This chapter covers the tasks required to manage and monitor the Service Management Facility (SMF). In addition, information that is related to managing run level scripts is provided. The following topics are covered:
The following task map describes the procedures that are needed to use SMF.
Task |
Description |
For Instructions |
---|---|---|
Display the status of a service instance. |
Displays the status of all running service instances. | |
Display the service dependents. |
Display the services that are dependent on the specified service. |
How to Show Which Services Are Dependent on a Service Instance |
Display the dependencies of a service. |
Display the services that a specified service is dependent on. This information can be used to help identify what is preventing a service from starting. | |
Disable a service instance. |
Turns off a service that is not functioning properly or needs to be off to increase security. | |
Enable a service instance |
Starts a service. | |
Restart a service instance. |
Restart a service, without having to use separate commands to disable and then enable the service. | |
Modify a service instance. |
Modifies the configuration parameters of a specified service instance. | |
Changes a configuration property of a service controlled by inetd. | ||
Changes the startup options of a service controlled by inetd. |
How to Modify a Command-Line Argument for an inetd Controlled Service |
|
Convert inetd.conf entries. |
Converts inetd services into legacy-run services that can be monitored using SMF. | |
Repair a corrupt service configuration repository. |
Replaces a corrupt repository with a default version. | |
Boot a system without starting any services. |
Boots a system without starting any services so that configuration problems that prevent booting can be fixed. |
The following tasks show how to monitor SMF services.
This procedure can be used to show what services are running.
Run the svcs command.
Running this command without any options displays a status report of the service specified by the FMRI.
% svcs -l FMRI |
This example shows the status of a service that includes many contracts.
% svcs -l network/login:rlogin fmri svc:/network/login:rlogin enabled true state online next_state none restarter svc:/network/inetd:/default contract_id 42325 41441 40776 40348 40282 40197 39025 38381 38053\ 33697 28625 24652 23689 15352 9889 7194 6576 6360 5387 1475 3015\ 6545 6612 9302 9662 10484 16254 19850 22512 23394 25876 26113 27326\ 34284 37939 38405 38972 39200 40503 40579 41129 41194 |
This example shows the status of a service that includes dependencies.
% svcs -l network/smtp:sendmail fmri svc:/network/smtp:sendmail enabled true state online next_state none restarter svc:/system/svc/restarter:default contract_id 29462 dependency require_all/refresh file://localhost/etc/nsswitch.conf (-) dependency require_all/refresh file://localhost/etc/mail/sendmail.cf (-) dependency optional_all/none svc:/system/system-log (online) dependency require_all/refresh svc:/system/identity:domain (online) dependency require_all/refresh svc:/milestone/name-services (online) dependency require_all/none svc:/network/service (online) dependency require_all/none svc:/system/filesystem/local (online) |
The following command lists all services that are installed on the system as well as the status of each service. The command displays those services that are disabled as well as those that are enabled.
% svcs -a |
The following command lists services that are controlled by inetd. Each service's FMRI is listed, along with the run state and whether the service is enabled or disabled.
% inetadm |
This procedure shows how to determine which service instances depend on the specified service.
The following example shows how to determine which service instances are dependent on the multiuser milestone.
% svcs -D milestone/multi-user STATE STIME FMRI online Apr_08 svc:/milestone/multi-user-server:default |
This procedure shows how to determine which services a specified service instance is dependent on.
The following example shows the services instances that the multiuser milestone is dependent on.
% svcs -d milestone/multi-user:default STATE STIME FMRI disabled Aug_24 svc:/platform/sun4u/sf880drd:default online Aug_24 svc:/milestone/single-user:default online Aug_24 svc:/system/utmp:default online Aug_24 svc:/system/system-log:default online Aug_24 svc:/system/system-log:default online Aug_24 svc:/system/rmtmpfiles:default online Aug_24 svc:/network/rpc/bind:default online Aug_24 svc:/milestone/name-services:default online Aug_24 svc:/system/filesystem/local:default online Aug_24 svc:/system/mdmonitor:default |
Task |
Description |
For Instructions |
---|---|---|
Disable a service instance. |
Stops a running service and prevents the service from restarting. | |
Enable a service instance. |
Starts a service. In addition, the service will be restarted during subsequent reboots. | |
Restarting a service. |
Stops and starts a service with one command. | |
Restoring a service in maintenance state. |
Shows how to clean up and restart a service that is in maintenance state. | |
Revert to a snapshot. |
Uses a previous snapshot to correct problems with a service. | |
Create an profile. |
Create a profile to disable or enable services as needed. | |
Apply a profile. |
Uses the information in a profile to disable or enable services as needed. | |
Change the services and their configuration using the netservices command. |
Uses the information in the generic_limited.xml or generic_open.xml profiles to disable or enable services and make configuration changes to those services, as well. |
This section includes information on managing SMF services.
