| Solaris |
|
|
SMF based SysConfig manifest
SMF based System Configuration manifest
History
Originally, System Configuration (SC) manifest was being processed by Automated Installer and configuration was applied to the target system at the end of the installation. Any enhancement in that area required modifications to Automated Installer itself. Such approach was not extensible, it lacked flexibility as well as it was hard to maintain.
How it works now
Starting build 144, process of configuration was decoupled from the installation itself and configuration of particular areas was delegated to smf(5) services. Target system is configured by dedicated SMF services during first boot.
SC manifest is now in form of SMF profile which specifies system configuration as a set of SMF properties for appropriate SMF services. Automated Installer is no longer involved in processing the manifest itself. Instead, Automated Installer only syntactically validates SC manifest and then copies it to the directory dedicated for SMF profiles on target system.
Then when installed system is booted for the first time, SMF profile is applied during process of Early Manifest Import before any SMF service is started. It assures that properties contain desired values by the time configuration SMF services carry out particular configuration tasks.
What can be configured
Virtually anything. To be more precise, anything which is configurable via smf properties. And speaking about core set of parameters we want to have configurable, then
Root and user account
svc:/system/config-user smf service takes care of configuring user and root accounts. It recognizes two property groups:
- root_account - encapsulates smf properties configuring root account.
- user_account - encapsulates smf properties configuring user account.
The root_account property group can contain following properties:
| property | type | required | description |
|---|---|---|---|
| password | astring | yes | Encrypted root password. |
| type | astring | no | Account type (normal or role). normal is the default. |
| expire | string | no | Expiration date for login. If set to '0' (zero), user will be forced to change root password at the next login by expiring the password. |
The user_account property group can contain following properties:
| property | type | required | description |
|---|---|---|---|
| login | astring | yes | Login. |
| password | astring | yes | Encrypted user password. |
| description | astring | no | Usually user's full name. |
| shell | astring | no | Full pathname of the program used as the user's shell on login. |
| uid | count | no | UID of the new user. 101 is the default. |
| gid | count | no | New user's primary group membership. 10 is the default. |
| type | astring | no | Account type (normal or role). normal is the default. |
| profiles | astring | no | One or more comma-separated execution profiles defined in prof_attr(4). |
| roles | astring | no | One or more comma-separated roles defined in user_attr(4). |
| sudoers | astring | no | Entry put along with login into sudoers(4) file. |
| expire | astring | no | Expiration date for login. If set to '0' (zero), user will be forced to change root password at the next login by expiring the password. |
| home_zfs_dataset | astring | no | user's home directory ZFS dataset. Default is <root_pool>/export/home/<login>. |
| home_mountpoint | astring | no | user's home directory mountpoint. Default is /export/home/<login>. |
See design specification for more details.
System identity
svc:/system/identity:node smf service takes care of setting the host name
The above :node refers to the instance of svc:/system/identity
- <instance enabled="true" name="node">
| property | type | required | description |
|---|---|---|---|
| nodename | astring | no | Host name, defaults to 'unknown' |
Time Zone
svc:/system/timezone smf service takes care of setting the time zone
The timezone property group can contain following property:
| property | type | required | description |
|---|---|---|---|
| localtime | astring | no | Time zone, defaults to 'UTC' |
Locale
svc:/system/environment:init smf service takes care of configuring locale
The environment property group can define following environment variables (see environ(5) man page for details):
| property | type | required | default |
|---|---|---|---|
| LC_CTYPE | astring | no | 'C' |
| LC_NUMERIC | astring | no | 'C' |
| LC_TIME | astring | no | 'C' |
| LC_COLLATE | astring | no | 'C' |
| LC_MONETARY | astring | no | 'C' |
| LC_MESSAGES | astring | no | 'C' |
| LC_ALL | astring | no | 'C' |
| LANG | astring | no | 'C' |
Terminal type
svc:/system/console-login smf service takes care of configuring terminal type. See ttymon(1M) man page for definition of smf properties.
Keyboard layout
svc:/system/keymap smf service takes care of configuring keyboard layout. See kbd(1) man page for definition of smf properties.
Static IP and DNS
PSARC/2010/164 delivered two new SMF services to the system: svc:/network/install and svc:/network/dns/install (now obsoleted by svc:/network/dns/client - see below). Each of these services contain properties that can be used by the services to configure an initial physical network interface and/or an initial DNS client configuration. The services are initially disabled with property values that do not result in any system configuration. These services can be enabled and appropriate properties configured in System Configuration manifest.
