You can specify configuration of any system characteristic that is configurable by using SMF properties. For example, the system configuration profile can configure a root account, an initial user, keyboard layout, terminal type, an IPv4 network interface (static or DHCP) and default route, an IPv6 network interface (static or addrconf) and default route, and name service (name server list, search list, domain). If you specify a service or property that does not apply, that specification is ignored. Do not specify any particular property more than one time.
If you are not sure which SMF properties you need to specify, you can use the describe subcommand of the svccfg command to display a description of the property groups and properties of a service, including possible settings. See “Property Inspection and Modification Subcommands” on the svccfg(1M) man page.
svccfg -s FMRI describe [-v] [-t] [property-group/property]
A property group or specific property can be queried by specifying either the property group name, or the property group name and property name separated by a slash (/), as an argument.
The –v option gives all information available, including descriptions for current settings, constraints, and other possible setting choices.
The –t option shows only the template data for the selection (see the smf_template(5) man page), and does not display the current settings for property groups and properties.
$ svccfg -s name-service/switch describe config config application Name service switch configuration data as described in nsswitch.conf(5). config/value_authorization astring solaris.smf.value.name-service.switch config/default astring files Default configuration database entry. config/host astring "files dns mdns" Override configuration for host database lookups. (both IPv4 and IPv6 hosts) config/printer astring "user files" Override configuration for printer database lookups. $ svccfg -s name-service/switch describe -v config config application name: config type: application required: true target: this description: Name service switch configuration data as described in nsswitch.conf(5). config/value_authorization astring solaris.smf.value.name-service.switch config/default astring files type: astring required: true Default configuration database entry. visibility: readwrite minimum number of values: 1 maximum number of values: 1 value: files ... $ svccfg -s name-service/switch describe -t config name: config type: application Name service switch configuration data as described in nsswitch.conf(5). name: default type: astring Default configuration database entry. name: host type: astring Override configuration for host database lookups. (both IPv4 and IPv6 hosts) name: password type: astring Override configuration for passwd database lookups. Also used with the shadow and user_attr databases. name: group type: astring Override configuration for group database lookups. name: network type: astring Override configuration for network database lookups. ... $ svccfg -s system/config-user describe root_account root_account application root_account/expire astring root_account/password astring root_account/read_authorization astring solaris.smf.read.system-config root_account/stability astring Evolving root_account/type astring
Enter the following sysconfig create-profile command with the users grouping to generate a valid profile that configures the root user and initial user.
# sysconfig create-profile -g users [-o directory]
The svc:/system/config-user SMF service configures user and root accounts. This service recognizes two property groups:
The root_account property group includes SMF properties that configure the root account.
The user_account property group includes SMF properties that configure user accounts.
The root_account property group contains the properties listed in the following table.
|
<service name="system/config-user" version="1" type="service"> <instance name="default" enabled="true"> <property_group name="root_account" type="application"> <propval name="password" value="encrypted_password"/> <propval name="type" value="normal"/> <propval name="expire" value="0"/> </property_group> </instance> </service>
This section includes the following information:
Creating a User Account Without Depending on the Automounter
By default, when initial user accounts are created, the home directories are managed by the automounter and accessed under /home/login directories. To create initial user accounts without depending on the automounter, set the user_account/autohome property to the empty string ("") in the system configuration profile.
Setting the user_account/autohome property to the empty string has the following effects:
The home directory entry in the /etc/passwd file is set to the mount point of the home ZFS dataset, not to /home/login. The default mount point of the home ZFS dataset is /export/home/login.
No mapping entry is added to the /etc/auto_home file.
The user_account property group contains the properties listed in the following table.
|
In this example, the password is set to NP so that the account can only be accessed using the su command as a privileged user or the ssh command with key-based authentication.
<service name="system/config-user" version="1" type="service"> <instance name="default" enabled="true"> <property_group name="user_account"> <propval name="login" value="jack"/> <propval name="password" value="NP"/> <propval name="description" value="default_user"/> <propval name="shell" value="/usr/bin/bash"/> <propval name="gid" value="10"/> <propval name="uid" value="1001"/> <propval name="type" value="normal"/> <propval name="roles" value="root"/> <propval name="profiles" value="System Administrator"/> </property_group> </instance> </service>
To configure multiple users on the newly-installed system, specify the users by using the useradd command in a script. Then use a run-once SMF service to run the script at first boot. See Running a Custom Script During First Boot for instructions.
The ssh_public_keys property group holds pre-generated ssh keys. The keys will be written to the users $HOME/ .ssh/authorized_keys file when the system is configured.
Example 67 Configuring SSH Keys<property_group name="user_account" type="application"> <...> <property type="astring" name="ssh_public_keys"> <astring_list> <value_node value='[<options>] <key-type> <base64-encoding-key> [<comment>] />' <value_node value='[<options>] <key-type> <base64-encoding-key> [<comment>] />' </astring_list> </property> </property_group>
Use the sysconfig create-profile command with the identity grouping to generate a valid profile that configures the system node name.
# sysconfig create-profile -g identity [-o directory]
The svc:/system/identity:node SMF service sets the system host name. The node is the instance of svc:/system/identity.
The identity property group contains the properties listed in the following table.
|
This example sets the system host name to solaris.
<service name="system/identity" version="1" type="service"> <instance name="node" enabled="true"> <property_group name="config" type="application"> <propval name="nodename" value="solaris"/> </property_group> </instance> </service>Example 69 Disabling Node Name Mapping
When you install the Oracle Solaris 11 OS or an Oracle Solaris 11 update release, by default the system node name is mapped to the loopback or to the IP address of the interface configured as part of installation. You can disable this default mapping by setting the enable_mapping property to false, as shown in the following example.