You can use RBAC rights profiles to allow users to manage some of the SMF services, without having to give the user root access. The rights profiles define what commands the user can run. For SMF, the following profiles have been created:
Service Management: User can add, delete or modify services.
Service Operator: User can request state changes of any service instance, such as restart and refresh.
For specific information about the authorizations, see the smf_security(5) man page. For instructions to assign a rights profile, see How to Change the RBAC Properties of a User in System Administration Guide: Security Services.
Use the following procedure to disable a service. The service status change is recorded in the service configuration repository. Once the service is disabled, the disabled state will persist across reboots. The only way to get the service running again is to enable it.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Check the dependents of the service you want to disable.
If this service has dependents that you need, then you cannot disable this service.
# svcs -D FMRI |
Disable the service.
# svcadm disable FMRI |
The output from the first command shows that the rlogin service has no dependents. The second command in this example disables the rlogin service. The third command shows that the state of the rlogin service instance is disabled.
# svcs -D network/login:rlogin # svcadm disable network/login:rlogin STATE STIME FMRI # svcs network/login:rlogin STATE STIME FMRI disabled 11:17:24 svc:/network/login:rlogin |
Use the following procedure to enable a service. The service status change is recorded in the service configuration repository. Once the service is enabled, the enabled state will persist across system reboots if the service dependencies are met.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Determine whether service dependencies are satisfied.
If the service is enabled, then the service dependencies are satisfied. If not, use svcadm enable -r FMRI to recursively enable all dependencies.
# svcs -l FMRI|grep enabled |
Enable a service.
# svcadm enable FMRI |
The second command in this example enables the rlogin service. The third command shows that the state of the rlogin service instance is online.
# svcs -l network/login:rlogin|grep enabled enabled false # svcadm enable network/login:rlogin # svcs network/login:rlogin STATE STIME FMRI online 12:09:16 svc:/network/login:rlogin |
The following command enables rpcbind. The -t option starts the service in temporary mode which does not change the service repository. The repository is not writable in single-user mode. The -r option recursively starts all the dependencies of the named service.
# svcadm enable -rt rpc/bind |
If a service is currently running but needs to be restarted due to a configuration change or some other reason, the service can be restarted without you having to type separate commands to stop and start the service. The only reason to specifically disable and then enable a service is if changes need to be made before the service is enabled, and after the service is disabled.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Restart a service.
# svcadm restart FMRI |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Determine if any process that are dependent to the service have not stopped.
Normally, when a service instance is in a maintenance state, all processes associated with that instance have stopped. However, you should make sure before you proceed. The following command lists all of the processes that are associated with a service instance as well as the PIDs for those processes.
# svcs -p FMRI |
(Optional) Kill any remaining processes.
Repeat this step for all processes that are displayed by the svcs command.
# pkill -9 PID |
If necessary, repair the service configuration.
Consult the appropriate service log files in /var/svc/log for a list of errors.
Restore the service.
# svcadm clear FMRI |
If the service configuration is wrong, the problem can be fixed by reverting to the last snapshot that started successfully. In this procedure, a previous snapshot of the console-login service is used.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Run the svccfg command.
# svccfg svc:> |
Select the service instance that you want to fix.
You must use an FMRI that fully defines the instance. No shortcuts are allowed.
svc:> select system/console-login:default svc:/system/console-login:default> |
Generate a list of available snapshots.
svc:/system/console-login:default> listsnap initial running start svc:/system/console-login:default> |
Select to revert to the start snapshot.
The start snapshot is the last snapshot in which the service successfully started.
svc:/system/console-login:default> revert start svc:/system/console-login:default> |
Quit svccfg.
svc:/system/console-login:default> quit # |
Update the information in the service configuration repository.
This step updates the repository with the configuration information from the start snapshot.
# svcadm refresh system/console-login |
Restart the service instance.
# svcadm restart system/console-login |
A profile is an XML file which lists SMF services and whether each should be enabled or disabled. Profiles are used to enable or disable many services at once. Not all services need to be listed in a profile. Each profile only needs to include those services that need to be enabled or disabled to make the profile useful.
