Specifying Configuration in a System Configuration Profile

You can specify configuration of anything that is configurable via smf(5) properties. For example, the system configuration profile can configure a root account, an initial user, keyboard layout, terminal type, an IPv4 network interface (static or DHCP) and default route, an IPv6 network interface (static or addrconf) and default route, and DNS (name server list, search list, domain). If you specify a service or property that does not apply, that specification is ignored. Do not specify any particular property more than one time.

If you are not sure what SMF properties you need to specify, you can use the describe subcommand of the svccfg command to display a description of the property groups and properties of a service, including possible settings. See “Property Inspection and Modification Subcommands” on the svccfg(1M) man page.

svccfg -s FMRI describe [-v] [-t] [propertygroup/property]

A property group or specific property can be queried by specifying either the property group name, or the property group name and property name, separated by a slash (/), as an argument.

The -v option gives all information available, including descriptions for current settings, constraints, and other possible setting choices.

The -t option shows only the template data for the selection (see smf_template(5)), and does not display the current settings for property groups and properties.

$ svccfg -s name-service/switch describe config
config application
Name service switch configuration data as described in nsswitch.conf(4).
config/value_authorization astring solaris.smf.value.name-service.switch
config/default astring files
Default configuration database entry.
config/host astring "files dns mdns"
Override configuration for host database lookups. (both IPv4 and IPv6 hosts)
config/printer astring "user files"
Override configuration for printer database lookups.
$ svccfg -s name-service/switch describe -v config
config application
name: config
type: application
required: true
target: this
description: Name service switch configuration data as described in nsswitch.conf(4).
config/value_authorization astring solaris.smf.value.name-service.switch
config/default astring files
type: astring
required: true
Default configuration database entry.
visibility: readwrite
minimum number of values: 1
maximum number of values: 1
value: files
...
$ svccfg -s name-service/switch describe -t config
name: config
type: application
Name service switch configuration data as described in nsswitch.conf(4).
name: default
type: astring
Default configuration database entry.
name: host
type: astring
Override configuration for host database lookups. (both IPv4 and IPv6 hosts)
name: password
type: astring
Override configuration for passwd database lookups. Also used with the shadow and user_attr databases.
name: group
type: astring
Override configuration for group database lookups.
name: network
type: astring
Override configuration for network database lookups.
...
$ svccfg -s system/config-user describe root_account
root_account application
root_account/expire astring
root_account/password astring
root_account/read_authorization astring solaris.smf.read.system-config
root_account/stability astring Evolving
root_account/type astring

Root and User Accounts

Use the sysconfig create-profile command with the users grouping to generate a valid profile that configures the root user and initial user.

# sysconfig create-profile -g users -o sc_users.xml

The svc:/system/config-user SMF service configures user and root accounts. This service recognizes two property groups:

The root_account property group includes SMF properties that configure the root account.
The user_account property group includes SMF properties that configure user accounts.

Tip - One method of generating encrypted passwords for the Oracle Solaris OS is to create a user of the intended name and password, copy the password from the /etc/shadow file between the first and second colons of the user's record, and add that information into the password values in the manifest.

Configuring the Root Account

The root_account property group contains the following properties.

Table 11-1 root_account Property Group Properties

Property	Type	Required	Description
`password`	`astring`	yes	Encrypted root password. If you do not provide a root password, the root password is empty.
`type`	`astring`	no	Account type: `normal` or `role`. The default is `normal`.
`expire`	`string`	no	Expiration date for login. If set to 0 (zero), the user will be forced to change the root password at the next login.

Example 11-1 Configuring the Root Account Only With Password Expired

<service name="system/config-user" version="1" type="service">
    <instance name="default" enabled="true">
        <property_group name="root_account" type="application">
            <propval name="password" value="encrypted_password"/>
            <propval name="type" value="normal"/>
            <propval name="expire" value="0"/>
        </property_group>
    </instance>
</service>

Configuring a User Account

The user_account property group contains the following properties.

