탐색 링크 건너뛰기 | |
인쇄 보기 종료 | |
Oracle Solaris 11.1 시스템 Oracle Solaris 11.1 Information Library (한국어) |
6. Oracle Solaris 인스턴스 구성 해제 또는 재구성
Oracle Configuration Manager 및 Oracle Auto Service Request 설정
이 섹션의 예는 installadm create-profile 명령을 사용하여 설치 서비스에 추가할 수 있는 완전한 시스템 구성 프로파일입니다.
이 섹션은 수정할 기초로 사용할 수 있는 샘플 시스템 구성 프로파일을 보여줍니다. 이 샘플은 /usr/share/auto_install/sc_profiles/sc_sample.xml에서 사용할 수 있습니다. 설치 서비스를 만든 후에 이 샘플 시스템 구성 프로파일은 image-path/auto_install/sc_profiles/sc_sample.xml에서 사용할 수 있습니다.
<?xml version="1.0"?> <!-- Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. --> <!-- Sample system configuration profile for use with Automated Installer Configures the following: * User account name 'jack', password 'jack', GID 10, UID 101, root role, bash shell * 'root' role with password 'solaris' * Keyboard mappings set to US-English * Time zone set to UTC * Network configuration is automated with Network Auto-magic * DNS name service client is enabled See installadm(1M) for usage of 'create-profile' subcommand. --> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="system configuration"> <service name="system/config-user" version="1"> <instance name="default" enabled="true"> <property_group name="user_account"> <propval name="login" value="jack"/> <propval name="password" value="9Nd/cwBcNWFZg"/> <propval name="description" value="default_user"/> <propval name="shell" value="/usr/bin/bash"/> <propval name="gid" value="10"/> <propval name="uid" value="101"/> <propval name="type" value="normal"/> <propval name="roles" value="root"/> <propval name="profiles" value="System Administrator"/> </property_group> <property_group name="root_account"> <propval name="password" value="encrypted_password"/> <propval name="type" value="role"/> </property_group> </instance> </service> <service version="1" name="system/identity"> <instance enabled="true" name="node"> <property_group name="config"> <propval name="nodename" value="solaris"/> </property_group> </instance> </service> <service name="system/console-login" version="1"> <instance name="default" enabled="true"> <property_group name="ttymon"> <propval name="terminal_type" value="sun"/> </property_group> </instance> </service> <service name="system/keymap" version="1"> <instance name="default" enabled="true"> <property_group name="keymap"> <propval name="layout" value="US-English"/> </property_group> </instance> </service> <service name="system/timezone" version="1"> <instance name="default" enabled="true"> <property_group name="timezone"> <propval name="localtime" value="UTC"/> </property_group> </instance> </service> <service name="system/environment" version="1"> <instance name="init" enabled="true"> <property_group name="environment"> <propval name="LANG" value="en_US.UTF-8"/> </property_group> </instance> </service> <service name="network/physical" version="1"> <instance name="default" enabled="true"> <property_group name="netcfg" type="application"> <propval name="active_ncp" type="astring" value="Automatic"/> </property_group> </instance> </service> </service_bundle>
이 샘플 프로파일의 버전은 /usr/share/auto_install/sc_profiles/static_network.xml에서 사용할 수 있습니다. 아래 표시된 이 프로파일의 버전을 수정하여 다음 매개변수를 구성합니다.
bge0에 IPv4 정적 주소 10.0.0.10 및 넷마스크 255.0.0.0 사용
10.0.0.1 IPv4 기본 경로
bge1에 IPv6 addrconf 주소 유형 사용
DNS 8.8.8.8 이름 서버
example1.com 및 example2.com을 호스트 이름 조회용 DNS 검색 목록으로 사용
넷마스크는 IPaddress/ netmask 표기법으로 지정됩니다. 여기서 netmask는 넷마스크의 상위 비트 수를 지정하는 숫자입니다.