Create a profile.
In this example, the svccfg command is used to create a profile which reflects which services are enabled or disabled on the current system. Alternately, you could make a copy of an existing profile to edit.
# svccfg extract> profile.xml |
If you are using Oracle Solaris JumpStart, if you have large numbers of identical systems, or if you want to archive the system configuration for later restoration, you may want to use this procedure to create a unique version of a SMF profile.
Edit the profile.xml file to make any required changes.
Change the name of the profile in the service_bundle declaration.
In this example the name is changed to profile.
# cat profile.xml ... <service_bundle type=`profile` name=`profile` xmIns::xi='http://www.w3.org/2003/XInclude' ... |
Remove any services that should not be managed by this profile.
For each service, remove the three lines that describe the service. Each service description starts with <service and ends with </service. This example shows the lines for the LDAP client service.
# cat profile.xml ... <service name='network/ldap/client' version='1' type='service'> <instance name='default' enabled='true'/> </service> |
Add any services that should be managed by this profile.
Each service needs to be defined using the three line syntax shown above.
If necessary, change the enabled flag for selected services.
In this example, the sendmail service is disabled.
# cat profile.xml ... <service name='network/smtp' version='1' type='service'> <instance name='sendmail' enabled='false'/> </service> ... |
When necessary, apply the new profile.
See How to Apply an SMF Profile for instructions.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Apply an profile.
In this example, the profile.xml profile is used.
# svccfg apply profile.xml |
For specific instructions for switching between the generic_limited_net.xml and generic_open.xml and the properties that need to be applied when making this switch, please see Changing Services Offered to the Network with generic*.xml
The netservices command switches system services between minimal network exposure and the traditional network exposure (as in previous Solaris releases). The switch is done with the generic_limited.xml and generic_open.xml profiles. In addition, some services properties are changed by the command to limit some services to a local-only mode or to the traditional mode, as appropriate.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Run the netservices command.
In this example, the open or traditional network exposure is selected.
# /usr/sbin/netservices open |
This command changes properties to run some services in local mode, as well as restricts which services are enabled with the generic_limited_net profile. The command should only be used if the generic_open.xml profile had been applied.
# /usr/sbin/netservices limited |
The following procedure shows how to change the configuration of a service that is not managed by the inetd service.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Make changes to the configuration files, as needed.
Many of the services have one or more configuration files that are used to define the startup or other configuration information. These files can be changed while the service is running. The contents of the files is only checked when the service is started.
Restart the service.
# svcadm restart FMRI |
To share a file system using the NFS service, you must define the file system in the /etc/dfs/dfstab file and then restart the NFS service. This example shows you what the dfstab file could look like, as well as how to restart the service.
# cat /etc/dfs/dfstab . . share -F nfs -o rw /export/home # svcadm restart svc:/network/nfs/server |
This procedure shows how to modify cron environment variables to help with debugging.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Verify that the service is running.
# svcs system/cron STATE STIME FMRI online Dec_04 svc:/system/cron:default |
Set environment variables.
In this example the UMEM_DEBUG and LD_PRELOAD environment variables are set. For information about the setenv subcommand refer to the svccfg(1M) man page.
# svccfg -s system/cron:default setenv UMEM_DEBUG default # svccfg -s system/cron:default setenv LD_PRELOAD libumem.so |
Refresh and restart the service.
# svcadm refresh system/cron # svcadm restart system/cron |
Verify that the change has been made.
# pargs -e `pgrep -f /usr/sbin/cron` 100657: /usr/sbin/cron envp[0]: LOGNAME=root envp[1]: LD_PRELOAD=libumem.so envp[2]: PATH=/usr/sbin:/usr/bin envp[3]: SMF_FMRI=svc:/system/cron:default envp[4]: SMF_METHOD=/lib/svc/method/svc-cron envp[5]: SMF_RESTARTER=svc:/system/svc/restarter:default envp[6]: TZ=GB envp[7]: UMEM_DEBUG=default # |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
List the properties for the specific service.
This command displays all of the properties for the service identified by the FMRI.
# inetadm -l FMRI |
Change the property for the service.
Each property for an inetd controlled service is defined by a property name and an assigned value. Supplying the property name without a specified value resets the property to the default value. Specific information about the properties for a service should be covered in the man page associated with the service.
# inetadm -m FMRI property-name=value |
Verify that the property has changed.
List the properties again to make sure that the appropriate change has occurred.