The svc:/network/install service supports configuring one IPv4 interface and/or one IPv6 interface and, optionally, a default route reachable by these interfaces. The service defines two property groups, one for an IPv4 interface and one for an IPv6 interface. The service uses its properties and ipadm(1M) to configure the network interfaces. And similarly, the service uses its properties and route(1M) to define a default route.
The install_ipv4_interface property group contains the following properties:
| property | type | required | description |
|---|---|---|---|
| name | astring | yes | Name of network interface. |
| address_type | astring | yes | Value used to construct the -T option for the ipadm(1M) create-addr sub-command. Therefore, the valid values are static or dhcp. |
| static_address | net_address_v4 | no | Only required with an 'address_type' of static. Used to construct the local address for the ipadm(1M) create-addr sub-command. |
| dhcp_wait | astring | no | Only applies with an 'address_type' of dhcp. If defined, it is used to construct the -w <seconds> (or forever) portion of the ipadm(1M) create-addr sub-command. |
| default_route | net_address_v4 | no | Used to define a default route using route(1M). In other words, /usr/sbin/route -p add default default-route -ifp ifname (where ifname is the interface name portion of the 'name' property). |
The install_ipv6_interface property group contains the following properties:
| property | type | required | description |
|---|---|---|---|
| name | astring | yes | Name of network interface. |
| address_type | astring | yes | Value used to construct the -T option for the ipadm(1M) create-addr sub-command. Therefore, the valid values are static or addrconf. |
| static_address | net_address_v6 | no | Only required with an 'address_type' of static. Used to construct the local address for the ipadm(1M) create-addr sub-command. |
| interface_id | net_address_v6 | no | Only applies with an 'address_type' of addrconf. If defined, then used to construct the -i interface_id portion of the ipadm(1M) create-addr sub-command. |
| stateless | astring | no | Only applies with an 'address_type' of addrconf. If defined, then used to construct the -p stateless=yes|no portion of the ipadm(1M) create-addr sub-command. |
| stateful | astring | no | Only applies with an 'address_type' of addrconf. If defined, then used to construct the -p stateful=yes|no portion of the ipadm(1M) create-addr sub-command. |
| default_route | net_address_v6 | no | Used to define a default route using route(1M). In other words, /usr/sbin/route -p add default default-route -ifp ifname (where ifname is the interface name portion of the 'name' property). |
The svc:/network/dns/client service supports the configuration of a DNS client. The service defines one property group, config. The service uses its properties to construct a DNS resolv.conf(4) file.
The config property group contains the following properties:
| property | type | required | description |
|---|---|---|---|
| domain | astring | no | If defined, contains the value of the local domain name. Its value is used to construct the domain directive in resolv.conf(4). |
| nameserver | net_address | yes | Used to construct the nameserver directives in resolv.conf(4). It has an SMF property type of 'net_address', but should contain an 'net_address_list' of IPv4 and/or IPv6 addresses. |
| search | astring | no | If defined, it contains a value for the search order host name lookup. Its value is used to construct the search directive in resolv.conf(4). It has an SMF property type of 'astring', but should contain an 'astring_list' of domain values. |
NOTE
What is both implicit, and intentional, about the way that the svc:/network/install:default service processes its network interface related properties is that the properties are intended to define a static configuration that can be used by a system that is running the svc:/network/physical:default service. This limitation (i.e. no support for static NWAM configurations) meets installs current requirements. In the future, it is anticipated that the split between svc:/network/physical:default and svc:/network/physical:nwam will disappear. When that happens, these interfaces will need to be re-addressed in that context.