|
<?xml version="1.0"?> <!-- Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. --> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="system configuration"> <service name="system/config-user" version="1"> <instance name="default" enabled="true"> <property_group name="user_account"> <propval name="login" value="jack"/> <propval name="password" value="9Nd/cwBcNWFZg"/> <propval name="description" value="default_user"/> <propval name="shell" value="/usr/bin/bash"/> <propval name="gid" value="10"/> <propval name="type" value="normal"/> <propval name="roles" value="root"/> <propval name="profiles" value="System Administrator"/> </property_group> <property_group name="root_account"> <propval name="password" value="$5$dnRfcZse$Hx4aBQ161Uvn9ZxJFKMdRiy8tCf4gMT2s2rtkFba2y4"/> <propval name="type" value="role"/> </property_group> </instance> </service> <service version="1" name="system/identity"> <instance enabled="true" name="node"> <property_group name="config"> <propval name="nodename" value="solaris"/> </property_group> </instance> </service> <service name="system/console-login" version="1"> <instance name="default" enabled="true"> <property_group name="ttymon"> <propval name="terminal_type" value="sun"/> </property_group> </instance> </service> <service name="system/keymap" version="1"> <instance name="default" enabled="true"> <property_group name="keymap"> <propval name="layout" value="US-English"/> </property_group> </instance> </service> <service name="system/timezone" version="1"> <instance name="default" enabled="true"> <property_group name="timezone"> <propval name="localtime" value="UTC"/> </property_group> </instance> </service> <service name="system/environment" version="1"> <instance name="init" enabled="true"> <property_group name="environment"> <propval name="LANG" value="en_US.UTF-8"/> </property_group> </instance> </service> <service name="network/physical" version="1"> <instance name="default" enabled="true"> <property_group name="netcfg" type="application"> <propval name="active_ncp" type="astring" value="DefaultFixed"/> </property_group> </instance> </service> <service name="network/install" version="1" type="service"> <instance name="default" enabled="true"> <property_group name="install_ipv4_interface" type="application"> <propval name="name" type="astring" value="bge0/v4"/> <propval name="address_type" type="astring" value="static"/> <propval name="static_address" type="net_address_v4" value="10.0.0.10/8"/> <propval name="default_route" type="net_address_v4" value="10.0.0.1"/> </property_group> <property_group name="install_ipv6_interface" type="application"> <propval name="name" type="astring" value="bge1/v6"/> <propval name="address_type" type="astring" value="addrconf"/> <propval name="stateless" type="astring" value="yes"/> <propval name="stateful" type="astring" value="yes"/> </property_group> </instance> </service> <service name="network/dns/client" version="1"> <property_group name="config"> <property name="nameserver"> <net_address_list> <value_node value="8.8.8.8"/> </net_address_list> </property> <property name="search"> <astring_list> <value_node value="example1.com example2.com"/> </astring_list> </property> </property_group> <instance name="default" enabled="true"/> </service> <service version="1" name="system/name-service/switch"> <property_group name="config"> <propval name="default" value="files"/> <propval name="host" value="files dns mdns"/> <propval name="printer" value="user files"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> </service_bundle>
이 섹션의 샘플 프로파일을 템플리트로 사용하여 고유의 프로파일을 만들거나, sysconfig 도구를 naming_services 그룹과 함께 사용하여 프롬프트할 응답에 따라 프로파일을 만들 수 있습니다. sysconfig를 사용하여 시스템 구성 프로파일을 만드는 방법은 SCI 도구를 사용하여 구성 프로파일 만들기 및 sysconfig(1M) 매뉴얼 페이지를 참조하십시오.
예 11-8 지정된 도메인에 대해 NIS 사용
이 예제 프로파일은 다음 구성을 수행합니다.
my.domain.com에 대해 NIS를 사용으로 설정합니다.
NIS 서버를 검색하는 브로드캐스팅을 사용합니다(동일한 서브넷에 있어야 함).
