Chapter 19 Managing Services (Tasks)

This chapter covers the tasks required to manage and monitor the Service Management Facility (SMF). In addition, information that is related to managing run level scripts is provided. The following topics are covered:

• Managing Services (Task Map)

• Monitoring SMF Services

• Managing SMF Services

• Configuring SMF Services

• Using Run Control Scripts

• Troubleshooting the Service Management Facility

Managing Services (Task Map)

The following task map describes the procedures that are needed to use SMF.

Monitoring SMF Services

The following tasks show how to monitor SMF services.

How to List the Status of a Service

This procedure can be used to show what services are running.

1. Run the svcs command.

   Running this command without any options displays a status report of the service specified by the FMRI.

   % svcs -l FMRI

Example 19–1 Showing the Status of the rlogin Service

This example shows the status of a service that includes many contracts.

% svcs -l network/login:rlogin
fmri         svc:/network/login:rlogin
enabled      true
state        online
next_state   none
restarter    svc:/network/inetd:/default
contract_id  42325 41441 40776 40348 40282 40197 39025 38381 38053\
 33697 28625 24652 23689 15352 9889 7194 6576 6360 5387 1475 3015\
 6545 6612 9302 9662 10484 16254 19850 22512 23394 25876 26113 27326\
 34284 37939 38405 38972 39200 40503 40579 41129 41194

Example 19–2 Showing the Status of the sendmail Service

This example shows the status of a service that includes dependencies.

% svcs -l network/smtp:sendmail
fmri         svc:/network/smtp:sendmail
enabled      true
state        online
next_state   none
restarter    svc:/system/svc/restarter:default
contract_id  29462 
dependency   require_all/refresh file://localhost/etc/nsswitch.conf (-)
dependency   require_all/refresh file://localhost/etc/mail/sendmail.cf (-)
dependency   optional_all/none svc:/system/system-log (online)
dependency   require_all/refresh svc:/system/identity:domain (online)
dependency   require_all/refresh svc:/milestone/name-services (online)
dependency   require_all/none svc:/network/service (online)
dependency   require_all/none svc:/system/filesystem/local (online)

Example 19–3 Showing the Status of all Services

The following command lists all services that are installed on the system as well as the status of each service. The command displays those services that are disabled as well as those that are enabled.

% svcs -a

Example 19–4 Showing the Status of Services Controlled by inetd

The following command lists services that are controlled by inetd. Each service's FMRI is listed, along with the run state and whether the service is enabled or disabled.

% inetadm

How to Show Which Services Are Dependent on a Service Instance

This procedure shows how to determine which service instances depend on the specified service.

1. Display the service dependents.

   % svcs -D FMRI

Example 19–5 Displaying the Service Instances That Are Dependent on the Multiuser Milestone

The following example shows how to determine which service instances are dependent on the multiuser milestone.

% svcs -D milestone/multi-user
STATE          STIME    FMRI
online         Apr_08   svc:/milestone/multi-user-server:default

How to Show Which Services a Service Is Dependent On

This procedure shows how to determine which services a specified service instance is dependent on.

1. Display the service dependencies.

   % svcs -d FMRI

Example 19–6 Displaying the Service Instances That the Multiuser Milestone Is Dependent On

The following example shows the services instances that the multiuser milestone is dependent on.

% svcs -d milestone/multi-user:default
STATE          STIME    FMRI
disabled       Aug_24   svc:/platform/sun4u/sf880drd:default
online         Aug_24   svc:/milestone/single-user:default
online         Aug_24   svc:/system/utmp:default
online         Aug_24   svc:/system/system-log:default
online         Aug_24   svc:/system/system-log:default
online         Aug_24   svc:/system/rmtmpfiles:default
online         Aug_24   svc:/network/rpc/bind:default
online         Aug_24   svc:/milestone/name-services:default
online         Aug_24   svc:/system/filesystem/local:default
online         Aug_24   svc:/system/mdmonitor:default

Managing SMF Services (Task Map)

Managing SMF Services

This section includes information on managing SMF services.