# inetadm -l FMRI |
Confirm that the change has taken effect.
Confirm the property change that the change has the desired effect.
The following example shows how to set the tcp_trace property for telnet to true. Checking the syslog output after running a telnet command shows that the change has taken effect.
# inetadm -l svc:/network/telnet:default SCOPE NAME=VALUE name="telnet" . . default inherit_env=TRUE default tcp_trace=FALSE default tcp_wrappers=FALSE # inetadm -m svc:/network/telnet:default tcp_trace=TRUE # inetadm -l svc:/network/telnet:default SCOPE NAME=VALUE name="telnet" . . default inherit_env=TRUE tcp_trace=TRUE default tcp_wrappers=FALSE # telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. login: root Password: Last login: Mon Jun 21 05:55:45 on console Sun Microsystems Inc. SunOS 5.10 s10_57 May 2004 # ^D Connection to localhost closed by foreign host. # tail -1 /var/adm/messages Jun 21 06:04:57 yellow-19 inetd[100308]: [ID 317013 daemon.notice] telnet[100625] from 127.0.0.1 32802 |
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
List the exec property for the specific service.
This command displays all the properties for the service identified by the FMRI. Adding the grep command restricts the output to the exec property for the service.
# inetadm -l FMRI|grep exec |
Change the exec property for the service.
The command-syntax set with the exec property defines the command string that is run when the service is started.
# inetadm -m FMRI exec="command-syntax " |
Verify that the property has changed.
List the properties again to make sure that the appropriate change has occurred.
# inetadm -l FMRI |
In this example, the -l option is added to the ftp daemon when it is started. The effect of this change can be seen by reviewing the syslog output after a ftp login session has been completed.
# inetadm -l svc:/network/ftp:default | grep exec exec="/usr/sbin/in.ftpd -a" # inetadm -m svc:/network/ftp:default exec="/usr/sbin/in.ftpd -a -l" # inetadm -l svc:/network/ftp:default SCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a -l" . . # ftp localhost Connected to localhost. 220 yellow-19 FTP server ready. Name (localhost:root): mylogin 331 Password required for mylogin. Password: 230 User mylogin logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp> quit 221-You have transferred 0 bytes in 0 files. 221-Total traffic for this session was 236 bytes in 0 transfers. 221-Thank you for using the FTP service on yellow-19. 221 Goodbye. # tail -2 /var/adm/messages Jun 21 06:54:33 yellow-19 ftpd[100773]: [ID 124999 daemon.info] FTP LOGIN FROM localhost [127.0.0.1], mylogin Jun 21 06:54:38 yellow-19 ftpd[100773]: [ID 528697 daemon.info] FTP session closed |
The following procedure converts inetd.conf entries into SMF service manifests. This procedure needs to be run any time a third-party application that depends on inetd is added to a system. Also run this procedure, if you need to make configuration changes to the entry in /etc/inetd.conf.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Convert the inetd.conf entries.
The inetconv command converts each entry in the selected file into service manifests.
# inetconv -i filename |
# inetconv -i /etc/inet/inetd.conf |
Task |
Description |
For Instructions |
---|---|---|
Stop or start a service. |
Use a run control script to stop or start a service. |
How to Use a Run Control Script to Stop or Start a Legacy Service |
Add a run control script. |
Create a run control script and add it to the /etc/init.d directory. | |
Disable a run control script. |
Disable a run control script by renaming the file. |
One advantage of having individual scripts for each run level is that you can run scripts in the /etc/init.d directory individually to stop system services without changing a system's run level.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Stop the system service.
# /etc/init.d/filename stop |
Restart the system service.
# /etc/init.d/filename start |
Verify that the service has been stopped or started.
# pgrep -f service |
For example, you can stop the NFS server daemons by typing the following:
# /etc/init.d/nfs.server stop # pgrep -f nfs |
Then, you can restart the NFS server daemons by typing the following:
# /etc/init.d/nfs.server start # pgrep -f nfs 101773 101750 102053 101748 101793 102114 # pgrep -f nfs -d, | xargs ps -fp UID PID PPID C STIME TTY TIME CMD daemon 101748 1 0 Sep 01 ? 0:06 /usr/lib/nfs/nfsmapid daemon 101750 1 0 Sep 01 ? 26:27 /usr/lib/nfs/lockd daemon 101773 1 0 Sep 01 ? 5:27 /usr/lib/nfs/statd root 101793 1 0 Sep 01 ? 19:42 /usr/lib/nfs/mountd daemon 102053 1 0 Sep 01 ? 2270:37 /usr/lib/nfs/nfsd daemon 102114 1 0 Sep 01 ? 0:35 /usr/lib/nfs/nfs4cbd |
If you want to add a run control script to start and stop a service, copy the script into the /etc/init.d directory. Then, create links in the rcn .d directory where you want the service to start and stop.