<service name="system/identity" version="1" type="service"> <instance name="node" enabled="true"> <property_group name="config" type="application"> <propval name="nodename" value="solaris"/> <propval name="enable_mapping" value="false"/> </property_group> </instance> </service>
Use the sysconfig create-profile command with the location grouping to generate a valid profile that configures the time zone and locale.
# sysconfig create-profile -g location [-o directory]
The svc:/system/timezone SMF service sets the time zone for the system.
The timezone property group contains the properties listed in the following table.
|
This example sets the time zone to Central European Time/Prague, CZ.
<service name='system/timezone' version='1'> <instance name='default' enabled='true'> <property_group name='timezone'> <propval name='localtime' value='Europe/Prague'/> </property_group> </instance> </service>
The svc:/system/environment:init SMF service sets the locale for the system.
The environment property group can define the following environment variables. See the environ(5) man page for information about environment variables.
|
This example sets the locale to Czech language (cs) and Czech Republic (CZ).
<service name='system/environment' version='1'> <instance name='init' enabled='true'> <property_group name='environment'> <propval name='LC_ALL' value='cs_CZ.UTF-8'/> </property_group> </instance> </service>
The following examples show how to set the terminal type and keyboard layout for the console in a system configuration profile.
Example 72 Configuring Terminal TypeThe svc:/system/console-login SMF service configures the terminal type. See the ttymon(1M) man page for definition of related SMF properties.
This example sets the terminal type to vt100.
<service name="system/console-login" version="1" type="service"> <instance name="default" enabled="true"> <property_group name="ttymon" type="application"> <propval name="terminal_type" value="vt100"/> </property_group> </instance> </service>Example 73 Configuring Keyboard Layout
Use the sysconfig create-profile command with the keyboard grouping to generate a valid profile that configures the keyboard layout.
# sysconfig create-profile -g keyboard [-o directory]
The svc:/system/keymap SMF service configures the keyboard layout. See the kbd(1) man page for definition of related SMF properties.
This example sets the keyboard layout to Czech.
<service name='system/keymap' version='1' type='service'> <instance name='default' enabled='true'> <property_group name='keymap' type='system'> <propval name='layout' value='Czech'/> </property_group> </instance> </service>
Use the sysconfig create-profile command with the network grouping to generate a valid profile that configures the network. This command will start the SCI Tool, which will prompt you for the information needed to configure an interface.
# sysconfig create-profile -g network [-o directory]
The svc:/network/install SMF service configures an initial physical network interface. This service is initially disabled with property values that do not result in any system configuration.
To configure multiple network interfaces, specify the configuration in a script, and use a run-once SMF service to run the script at first boot. See Running a Custom Script During First Boot for instructions and a sample script.
The svc:/network/install service supports multiple IPv4 and IPv6 interfaces and, optionally, a default route reachable by these interfaces. The service allows you to configure IPv4 and IPv6 interfaces. The service uses its properties and the ipadm command to configure the network interfaces. Similarly, the service uses its properties and the route command to define a default route.
See the examples in Specifying Static Network Configuration.
The install_ipv4_interface property group only allows one interface to be configured, but the ipv4_interface property group allows for multiple interfaces to be configured. Both IPv4 property groups contain the properties listed in the following table.
|
The install_ipv6_interface property group only allows one interface to be configured, but the ipv6_interface property group allows for multiple interfaces to be configured. The property groups for an IPv6 interface contains the properties listed in the following table.
|
Use the sysconfig create-profile command with the naming_services grouping to generate a valid profile that configures DNS, NIS, and LDAP clients and the name service switch.
# sysconfig create-profile -g naming_services [-o directory]
The naming_services grouping includes two SMF services.
The svc:/system/name-service/switch service manages the naming service.
The svc:/network/dns/client service manages the DNS service.
The svc:/system/name-service/switch SMF service configures the name service switch. This service is initially disabled with property values that do not result in any system configuration. See the examples in Specifying Name Service Configuration. The config property group of the svc:/system/name-service/switch service includes the properties listed in the following table. For a complete listing of all of the properties see the nsswitch.conf(4) man page.
|
The svc:/network/dns/client service supports the configuration of a DNS client. The service defines one property group: config. The service uses its properties to construct a configuration information for the DNS service. See the examples in Specifying Name Service Configuration.
The config property group contains the properties listed in the following table.
|
A system configuration profile that includes Kerberos configuration information for an AI client should be created by the kclient command. Although the profile can be viewed, editing the file by hand is not suggested. For more information, see How to Configure Kerberos Clients Using AI.
Oracle Configuration Manager enables you to log your system configurations with My Oracle Support, and Oracle Auto Service Request can automatically generate service requests for specific hardware faults.
Use the sysconfig create-profile command with the support grouping to generate a valid profile that configures Oracle Configuration Manager and Oracle Auto Service Request.
# sysconfig create-profile -g support [-o directory]
The output profile sets up the first phase of registration, which is the same for all AI clients that match the following criteria:
The systems use the same My Oracle Support credentials to register. All AI clients hat use this profile register with My Oracle Support in the same way. The data from all of these AI clients will be associated with the same My Oracle Support account.
The systems access My Oracle Support through the same network configuration. All AI client that use this profile access My Oracle Support through the same proxy servers and aggregation hubs, for example.
If you need to create additional profiles for different groups of AI client, you should rerun the sysconfig create-profile command, rather than copy and edit an existing profile. If your proxy server has a user name and password, then you must rerun sysconfig create-profile since the passwords are encrypted.