See also
When something goes wrong
TBD
Examples
Finding and editing the sample profile
A sample profile is provided. It can be found in the image path of the AI service for which you want to write the profile. The sample is at:
- <image_path>/auto_install/sc_profiles/sc_sample.xml
The <image_path> for a service can be found with 'installadm list'
Configuring root account only with password expired
<service name="system/config-user" version="1" type="service">
<instance name="default" enabled="true">
<property_group name="root_account" type="application">
<propval name="password" value="$5$VgppCOxA$ycFmYW4ObRRHhtsGEygDdexk5bugqgSiaSR9niNCouC"/>
<propval name="type" value="normal"/>
<propval name="expire" value="0"/>
</property_group>
</instance>
</service>Setting host name to 'solaris'
<service name="system/identity" version="1" type="service">
<instance name="node" enabled="true">
<property_group name="config" type="application">
<propval name="nodename" value="solaris"/>
</property_group>
</instance>
</service>vt100 terminal type
<service name="system/console-login" version="1" type="service">
<instance name="default" enabled="true">
<property_group name="ttymon" type="application">
<propval name="terminal_type" value="vt100"/>
</property_group>
</instance>
</service>Czech keyboard layout
<service name='system/keymap' version='1' type='service'>
<instance name='default' enabled='true'>
<property_group name='keymap' type='system'>
<propval name='layout' value='Czech'/>
</property_group>
</instance>
</service>Time zone
<service name='system/timezone' version='1'>
<instance name='default' enabled='true'>
<property_group name='timezone'>
<propval name='localtime' value='UTC'/>
</property_group>
</instance>
</service>Locale
<service name='system/environment' version='1'>
<instance name='init' enabled='true'>
<property_group name='environment'>
<propval name='LC_ALL' value='cs_CZ.UTF-8'/>
</property_group>
</instance>
</service>Networking configuration
The following System Configuration manifest configures
- bge0 with IPv4 static address 10.0.0.10, netmask 255.0.0.0
- 10.0.0.1 IPv4 default route
- bge1 with IPv6 addrconf address type
- DNS 8.8.8.8 nameserver
- example1.com as local DNS domain name
- example2.com, example3.com as DNS search list for host name lookup
The netmask is specified with the notation <IP address>/<netmask>
- where <netmask> is a number specifying the number of high-order bits of the netmask.
Examples of netmask values:
- 8 -> 255.0.0.0
- 16 -> 255.255.0.0
- 24 -> 255.255.255.0
The NWAM service should be explicitly disabled for a static configuration.
<service name="network/physical" version="1" type="service">
<instance name="nwam" enabled="false"/>
<instance name="default" enabled="true"/>
</service>
<service name='network/install' version='1' type='service'>
<instance name='default' enabled='true'>
<property_group name='install_ipv4_interface' type='application'>
<propval name='name' value='bge0/v4'/>
<propval name='address_type' value='static'/>
<propval name='static_address' type='net_address_v4' value='10.0.0.10/8'/>
<propval name='default_route' type='net_address_v4' value='10.0.0.1'/>
</property_group>
<property_group name='install_ipv6_interface' type='application'>
<propval name='name' type='astring' value='bge1/v6'/>
<propval name='address_type' type='astring' value='addrconf'/>
<propval name='stateless' type='astring' value='yes'/>
<propval name='stateful' type='astring' value='yes'/>
</property_group>
</instance>
</service>
<service name='network/dns/client' version='1' type='service'>
<instance name='default' enabled='true'>
<property_group name='install_props' type='application'>
<property name='nameserver' type='net_address'>
<net_address_list>
<value_node value='8.8.8.8'/>
</net_address_list>
</property>
<propval name='domain' type='astring' value='example1.com'/>
<property name='search' type='astring'>
<astring_list>
<value_node value='example2.com'/>
<value_node value='example3.com'/>
</astring_list>
</property>
</property_group>
</instance>
</service>Name Service configuration
Starting with S11 release 167, name services can be configured
The sysconfig program can be used to generate profiles for name services. The sysconfig program will prompt for basic configuration information.
- sysconfig create-profile -g naming_services -o ./my_name_services.xml
Starting in release 171, option "-g naming_services" indicates that only name services will be output
Use the "-o <path>" option to specify the XML output file.
The following System Configuration profile configures:
- name service DNS
- server IP addresses 1.1.1.1 and 2.2.2.2
- domain dom.ain.com
- search list dom.ain.com ain.com
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<!-- name-service/switch below for DNS only - (see nsswitch.conf(4)) -->
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- name-service/cache must be present along with name-service/switch -->
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<property_group type="application" name="config">
<!-- Note: use property with net_address_list and value_node as below -->
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="1.1.1.1"/>
<value_node value="2.2.2.2"/>
</net_address_list>
</property>
<propval type="astring" name="domain" value="dom.ain.com"/>
<!-- Note: use property with astring_list and value_node,
concatenating search names, as below -->
<property type="astring" name="search">
<astring_list>
<value_node value="dom.ain.com ain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>The following System Configuration profile:
- configures name service NIS with automatic broadcasting for a NIS server, which must be on the same subnet
- configures the NIS domain "my.domain.com"
- enables the name service cache service, which is required
- disables the DNS name service
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<!-- service name-service/switch below for NIS only - (see nsswitch.conf(4)) -->
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files nis"/>
<propval type="astring" name="printer" value="user files nis"/>
<propval type="astring" name="netgroup" value="nis"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- service name-service/cache must be present along with name-service/switch -->