Using RBAC Rights Profiles With SMF

You can use RBAC rights profiles to allow users to manage some of the SMF services, without having to give the user root access. The rights profiles define what commands the user can run. For SMF, the following profiles have been created:

• Service Management: User can add, delete or modify services.

• Service Operator: User can request state changes of any service instance, such as restart and refresh.

For specific information about the authorizations, see the smf_security(5) man page. For instructions to assign a rights profile, see How to Change the RBAC Properties of a User in System Administration Guide: Security Services.

How to Disable a Service Instance

Use the following procedure to disable a service. The service status change is recorded in the service configuration repository. Once the service is disabled, the disabled state will persist across reboots. The only way to get the service running again is to enable it.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Check the dependents of the service you want to disable.

   If this service has dependents that you need, then you cannot disable this service.

   # svcs -D FMRI

3. Disable the service.

   # svcadm disable FMRI

Example 19–7 Disabling the rlogin Service

The output from the first command shows that the rlogin service has no dependents. The second command in this example disables the rlogin service. The third command shows that the state of the rlogin service instance is disabled.

# svcs -D network/login:rlogin
# svcadm disable network/login:rlogin
STATE          STIME    FMRI
# svcs network/login:rlogin
STATE          STIME    FMRI
disabled         11:17:24 svc:/network/login:rlogin

How to Enable a Service Instance

Use the following procedure to enable a service. The service status change is recorded in the service configuration repository. Once the service is enabled, the enabled state will persist across system reboots if the service dependencies are met.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Determine whether service dependencies are satisfied.

   If the service is enabled, then the service dependencies are satisfied. If not, use svcadm enable -r FMRI to recursively enable all dependencies.

   # svcs -l FMRI|grep enabled

3. Enable a service.

   # svcadm enable FMRI

Example 19–8 Enabling the rlogin Service

The second command in this example enables the rlogin service. The third command shows that the state of the rlogin service instance is online.

# svcs -l network/login:rlogin|grep enabled
enabled      false
# svcadm enable network/login:rlogin
# svcs network/login:rlogin
STATE          STIME    FMRI
online         12:09:16 svc:/network/login:rlogin

Example 19–9 Enabling a Service in Single-user Mode

The following command enables rpcbind. The -t option starts the service in temporary mode which does not change the service repository. The repository is not writable in single-user mode. The -r option recursively starts all the dependencies of the named service.

# svcadm enable -rt rpc/bind

How to Restart a Service

If a service is currently running but needs to be restarted due to a configuration change or some other reason, the service can be restarted without you having to type separate commands to stop and start the service. The only reason to specifically disable and then enable a service is if changes need to be made before the service is enabled, and after the service is disabled.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Restart a service.

   # svcadm restart FMRI

How to Restore a Service That Is in the Maintenance State

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Determine if any process that are dependent to the service have not stopped.

   Normally, when a service instance is in a maintenance state, all processes associated with that instance have stopped. However, you should make sure before you proceed. The following command lists all of the processes that are associated with a service instance as well as the PIDs for those processes.

   # svcs -p FMRI

3. (Optional) Kill any remaining processes.

   Repeat this step for all processes that are displayed by the svcs command.

   # pkill -9 PID

4. If necessary, repair the service configuration.

   Consult the appropriate service log files in /var/svc/log for a list of errors.

5. Restore the service.

   # svcadm clear FMRI

How to Revert to Another SMF Snapshot

If the service configuration is wrong, the problem can be fixed by reverting to the last snapshot that started successfully. In this procedure, a previous snapshot of the console-login service is used.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Run the svccfg command.

   # svccfg svc:>

   1. Select the service instance that you want to fix.

      ---

      Note –

      You must use an FMRI that fully defines the instance. No shortcuts are allowed.

      ---

      svc:> select system/console-login:default svc:/system/console-login:default>

   2. Generate a list of available snapshots.

      svc:/system/console-login:default> listsnap initial running start svc:/system/console-login:default>

   3. Select to revert to the start snapshot.

      The start snapshot is the last snapshot in which the service successfully started.

      svc:/system/console-login:default> revert start svc:/system/console-login:default>

   4. Quit svccfg.

      svc:/system/console-login:default> quit #

3. Update the information in the service configuration repository.

   This step updates the repository with the configuration information from the start snapshot.

