tracing
		 backend.  To specify multiple events or patterns, specify the
		 -trace	option multiple	times.

		 Use -trace help to print a list of names of trace points.

	      events=FILE
		 Immediately enable events listed in FILE.  The	file must con-
		 tain  one event name (as listed in the	trace-events-all file)
		 per line; globbing patterns are accepted too.	This option is
		 only available	if QEMU	has been compiled with the simple, log
		 or ftrace tracing backend.

	      file=FILE
		 Log output traces to FILE.  This option is only available  if
		 QEMU has been compiled	with the simple	tracing	backend.

EXAMPLES
       Start a server listening	on port	10809 that exposes only	the guest-vis-
       ible contents of	a qcow2	file, with no TLS encryption, and with the de-
       fault  export name (an empty string). The command is one-shot, and will
       block until the first successful	client disconnects:

	  qemu-nbd -f qcow2 file.qcow2

       Start a long-running server listening with encryption  on  port	10810,
       and  allow  clients with	a specific X.509 certificate to	connect	to a 1
       megabyte	subset of a raw	file, using the	export name 'subset':

	  qemu-nbd \
	    --object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/qemutls \
	    --object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,\
		      O=Example	Org,,L=London,,ST=London,,C=GB'	\
	    --tls-creds	tls0 --tls-authz auth0 \
	    -t -x subset -p 10810 \
	    --image-opts driver=raw,offset=1M,size=1M,file.driver=file,file.filename=file.raw

       Serve a read-only copy of a guest image over a Unix socket with as many
       as 5 simultaneous readers, with a persistent process forked as  a  dae-
       mon:

	  qemu-nbd --fork --persistent --shared=5 --socket=/path/to/sock \
	    --read-only	--format=qcow2 file.qcow2

       Expose  the  guest-visible  contents of a qcow2 file via	a block	device
       /dev/nbd0 (and possibly creating	/dev/nbd0p1 and	friends	for partitions
       found within), then disconnect the device when done.   Access  to  bind
       qemu-nbd	 to  a /dev/nbd	device generally requires root privileges, and
       may also	require	the execution of modprobe nbd to enable	the kernel NBD
       client module.  CAUTION:	Do not use this	method	to  mount  filesystems
       from an untrusted guest image - a malicious guest may have prepared the
       image  to  attempt  to trigger kernel bugs in partition probing or file
       system mounting.

	  qemu-nbd -c /dev/nbd0	-f qcow2 file.qcow2
	  qemu-nbd -d /dev/nbd0

       Query a remote server to	see details about what export(s) it is serving
       on port 10809, and authenticating via PSK:

	  qemu-nbd \
	    --object tls-creds-psk,id=tls0,dir=/tmp/keys,username=eblake,endpoint=client \
	    --tls-creds	tls0 -L	-b remote.example.com

SEE ALSO
       qemu(1),	qemu-img(1)

AUTHOR
       Anthony Liguori <anthony@codemonkey.ws>

COPYRIGHT
       2023, The QEMU Project Developers

8.2.10				 Apr 12, 2025			   QEMU-NBD(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=qemu-nbd&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help