See the README file in each /etc/rc n.d directory for more information on naming run control scripts. The following procedure describes how to add a run control script.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Add the script to the /etc/init.d directory.
# cp filename/etc/init.d # chmod 0744 /etc/init.d/filename # chown root:sys /etc/init.d/filename |
Create links to the appropriate rc n.d directory.
# cd /etc/init.d # ln filename /etc/rc2.d/Snnfilename # ln filename /etc/rcn.d/Knnfilename |
Verify that the script has links in the specified directories.
# ls /etc/init.d/*filename /etc/rc2.d/*filename /etc/rcn.d/*filename |
The following example shows how to add a run control script for the xyz service.
# cp xyz /etc/init.d # chmod 0744 /etc/init.d/xyz # chown root:sys /etc/init.d/xyz # cd /etc/init.d # ln xyz /etc/rc2.d/S99xyz # ln xyz /etc/rc0.d/K99xyz # ls /etc/init.d/*xyz /etc/rc2.d/*xyz /etc/rc0.d/*xyz |
You can disable a run control script by renaming it with an underscore (_) at the beginning of the file name. Files that begin with an underscore or dot are not executed. If you copy a file by adding a suffix to it, both files will be run.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Rename the script by adding an underscore (_) to the beginning of the new file.
# cd /etc/rcn.d # mv filename_filename |
Verify that the script has been renamed.
# ls _* _filename |
The following example shows how to rename the S99datainit script.
# cd /etc/rc2.d # mv S99datainit _S99datainit # ls _* _S99datainit |
In this procedure, the print service is disabled.
Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Request information about the hung service.
# svcs -xv svc:/application/print/server:default (LP Print Service) State: disabled since Wed 13 Oct 2004 02:20:37 PM PDT Reason: Disabled by an administrator. See: http://sun.com/msg/SMF-8000-05 See: man -M /usr/share/man -s 1M lpsched Impact: 2 services are not running: svc:/application/print/rfc1179:default svc:/application/print/ipp-listener:default |
The -x option provides additional information about the service instances that are impacted.
Enable the service.
# svcadm enable application/print/server |
This procedure shows how to replace a corrupt repository with a default copy of the repository. When the repository daemon, svc.configd, is started, it does an integrity check of the configuration repository. This repository is stored in /etc/svc/repository.db. The repository can become corrupted due to one of the following reasons:
Disk failure
Hardware bug
Software bug
Accidental overwrite of the file
If the integrity check fails, the svc.configd daemon writes a message to the console similar to the following:
svc.configd: smf(5) database integrity check of: /etc/svc/repository.db failed. The database might be damaged or a media error might have prevented it from being verified. Additional information useful to your service provider is in: /etc/svc/volatile/db_errors The system will not be able to boot until you have restored a working database. svc.startd(1M) will provide a sulogin(1M) prompt for recovery purposes. The command: /lib/svc/bin/restore_repository can be run to restore a backup version of your repository. See http://sun.com/msg/SMF-8000-MY for more information. |
The svc.startd daemon then exits and starts sulogin to enable you to perform maintenance.
Enter the root password at the sulogin prompt. sulogin enables the root user to enter system maintenance mode to repair the system.
Run the following command:
# /lib/svc/bin/restore_repository |
Running this command takes you through the necessary steps to restore a non-corrupt backup. SMF automatically takes backups of the repository at key system moments. For more information see SMF Repository Backups.
When started, the /lib/svc/bin/restore_repository command displays a message similar to the following:
Repository Restore utility See http://sun.com/msg/SMF-8000-MY for more information on the use of this script to restore backup copies of the smf(5) repository. If there are any problems which need human intervention, this script will give instructions and then exit back to your shell. Note that upon full completion of this script, the system will be rebooted using reboot(1M), which will interrupt any active services. |
If the system that you are recovering is not a local zone, the script explains how to remount the / and /usr file systems with read and write permissions to recover the databases. The script exits after printing these instructions. Follow the instructions, paying special attention to any errors that might occur.