   # svcadm refresh system/console-login

4. Restart the service instance.

   # svcadm restart system/console-login

How to Create an SMF Profile

A profile is an XML file which lists SMF services and whether each should be enabled or disabled. Profiles are used to enable or disable many services at once. Not all services need to be listed in a profile. Each profile only needs to include those services that need to be enabled or disabled to make the profile useful.

1. Create a profile.

   In this example, the svccfg command is used to create a profile which reflects which services are enabled or disabled on the current system. Alternately, you could make a copy of an existing profile to edit.

   # svccfg extract> profile.xml

   If you are using Oracle Solaris JumpStart, if you have large numbers of identical systems, or if you want to archive the system configuration for later restoration, you may want to use this procedure to create a unique version of a SMF profile.

2. Edit the profile.xml file to make any required changes.

   1. Change the name of the profile in the service_bundle declaration.

      In this example the name is changed to profile.

      # cat profile.xml ... <service_bundle type=`profile` name=`profile` xmIns::xi='http://www.w3.org/2003/XInclude' ...

   2. Remove any services that should not be managed by this profile.

      For each service, remove the three lines that describe the service. Each service description starts with <service and ends with </service. This example shows the lines for the LDAP client service.

      # cat profile.xml ... <service name='network/ldap/client' version='1' type='service'> <instance name='default' enabled='true'/> </service>

   3. Add any services that should be managed by this profile.

      Each service needs to be defined using the three line syntax shown above.

   4. If necessary, change the enabled flag for selected services.

      In this example, the sendmail service is disabled.

      # cat profile.xml ... <service name='network/smtp' version='1' type='service'> <instance name='sendmail' enabled='false'/> </service> ...

3. When necessary, apply the new profile.

   See How to Apply an SMF Profile for instructions.

How to Apply an SMF Profile

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Apply an profile.

   In this example, the profile.xml profile is used.

   # svccfg apply profile.xml

   ---

   Note –

   For specific instructions for switching between the generic_limited_net.xml and generic_open.xml and the properties that need to be applied when making this switch, please see Changing Services Offered to the Network with generic*.xml

   ---

Changing Services Offered to the Network with generic*.xml

The netservices command switches system services between minimal network exposure and the traditional network exposure (as in previous Solaris releases). The switch is done with the generic_limited.xml and generic_open.xml profiles. In addition, some services properties are changed by the command to limit some services to a local-only mode or to the traditional mode, as appropriate.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Run the netservices command.

   In this example, the open or traditional network exposure is selected.

   # /usr/sbin/netservices open

Example 19–10 Limiting Network Service Exposure

This command changes properties to run some services in local mode, as well as restricts which services are enabled with the generic_limited_net profile. The command should only be used if the generic_open.xml profile had been applied.

# /usr/sbin/netservices limited

Configuring SMF Services

How to Modify a Service

The following procedure shows how to change the configuration of a service that is not managed by the inetd service.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Make changes to the configuration files, as needed.

   Many of the services have one or more configuration files that are used to define the startup or other configuration information. These files can be changed while the service is running. The contents of the files is only checked when the service is started.

3. Restart the service.

   # svcadm restart FMRI

Example 19–11 Sharing an NFS File System

To share a file system using the NFS service, you must define the file system in the /etc/dfs/dfstab file and then restart the NFS service. This example shows you what the dfstab file could look like, as well as how to restart the service.

# cat /etc/dfs/dfstab
 .
 .
share -F nfs -o rw /export/home
# svcadm restart svc:/network/nfs/server

How to Change an Environment Variable for a Service

This procedure shows how to modify cron environment variables to help with debugging.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Verify that the service is running.

   # svcs system/cron STATE STIME FMRI online Dec_04 svc:/system/cron:default

3. Set environment variables.

   In this example the UMEM_DEBUG and LD_PRELOAD environment variables are set. For information about the setenv subcommand refer to the svccfg(1M) man page.