이름 서비스 캐시 서비스를 사용으로 설정합니다(필수).
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <!-- Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. --> <service_bundle type='profile' name='default'> <service name='network/nis/domain' type='service' version='1'> <property_group name='config' type='application'> <propval name='domainname' type='hostname' value='my.domain.com'/> </property_group> <instance name='default' enabled='true' /> </service> <service name='network/nis/client' type='service' version='1'> <property_group name='config' type='application'> <propval name='use_broadcast' type='boolean' value='true'/> </property_group> <instance name='default' enabled='true' /> </service> <service name='system/name-service/switch' type='service' version='1'> <property_group name='config' type='application'> <propval name='default' type='astring' value='files nis'/> <propval name='printer' type='astring' value='user files nis'/> <propval name='netgroup' type='astring' value='nis'/> </property_group> <instance name='default' enabled='true' /> </service> <service name='system/name-service/cache' type='service' version='1'> <instance name='default' enabled='true' /> </service> </service_bundle>
예 11-9 NIS 구성 및 DNS 사용 안함
이 예제 프로파일은 다음 구성을 수행합니다.
NIS 서버에 대한 자동 브로드캐스팅으로 이름 서비스 NIS를 구성합니다(동일한 서브넷에 있어야 함).
NIS 도메인 my.domain.com을 구성합니다.
이름 서비스 캐시 서비스를 사용으로 설정합니다(필수).
DNS 이름 서비스를 사용 안함으로 설정합니다.
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="sysconfig"> <!-- service name-service/switch below for NIS only - (see nsswitch.conf(4)) --> <service version="1" type="service" name="system/name-service/switch"> <property_group type="application" name="config"> <propval type="astring" name="default" value="files nis"/> <propval type="astring" name="printer" value="user files nis"/> <propval type="astring" name="netgroup" value="nis"/> </property_group> <instance enabled="true" name="default"/> </service> <!-- service name-service/cache must be present along with name-service/switch --> <service version="1" type="service" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> <!-- if no DNS, must be explicitly disabled to avoid error msgs --> <service version="1" type="service" name="network/dns/client"> <instance enabled="false" name="default"/> </service> <service version="1" type="service" name="network/nis/domain"> <property_group type="application" name="config"> <propval type="hostname" name="domainname" value="my.domain.com"/> </property_group> <instance enabled="true" name="default"/> </service> <!-- configure the NIS client service to broadcast the subnet for a NIS server --> <service version="1" type="service" name="network/nis/client"> <property_group type="application" name="config"> <propval type="boolean" name="use_broadcast" value="true"/> </property_group> <instance enabled="true" name="default"/> </service> </service_bundle>
예 11-10 NIS 구성
다음 프로파일은 서버 IP 주소 10.0.0.10 및 도메인 mydomain.com으로 이름 서비스 NIS를 구성합니다. 서버 IP 주소가 명시적으로 지정된 경우 NIS 서버가 동일한 서브넷에 있을 필요가 없습니다.
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="sysconfig"> <!-- name-service/switch below for NIS only - (see nsswitch.conf(4)) --> <service version="1" type="service" name="system/name-service/switch"> <property_group type="application" name="config"> <propval type="astring" name="default" value="files nis"/> <propval type="astring" name="printer" value="user files nis"/> <propval type="astring" name="netgroup" value="nis"/> </property_group> <instance enabled="true" name="default"/> </service> <!-- name-service/cache must be present along with name-service/switch --> <service version="1" type="service" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> <!-- if no DNS, must be explicitly disabled to avoid error msgs --> <service version="1" type="service" name="network/dns/client"> <instance enabled="false" name="default"/> </service> <service version="1" type="service" name="network/nis/domain"> <property_group type="application" name="config"> <propval type="hostname" name="domainname" value="mydomain.com"/> <!-- Note: use property with net_address_list and value_node as below --> <property type="net_address" name="ypservers"> <net_address_list> <value_node value="10.0.0.10"/> </net_address_list> </property> </property_group> <!-- configure default instance separate from property_group --> <instance enabled="true" name="default"/> </service> <!-- enable the NIS client service --> <service version="1" type="service" name="network/nis/client"> <instance enabled="true" name="default"/> </service> </service_bundle>
예 11-11 지정된 도메인에 대해 NIS 및 DNS 사용
이 예는 DNS 및 NIS 이름 서비스를 모두 구성합니다.