Table 11-2 user_account Property Group Properties

Property	Type	Required	Description
`login`	`astring`	`yes`	User's login.
`password`	`astring`	`yes`	Encrypted user password.
`description`	`astring`	`no`	Usually the user's full name.
`shell`	`astring`	`no`	Full path name of the program used as the user's shell on login.
`uid`	`count`	`no`	UID of the new user. The default UID is 101.
`gid`	`count`	`no`	User's primary group membership. The default GID is 10.
`type`	`astring`	`no`	Account type: `normal` or `role`. The default is `normal`.
`profiles`	`astring`	`no`	One or more comma-separated execution profiles defined in `prof_attr`(4).
`roles`	`astring`	`no`	One or more comma-separated roles defined in `user_attr`(4).
`sudoers`	`astring`	`no`	Entry added to the `sudoers`(4) file along with the `login`.
`expire`	`astring`	`no`	Expiration date for the login. If set to 0 (zero), the user will be forced to change the password at the next login.
`home_zfs_dataset`	`astring`	`no`	User's home directory ZFS dataset. The default is `root_pool/export/home/login`.
`home_mountpoint`	`astring`	`no`	User's home directory mount point. The default is `/export/home/login`

System Identity

Use the sysconfig create-profile command with the identity grouping to generate a valid profile that configures the system node name.

# sysconfig create-profile -g identity -o sc_identity.xml

The svc:/system/identity:node SMF service sets the system host name. The node is the instance of svc:/system/identity.

The identity property group contains the following properties.

Table 11-3 identity Property Group Properties

Property	Type	Required	Description
`nodename`	`astring`	no	System host name. The default is `unknown`.

Example 11-2 Configuring the Host Name

This example sets the system host name to solaris.

<service name="system/identity" version="1" type="service">
    <instance name="node" enabled="true">
        <property_group name="config" type="application">
            <propval name="nodename" value="solaris"/>
        </property_group>
    </instance>
</service>

Time Zone and Locale

Use the sysconfig create-profile command with the location grouping to generate a valid profile that configures the time zone and locale.

# sysconfig create-profile -g location -o sc_location.xml

The svc:/system/timezone SMF service sets the time zone for the system.

The timezone property group contains the following properties.

Table 11-4 timezone Property Group Properties

Property	Type	Required	Description
`localtime`	`astring`	no	System time zone. The default is `UTC`.

Example 11-3 Configuring the Time Zone

This example sets the time zone to Central European Time/Prague, CZ.

<service name='system/timezone' version='1'>
  <instance name='default' enabled='true'>
    <property_group name='timezone'>
      <propval name='localtime' value='Europe/Prague'/>
    </property_group>
  </instance>
</service>

The svc:/system/environment:init SMF service sets the locale for the system.

The environment property group can define following environment variables. See the environ(5) man page for information about environment variables.

Table 11-5 environment Property Group Properties

Environment Variable	Type	Required	Default Value
`LC_CTYPE`	`astring`	no	`C`
`LC_NUMERIC`	`astring`	no	`C`
`LC_TIME`	`astring`	no	`C`
`LC_COLLATE`	`astring`	no	`C`
`LC_MONETARY`	`astring`	no	`C`
`LC_MESSAGES`	`astring`	no	`C`
`LC_ALL`	`astring`	no	`C`
`LANG`	`astring`	no	`C`

Example 11-4 Configuring the Locale

This example sets the locale to Czech language (cs) and Czech Republic (CZ).

<service name='system/environment' version='1'>
  <instance name='init' enabled='true'>
    <property_group name='environment'>
      <propval name='LC_ALL' value='cs_CZ.UTF-8'/>
    </property_group>
  </instance>
</service>

Terminal Type and Keyboard Layout

Example 11-5 Configuring Terminal Type

The svc:/system/console-login SMF service configures terminal type. See the ttymon(1M) man page for definition of related SMF properties.

This example sets the terminal type to vt100.

<service name="system/console-login" version="1" type="service">
    <instance name="default" enabled="true">
        <property_group name="ttymon" type="application">
            <propval name="terminal_type" value="vt100"/>
        </property_group>
    </instance>
</service>

Example 11-6 Configuring Keyboard Layout

Use the sysconfig create-profile command with the kdb_layout grouping to generate a valid profile that configures the keyboard layout.

# sysconfig create-profile -g kdb_layout -o sc_kdb.xml

The svc:/system/keymap SMF service configures keyboard layout. See the kbd(1) man page for definition of related SMF properties.

This example sets the keyboard layout to Czech.