   # svccfg -s system/cron:default setenv UMEM_DEBUG default # svccfg -s system/cron:default setenv LD_PRELOAD libumem.so

4. Refresh and restart the service.

   # svcadm refresh system/cron # svcadm restart system/cron

5. Verify that the change has been made.

   # pargs -e `pgrep -f /usr/sbin/cron` 100657: /usr/sbin/cron envp[0]: LOGNAME=root envp[1]: LD_PRELOAD=libumem.so envp[2]: PATH=/usr/sbin:/usr/bin envp[3]: SMF_FMRI=svc:/system/cron:default envp[4]: SMF_METHOD=/lib/svc/method/svc-cron envp[5]: SMF_RESTARTER=svc:/system/svc/restarter:default envp[6]: TZ=GB envp[7]: UMEM_DEBUG=default #

How to Change a Property for an inetd Controlled Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. List the properties for the specific service.

   This command displays all of the properties for the service identified by the FMRI.

   # inetadm -l FMRI

3. Change the property for the service.

   Each property for an inetd controlled service is defined by a property name and an assigned value. Supplying the property name without a specified value resets the property to the default value. Specific information about the properties for a service should be covered in the man page associated with the service.

   # inetadm -m FMRI property-name=value

4. Verify that the property has changed.

   List the properties again to make sure that the appropriate change has occurred.

   # inetadm -l FMRI

5. Confirm that the change has taken effect.

   Confirm the property change that the change has the desired effect.

Example 19–12 Changing the tcp_trace Property for telnet

The following example shows how to set the tcp_trace property for telnet to true. Checking the syslog output after running a telnet command shows that the change has taken effect.

# inetadm -l svc:/network/telnet:default
SCOPE    NAME=VALUE
         name="telnet"
 .
 .
default  inherit_env=TRUE
default  tcp_trace=FALSE
default  tcp_wrappers=FALSE
# inetadm -m svc:/network/telnet:default tcp_trace=TRUE
# inetadm -l svc:/network/telnet:default
SCOPE    NAME=VALUE
         name="telnet"
 .
 .
default  inherit_env=TRUE
         tcp_trace=TRUE
default  tcp_wrappers=FALSE
# telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
login: root
Password: 
Last login: Mon Jun 21 05:55:45 on console
Sun Microsystems Inc.   SunOS 5.10      s10_57  May 2004
# ^D
Connection to localhost closed by foreign host.
# tail -1 /var/adm/messages
Jun 21 06:04:57 yellow-19 inetd[100308]: [ID 317013 daemon.notice] telnet[100625]
    from 127.0.0.1 32802

How to Modify a Command-Line Argument for an inetd Controlled Service

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. List the exec property for the specific service.

   This command displays all the properties for the service identified by the FMRI. Adding the grep command restricts the output to the exec property for the service.

   # inetadm -l FMRI|grep exec

3. Change the exec property for the service.

   The command-syntax set with the exec property defines the command string that is run when the service is started.

   # inetadm -m FMRI exec="command-syntax "

4. Verify that the property has changed.

   List the properties again to make sure that the appropriate change has occurred.

   # inetadm -l FMRI

Example 19–13 Adding the Connection Logging (-l) Option to the ftp Command

In this example, the -l option is added to the ftp daemon when it is started. The effect of this change can be seen by reviewing the syslog output after a ftp login session has been completed.

# inetadm -l svc:/network/ftp:default | grep exec
        exec="/usr/sbin/in.ftpd -a"
# inetadm -m svc:/network/ftp:default exec="/usr/sbin/in.ftpd -a -l"
# inetadm -l svc:/network/ftp:default
SCOPE    NAME=VALUE
         name="ftp"
         endpoint_type="stream"
         proto="tcp6"
         isrpc=FALSE
         wait=FALSE
         exec="/usr/sbin/in.ftpd -a -l"
 .
 .
# ftp localhost
Connected to localhost.
220 yellow-19 FTP server ready.
Name (localhost:root): mylogin
331 Password required for mylogin.
Password:
230 User mylogin logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 236 bytes in 0 transfers.
221-Thank you for using the FTP service on yellow-19.
221 Goodbye.
# tail -2 /var/adm/messages
Jun 21 06:54:33 yellow-19 ftpd[100773]: [ID 124999 daemon.info] FTP LOGIN FROM localhost 
     [127.0.0.1], mylogin
Jun 21 06:54:38 yellow-19 ftpd[100773]: [ID 528697 daemon.info] FTP session closed