다중 DNS 이름 서버를 지정합니다.
DNS 도메인 검색 목록을 지정합니다.
NIS 도메인을 지정합니다.
NIS 서버를 검색하는 브로드캐스팅을 지정합니다.
<?xml version="1.0"?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <!-- Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. --> <service_bundle type='profile' name='default'> <service name='network/dns/client' type='service' version='1'> <property_group name='config' type='application'> <propval name='domain' type='astring' value='us.example.com'/> <property name='nameserver' type='net_address'> <net_address_list> <value_node value='130.35.249.52' /> <value_node value='130.35.249.41' /> <value_node value='130.35.202.15' /> </net_address_list> </property> <property name='search' type='astring'> <astring_list> <value_node value='us.example.com example.com example.com' /> </astring_list> </property> </property_group> <instance name='default' enabled='true' /> </service> <service name='network/nis/domain' type='service' version='1'> <property_group name='config' type='application'> <propval name='domainname' type='hostname' value='mydomain.com'/> </property_group> <instance name='default' enabled='true' /> </service> <service name='network/nis/client' type='service' version='1'> <property_group name='config' type='application'> <propval name='use_broadcast' type='boolean' value='true'/> </property_group> <instance name='default' enabled='true' /> </service> <service name='system/name-service/switch' type='service' version='1'> <property_group name='config' type='application'> <propval name='default' type='astring' value='files nis'/> <propval name='host' type='astring' value='files dns'/> <propval name='printer' type='astring' value='user files nis'/> <propval name='netgroup' type='astring' value='nis'/> </property_group> <instance name='default' enabled='true' /> </service> <service name='system/name-service/cache' type='service' version='1'> <instance name='default' enabled='true' /> </service> </service_bundle>
예 11-12 검색 목록으로 DNS 구성
다음 예제 프로파일은 다음 매개변수를 구성합니다.
이름 서비스 DNS
서버 IP 주소 1.1.1.1 및 2.2.2.2
도메인 dom.ain.com
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="sysconfig"> <!-- name-service/switch below for DNS only - (see nsswitch.conf(4)) --> <service version="1" type="service" name="system/name-service/switch"> <property_group type="application" name="config"> <propval type="astring" name="default" value="files"/> <propval type="astring" name="host" value="files dns"/> <propval type="astring" name="printer" value="user files"/> </property_group> <instance enabled="true" name="default"/> </service> <!-- name-service/cache must be present along with name-service/switch --> <service version="1" type="service" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/dns/client"> <property_group type="application" name="config"> <!-- Note: use property with net_address_list and value_node as below --> <property type="net_address" name="nameserver"> <net_address_list> <value_node value="1.1.1.1"/> <value_node value="2.2.2.2"/> </net_address_list> </property> <!-- Note: use property with astring_list and value_node, concatenating search names, as below --> <property type="astring" name="search"> <astring_list> <value_node value="dom.ain.com ain.com"/> </astring_list> </property> </property_group> <instance enabled="true" name="default"/> </service> </service_bundle>
예 11-13 LDAP 및 LDAP 검색 기준 구성
이 예제 프로파일은 다음 매개변수를 구성합니다.