<service name='system/keymap' version='1' type='service'>
    <instance name='default' enabled='true'>
        <property_group name='keymap' type='system'>
            <propval name='layout' value='Czech'/>
        </property_group>
    </instance>
</service>

Static Network Configuration

Use the sysconfig create-profile command with the network grouping to generate a valid profile that configures the network.

# sysconfig create-profile -g network -o sc_network.xml

The svc:/network/install SMF service configures an initial physical network interface. This service is initially disabled with property values that do not result in any system configuration.

The svc:/network/install service supports configuring one IPv4 interface and one IPv6 interface and, optionally, a default route reachable by these interfaces. The service defines two property groups: one property group for an IPv4 interface and one for an IPv6 interface. The service uses its properties and ipadm(1M) to configure the network interfaces. Similarly, the service uses its properties and route(1M) to define a default route.

See the examples in Specifying Static Network Configuration.

The install_ipv4_interface property group contains the following properties.

Table 11-6 install_ipv4_interface Property Group Properties

Property	Type	Required	Description
`name`	`astring`	`yes`	Name of the network interface.
`address_type`	`astring`	`yes`	Value used to construct the `-T` option for the `ipadm`(1M) `create-addr` subcommand. Valid values are `static` or `dhcp`.
`static_address`	`net_address_v4`	`no`	Only required with an `address_type` of `static`. Used to construct the local address for the `ipadm`(1M) `create-addr` subcommand.
`dhcp_wait`	`astring`	`no`	Only applies with an `address_type` of `dhcp`. If defined, this property is used to construct the `-w` `seconds` (or `forever`) portion of the `ipadm`(1M) `create-addr` subcommand.
`default_route`	`net_address_v4`	`no`	Used to define a default route using `route`(1M). # /usr/sbin/route \ -p add default `default-route` \ -ifp `ifname` The value of `ifname` is the interface name portion of the `name` property.

The install_ipv6_interface property group contains the following properties.

Table 11-7 install_ipv6_interface Property Group Properties

Property	Type	Required	Description
`name`	`astring`	`yes`	Name of the network interface.
`address_type`	`astring`	`yes`	Value used to construct the `-T` option for the `ipadm`(1M) `create-addr` subcommand. Valid values are `static` or `addrconf`.
`static_address`	`net_address_v6`	`no`	Only required with an `address_type` of `static`. Used to construct the local address for the `ipadm`(1M) `create-addr` subcommand.
`interface_id`	`net_address_v6`	`no`	Only applies with an `address_type` of `addrconf`. Used to construct the `-i` `interface_id` portion of the `ipadm`(1M) `create-addr` subcommand.
`stateless`	`astring`	`no`	Only applies with an `address_type` of `addrconf`. Used to construct the `-p` `stateless=yes\|no` portion of the `ipadm`(1M) `create-addr` subcommand.
`stateful`	`astring`	`no`	Only applies with an `address_type` of `addrconf`. Used to construct the `-p` `stateful=yes\|no` portion of the `ipadm`(1M) `create-addr` subcommand.
`default_route`	`net_address_v6`	`no`	Used to define a default route using `route`(1M). # /usr/sbin/route \ -p add default `default-route` \ -ifp `ifname` The value of `ifname` is the interface name portion of the `name` property.

The svc:/network/dns/client service supports the configuration of a DNS client. The service defines one property group: config. The service uses its properties to construct a DNS resolv.conf(4) file.

The config property group contains the following properties.

Table 11-8 config Property Group Properties

Property	Type	Required	Description
`domain`	`astring`	`no`	Local domain name. Used to construct the `domain` directive in `resolv.conf`(4).
`nameserver`	`net_address_list`	`yes`	List of IPv4 and IPv6 addresses. Used to construct the `nameserver` directives in `resolv.conf`(4).
`search`	`astring_list`	`no`	List of domain values for the search list for host name lookup. Used to construct the `search` directive in `resolv.conf`(4).

Name Service Configuration

Use the sysconfig create-profile command with the naming_services grouping to generate a valid profile that configures DNS, NIS, and LDAP clients and name service switch.

# sysconfig create-profile -g naming_services -o sc_ns.xml

The svc:/network/dns/client SMF service configures an initial DNS client configuration. This service is initially disabled with property values that do not result in any system configuration. See the examples in Specifying Name Service Configuration.

Skip Navigation Links
Exit Print View
	Installing Oracle Solaris 11 Systems Oracle Solaris 11 Information Library