How to Convert inetd.conf Entries

The following procedure converts inetd.conf entries into SMF service manifests. This procedure needs to be run any time a third-party application that depends on inetd is added to a system. Also run this procedure, if you need to make configuration changes to the entry in /etc/inetd.conf.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Convert the inetd.conf entries.

   The inetconv command converts each entry in the selected file into service manifests.

   # inetconv -i filename

Example 19–14 Converting /etc/inet/inetd.conf Entries into SMF Service Manifests

# inetconv -i /etc/inet/inetd.conf

Using Run Control Scripts (Task Map)

Using Run Control Scripts

How to Use a Run Control Script to Stop or Start a Legacy Service

One advantage of having individual scripts for each run level is that you can run scripts in the /etc/init.d directory individually to stop system services without changing a system's run level.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Stop the system service.

   # /etc/init.d/filename stop

3. Restart the system service.

   # /etc/init.d/filename start

4. Verify that the service has been stopped or started.

   # pgrep -f service

Example 19–15 Using a Run Control Script to Stop or Start a Service

For example, you can stop the NFS server daemons by typing the following:

# /etc/init.d/nfs.server stop
# pgrep -f nfs

Then, you can restart the NFS server daemons by typing the following:

# /etc/init.d/nfs.server start
# pgrep -f nfs
101773
101750
102053
101748
101793
102114
# pgrep -f nfs -d, | xargs ps -fp
     UID    PID   PPID   C    STIME TTY         TIME CMD
  daemon 101748      1   0   Sep 01 ?           0:06 /usr/lib/nfs/nfsmapid
  daemon 101750      1   0   Sep 01 ?          26:27 /usr/lib/nfs/lockd
  daemon 101773      1   0   Sep 01 ?           5:27 /usr/lib/nfs/statd
    root 101793      1   0   Sep 01 ?          19:42 /usr/lib/nfs/mountd
  daemon 102053      1   0   Sep 01 ?        2270:37 /usr/lib/nfs/nfsd
  daemon 102114      1   0   Sep 01 ?           0:35 /usr/lib/nfs/nfs4cbd

How to Add a Run Control Script

If you want to add a run control script to start and stop a service, copy the script into the /etc/init.d directory. Then, create links in the rcn .d directory where you want the service to start and stop.

See the README file in each /etc/rc n.d directory for more information on naming run control scripts. The following procedure describes how to add a run control script.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Add the script to the /etc/init.d directory.

   # cp filename/etc/init.d # chmod 0744 /etc/init.d/filename # chown root:sys /etc/init.d/filename

3. Create links to the appropriate rc n.d directory.

   # cd /etc/init.d # ln filename /etc/rc2.d/Snnfilename # ln filename /etc/rcn.d/Knnfilename

4. Verify that the script has links in the specified directories.

   # ls /etc/init.d/*filename /etc/rc2.d/*filename /etc/rcn.d/*filename

Example 19–16 Adding a Run Control Script

The following example shows how to add a run control script for the xyz service.

# cp xyz /etc/init.d
# chmod 0744 /etc/init.d/xyz
# chown root:sys /etc/init.d/xyz
# cd /etc/init.d
# ln xyz /etc/rc2.d/S99xyz
# ln xyz /etc/rc0.d/K99xyz
# ls /etc/init.d/*xyz /etc/rc2.d/*xyz /etc/rc0.d/*xyz

How to Disable a Run Control Script

You can disable a run control script by renaming it with an underscore (_) at the beginning of the file name. Files that begin with an underscore or dot are not executed. If you copy a file by adding a suffix to it, both files will be run.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Rename the script by adding an underscore (_) to the beginning of the new file.