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<!-- if no DNS, must be explicitly disabled to avoid error msgs -->
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- configure the NIS client service to broadcast the subnet for a NIS server -->
<service version="1" type="service" name="network/nis/client">
<property_group type="application" name="config">
<propval type="boolean" name="use_broadcast" value="true"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>The following System Configuration profile configures:
- name service NIS with server IP address 10.0.0.10, domain mydomain.com
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<!-- name-service/switch below for NIS only - (see nsswitch.conf(4)) -->
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files nis"/>
<propval type="astring" name="printer" value="user files nis"/>
<propval type="astring" name="netgroup" value="nis"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<!-- name-service/cache must be present along with name-service/switch -->
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<!-- if no DNS, must be explicitly disabled to avoid error msgs -->
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="mydomain.com"/>
<!-- Note: use property with net_address_list and value_node as below -->
<property type="net_address" name="ypservers">
<net_address_list>
<value_node value="10.0.0.10"/>
</net_address_list>
</property>
</property_group>
<!-- configure default instance separate from property_group -->
<instance enabled="true" name="default"/>
</service>
<!-- enable the NIS client service -->
<service version="1" type="service" name="network/nis/client">
<instance enabled="true" name="default"/>
</service>
</service_bundle>The following System Configuration profile configures:
- name service LDAP with server IP address 10.0.0.10
- domain my.domain.com is specified in service system/nis/domain
- LDAP search base is required, here dc=my,dc=domain,dc=com
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files ldap"/>
<propval type="astring" name="printer" value="user files ldap"/>
<propval type="astring" name="netgroup" value="ldap"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/ldap/client">
<property_group type="application" name="config">
<propval type="astring" name="profile" value="default"/>
<property type="host" name="server_list">
<host_list>
<value_node value="10.0.0.10"/>
</host_list>
</property>
<propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>The following System Configuration profile configures LDAP with a secure LDAP server:
- name service LDAP with server IP address 10.0.0.10
- domain my.domain.com is specified in service system/nis/domain
- LDAP search base is required, here dc=my,dc=domain,dc=com
- LDAP proxy bind distinguished name cn=proxyagent,ou=profile,dc=my,dc=domain,dc=com
- LDAP proxy bind password, encrypted
As a security measure, the proxy bind password is encrypted. The encrypted value may be found
- by using 'sysconfig create-profile' taking the bind_passwd property value
- by taking the value from the SMF configuration on the LDAP server
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files ldap"/>
<propval type="astring" name="printer" value="user files ldap"/>
<propval type="astring" name="netgroup" value="ldap"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<instance enabled="false" name="default"/>
</service>
<service version="1" type="service" name="network/ldap/client">
<property_group type="application" name="config">
<propval type="astring" name="profile" value="default"/>
<property type="host" name="server_list">
<host_list>
<value_node value="10.0.0.10"/>
</host_list>
</property>
<propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/>
</property_group>
<property_group type="application" name="cred">
<propval type="astring" name="bind_dn" value="cn=proxyagent,ou=profile,dc=my,dc=domain,dc=com"/>
<!-- note that the password below is encrypted -->
<propval type="astring" name="bind_passwd" value="{NS1}c2ab873ae7c5ceefa4b9"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>DNS name service can be used in conjunction with LDAP name service. A typical usage is for DNS to resolve node names (including the LDAP server name), and for LDAP to resolve all other names. The following profile demonstrates this:
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files ldap"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files ldap"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<property_group type="application" name="config">
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="10.0.0.10"/>
</net_address_list>
</property>
<propval type="astring" name="domain" value="my.domain.com"/>
<property type="astring" name="search">
<astring_list>
<value_node value="my.domain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/ldap/client">
<property_group type="application" name="config">
<propval type="astring" name="profile" value="default"/>
<property type="host" name="server_list">
<host_list>
<!-- here, DNS is expected to resolve the LDAP server by name -->
<value_node value="ldapserver.my.domain.com"/>
</host_list>
</property>
<propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>Similarly, NIS can be used in conjunction with DNS:
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files nis"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files nis"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<property_group type="application" name="config">
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="10.0.0.10"/>
</net_address_list>
</property>
<propval type="astring" name="domain" value="my.domain.com"/>
<property type="astring" name="search">
<astring_list>
<value_node value="my.domain.com"/>
</astring_list>
</property>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/domain">
<property_group type="application" name="config">
<propval type="hostname" name="domainname" value="my.domain.com"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/nis/client">
<property_group type="application" name="config">
<propval type="boolean" name="use_broadcast" value="true"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>
Terms of Use
|
Privacy
|
Trademarks
|
Copyright Policy
|
Site Guidelines
|
Site Map
|
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
© 2012, Oracle Corporation and/or its affiliates.