After the root ( /) file system is mounted with write permissions, or if the system is a local zone, you are prompted to select the repository backup to restore:
The following backups of /etc/svc/repository.db exists, from oldest to newest: ... list of backups ... |
Backups are given names, based on type and the time the backup was taken. Backups beginning with boot are completed before the first change is made to the repository after system boot. Backups beginning with manifest_import are completed after svc:/system/manifest-import:default finishes its process. The time of the backup is given in YYYYMMDD_HHMMSS format.
Enter the appropriate response.
Typically, the most recent backup option is selected.
Please enter one of: 1) boot, for the most recent post-boot backup 2) manifest_import, for the most recent manifest_import backup. 3) a specific backup repository from the above list 4) -seed-, the initial starting repository. (All customizations will be lost.) 5) -quit-, to cancel. Enter response [boot]:
If you press Enter without specifying a backup to restore, the default response, enclosed in [] is selected. Selecting -quit- exits the restore_repository script, returning you to your shell prompt.
Selecting -seed- restores the seed repository. This repository is designed for use during initial installation and upgrades. Using the seed repository for recovery purposes should be a last resort.
After the backup to restore has been selected, it is validated and its integrity is checked. If there are any problems, the restore_repository command prints error messages and prompts you for another selection. Once a valid backup is selected, the following information is printed, and you are prompted for final confirmation.
After confirmation, the following steps will be taken: svc.startd(1M) and svc.configd(1M) will be quiesced, if running. /etc/svc/repository.db -- renamed --> /etc/svc/repository.db_old_YYYYMMDD_HHMMSS /etc/svc/volatile/db_errors -- copied --> /etc/svc/repository.db_old_YYYYMMDD_HHMMSS_errors repository_to_restore -- copied --> /etc/svc/repository.db and the system will be rebooted with reboot(1M). Proceed [yes/no]?
Type yes to remedy the fault.
The system reboots after the restore_repository command executes all of the listed actions.
If problems with starting services occur, sometimes a system will hang during the boot. This procedure shows how to troubleshoot this problem.
Boot without starting any services.
This command instructs the svc.startd daemon to temporarily disable all services and start sulogin on the console.
ok boot -m milestone=none |
Log in to the system as root.
Enable all services.
# svcadm milestone all |
Determine where the boot process is hanging.
When the boot process hangs, determine which services are not running by running svcs -a. Look for error messages in the log files in /var/svc/log.
After fixing the problems, verify that all services have started.
Continue the normal booting process.
Local file systems that are not required to boot the Solaris OS are mounted by the svc:/system/filesystem/local:default service. When any of those file systems are unable to be mounted, the service enters a maintenance state. System startup continues, and any services which do not depend on filesystem/local are started. Services which require filesystem/local to be online before starting through dependencies are not started.
To change the configuration of the system so that a sulogin prompt appears immediately after the service fails instead of allowing system startup to continue, follow the procedure below.
Modify the system/console-login service.
# svccfg -s svc:/system/console-login svc:/system/console-login> addpg site,filesystem-local dependency svc:/system/console-login> setprop site,filesystem-local/entities = fmri: svc:/system/filesystem/local svc:/system/console-login> setprop site,filesystem-local/grouping = astring: require_all svc:/system/console-login> setprop site,filesystem-local/restart_on = astring: none svc:/system/console-login> setprop site,filesystem-local/type = astring: service svc:/system/console-login> end |
Refresh the service.
# svcadm refresh console-login |
Save the following commands into a script and save it as /etc/rcS.d/S01site-customfs.
#!/bin/sh # # This script adds a dependency from console-login -> filesystem/local # This forces the system to stop the boot process and drop to an sulogin prompt # if any file system in filesystem/local fails to mount. PATH=/usr/sbin:/usr/bin export PATH svccfg -s svc:/system/console-login << EOF addpg site,filesystem-local dependency setprop site,filesystem-local/entities = fmri: svc:/system/filesystem/local setprop site,filesystem-local/grouping = astring: require_all setprop site,filesystem-local/restart_on = astring: none setprop site,filesystem-local/type = astring: service EOF svcadm refresh svc:/system/console-login [ -f /etc/rcS.d/S01site-customfs ] && rm -f /etc/rcS.d/S01site-customfs |
When a failure occurs with the system/filesystem/local:default service, the svcs -vx command should be used to identify the failure. After the failure has been fixed, the following command clears the error state and allows the system boot to continue: svcadm clear filesystem/local.