   # cd /etc/rcn.d # mv filename_filename

3. Verify that the script has been renamed.

   # ls _* _filename

Example 19–17 Disabling a Run Control Script

The following example shows how to rename the S99datainit script.

# cd /etc/rc2.d
# mv S99datainit _S99datainit
# ls _*
_S99datainit

Troubleshooting the Service Management Facility

Debugging a Service That Is Not Starting

In this procedure, the print service is disabled.

1. Become superuser or assume an equivalent role.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Request information about the hung service.

   # svcs -xv svc:/application/print/server:default (LP Print Service) State: disabled since Wed 13 Oct 2004 02:20:37 PM PDT Reason: Disabled by an administrator. See: http://sun.com/msg/SMF-8000-05 See: man -M /usr/share/man -s 1M lpsched Impact: 2 services are not running: svc:/application/print/rfc1179:default svc:/application/print/ipp-listener:default

   The -x option provides additional information about the service instances that are impacted.

3. Enable the service.

   # svcadm enable application/print/server

How to Repair a Corrupt Repository

This procedure shows how to replace a corrupt repository with a default copy of the repository. When the repository daemon, svc.configd, is started, it does an integrity check of the configuration repository. This repository is stored in /etc/svc/repository.db. The repository can become corrupted due to one of the following reasons:

• Disk failure

• Hardware bug

• Software bug

• Accidental overwrite of the file

If the integrity check fails, the svc.configd daemon writes a message to the console similar to the following:

svc.configd: smf(5) database integrity check of:

    /etc/svc/repository.db

  failed.  The database might be damaged or a media error might have
  prevented it from being verified.  Additional information useful to
  your service provider is in:

    /etc/svc/volatile/db_errors

  The system will not be able to boot until you have restored a working
  database.  svc.startd(1M) will provide a sulogin(1M) prompt for recovery
  purposes.  The command:

    /lib/svc/bin/restore_repository

  can be run to restore a backup version of your repository. See
  http://sun.com/msg/SMF-8000-MY for more information.

The svc.startd daemon then exits and starts sulogin to enable you to perform maintenance.

1. Enter the root password at the sulogin prompt. sulogin enables the root user to enter system maintenance mode to repair the system.

2. Run the following command:

   # /lib/svc/bin/restore_repository

   Running this command takes you through the necessary steps to restore a non-corrupt backup. SMF automatically takes backups of the repository at key system moments. For more information see SMF Repository Backups.

   When started, the /lib/svc/bin/restore_repository command displays a message similar to the following:

   Repository Restore utility See http://sun.com/msg/SMF-8000-MY for more information on the use of this script to restore backup copies of the smf(5) repository. If there are any problems which need human intervention, this script will give instructions and then exit back to your shell. Note that upon full completion of this script, the system will be rebooted using reboot(1M), which will interrupt any active services.

   If the system that you are recovering is not a local zone, the script explains how to remount the / and /usr file systems with read and write permissions to recover the databases. The script exits after printing these instructions. Follow the instructions, paying special attention to any errors that might occur.

   After the root ( /) file system is mounted with write permissions, or if the system is a local zone, you are prompted to select the repository backup to restore:

   The following backups of /etc/svc/repository.db exists, from oldest to newest: ... list of backups ...

   Backups are given names, based on type and the time the backup was taken. Backups beginning with boot are completed before the first change is made to the repository after system boot. Backups beginning with manifest_import are completed after svc:/system/manifest-import:default finishes its process. The time of the backup is given in YYYYMMDD_HHMMSS format.

3. Enter the appropriate response.

   Typically, the most recent backup option is selected.

   Please enter one of:
           1) boot, for the most recent post-boot backup
           2) manifest_import, for the most recent manifest_import backup.
           3) a specific backup repository from the above list
           4) -seed-, the initial starting repository. (All customizations
              will be lost.)
           5) -quit-, to cancel.
   
   Enter response [boot]:

   If you press Enter without specifying a backup to restore, the default response, enclosed in [] is selected. Selecting -quit- exits the restore_repository script, returning you to your shell prompt.

   ---

   Note –

   Selecting -seed- restores the seed repository. This repository is designed for use during initial installation and upgrades. Using the seed repository for recovery purposes should be a last resort.

   ---

   After the backup to restore has been selected, it is validated and its integrity is checked. If there are any problems, the restore_repository command prints error messages and prompts you for another selection. Once a valid backup is selected, the following information is printed, and you are prompted for final confirmation.

   After confirmation, the following steps will be taken:
   
   svc.startd(1M) and svc.configd(1M) will be quiesced, if running.
   /etc/svc/repository.db
       -- renamed --> /etc/svc/repository.db_old_YYYYMMDD_HHMMSS
   /etc/svc/volatile/db_errors
       -- copied --> /etc/svc/repository.db_old_YYYYMMDD_HHMMSS_errors
   repository_to_restore
       -- copied --> /etc/svc/repository.db
   and the system will be rebooted with reboot(1M).
   
   Proceed [yes/no]?

4. Type yes to remedy the fault.

   The system reboots after the restore_repository command executes all of the listed actions.

How to Boot Without Starting Any Services

If problems with starting services occur, sometimes a system will hang during the boot. This procedure shows how to troubleshoot this problem.

1. Boot without starting any services.

   This command instructs the svc.startd daemon to temporarily disable all services and start sulogin on the console.

   ok boot -m milestone=none

2. Log in to the system as root.

3. Enable all services.

   # svcadm milestone all

4. Determine where the boot process is hanging.

   When the boot process hangs, determine which services are not running by running svcs -a. Look for error messages in the log files in /var/svc/log.

5. After fixing the problems, verify that all services have started.

   1. Verify that all needed services are online.

      # svcs -x

   2. Verify that the console-login service dependencies are satisfied.

      This command verifies that the login process on the console will run.

      # svcs -l system/console-login:default

6. Continue the normal booting process.

How to Force a sulogin Prompt If the system/filesystem/local:default Service Fails During Boot

Local file systems that are not required to boot the Solaris OS are mounted by the svc:/system/filesystem/local:default service. When any of those file systems are unable to be mounted, the service enters a maintenance state. System startup continues, and any services which do not depend on filesystem/local are started. Services which require filesystem/local to be online before starting through dependencies are not started.

To change the configuration of the system so that a sulogin prompt appears immediately after the service fails instead of allowing system startup to continue, follow the procedure below.

1. Modify the system/console-login service.

   # svccfg -s svc:/system/console-login svc:/system/console-login> addpg site,filesystem-local dependency svc:/system/console-login> setprop site,filesystem-local/entities = fmri: svc:/system/filesystem/local svc:/system/console-login> setprop site,filesystem-local/grouping = astring: require_all svc:/system/console-login> setprop site,filesystem-local/restart_on = astring: none svc:/system/console-login> setprop site,filesystem-local/type = astring: service svc:/system/console-login> end

2. Refresh the service.

   # svcadm refresh console-login

Example 19–18 Forcing an sulogin Prompt Using Oracle Solaris JumpStart

Save the following commands into a script and save it as /etc/rcS.d/S01site-customfs.

#!/bin/sh
#
# This script adds a dependency from console-login -> filesystem/local
# This forces the system to stop the boot process and drop to an sulogin prompt
# if any file system in filesystem/local fails to mount.

PATH=/usr/sbin:/usr/bin
export PATH

	svccfg -s svc:/system/console-login << EOF
addpg site,filesystem-local dependency
setprop site,filesystem-local/entities = fmri: svc:/system/filesystem/local
setprop site,filesystem-local/grouping = astring: require_all
setprop site,filesystem-local/restart_on = astring: none
setprop site,filesystem-local/type = astring: service
EOF

svcadm refresh svc:/system/console-login

[ -f /etc/rcS.d/S01site-customfs ] &&
    rm -f /etc/rcS.d/S01site-customfs

Troubleshooting

When a failure occurs with the system/filesystem/local:default service, the svcs -vx command should be used to identify the failure. After the failure has been fixed, the following command clears the error state and allows the system boot to continue: svcadm clear filesystem/local.