이름 서비스 LDAP에 서버 IP 주소 10.0.0.10 사용
system/nis/domain 서비스에 지정된 도메인 my.domain.com
LDAP 검색 기준(필수), dc=my,dc=domain,dc=com
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="sysconfig"> <service version="1" type="service" name="system/name-service/switch"> <property_group type="application" name="config"> <propval type="astring" name="default" value="files ldap"/> <propval type="astring" name="printer" value="user files ldap"/> <propval type="astring" name="netgroup" value="ldap"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/dns/client"> <instance enabled="false" name="default"/> </service> <service version="1" type="service" name="network/ldap/client"> <property_group type="application" name="config"> <propval type="astring" name="profile" value="default"/> <property type="host" name="server_list"> <host_list> <value_node value="10.0.0.10"/> </host_list> </property> <propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/nis/domain"> <property_group type="application" name="config"> <propval type="hostname" name="domainname" value="my.domain.com"/> </property_group> <instance enabled="true" name="default"/> </service> </service_bundle>
예 11-14 보안 LDAP 서버로 LDAP 구성
이 예제 프로파일은 다음 매개변수를 구성합니다.
이름 서비스 LDAP에 서버 IP 주소 10.0.0.10 사용
system/nis/domain 서비스에 지정된 도메인 my.domain.com
LDAP 검색 기준(필수), dc=my,dc=domain,dc=com
LDAP 프록시 바인드 식별 이름 cn=proxyagent,ou=profile,dc=my,dc=domain,dc=com
LDAP 프록시 바인드 암호, 보안 조치로 암호화됨. 다음 방식 중 하나를 사용하여 암호화된 값을 찾을 수 있습니다.
sysconfig create-profile에서 bind_passwd 등록 정보 값을 가져옵니다.
LDAP 서버의 SMF 구성에서 값을 가져옵니다.
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="sysconfig"> <service version="1" type="service" name="system/name-service/switch"> <property_group type="application" name="config"> <propval type="astring" name="default" value="files ldap"/> <propval type="astring" name="printer" value="user files ldap"/> <propval type="astring" name="netgroup" value="ldap"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/dns/client"> <instance enabled="false" name="default"/> </service> <service version="1" type="service" name="network/ldap/client"> <property_group type="application" name="config"> <propval type="astring" name="profile" value="default"/> <property type="host" name="server_list"> <host_list> <value_node value="10.0.0.10"/> </host_list> </property> <propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/> </property_group> <property_group type="application" name="cred"> <propval type="astring" name="bind_dn" value="cn=proxyagent,ou=profile,dc=my,dc=domain,dc=com"/> <!-- note that the password below is encrypted --> <propval type="astring" name="bind_passwd" value="{NS1}c2ab873ae7c5ceefa4b9"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/nis/domain"> <property_group type="application" name="config"> <propval type="hostname" name="domainname" value="my.domain.com"/> </property_group> <instance enabled="true" name="default"/> </service> </service_bundle>
DNS 이름 서비스를 LDAP 이름 서비스와 함께 사용할 수 있습니다. 전형적인 사용법은, DNS로 노드 이름(LDAP 서버 이름 포함)을 분석하고 LDAP로 기타 다른 이름을 분석하는 것입니다. 이 예의 첫번째 service 요소에 표시된 대로, system/name-service/switch 서비스에서 노드 이름 검색에 DNS를 지정하고 LDAP로 다른 이름을 분석할 수 있습니다.
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="sysconfig"> <service version="1" type="service" name="system/name-service/switch"> <property_group type="application" name="config"> <propval type="astring" name="default" value="files ldap"/> <propval type="astring" name="host" value="files dns"/> <propval type="astring" name="printer" value="user files ldap"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/dns/client"> <property_group type="application" name="config"> <property type="net_address" name="nameserver"> <net_address_list> <value_node value="10.0.0.10"/> </net_address_list> </property> <propval type="astring" name="domain" value="my.domain.com"/> <property type="astring" name="search"> <astring_list> <value_node value="my.domain.com"/> </astring_list> </property> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/ldap/client"> <property_group type="application" name="config"> <propval type="astring" name="profile" value="default"/> <property type="host" name="server_list"> <host_list> <!-- here, DNS is expected to resolve the LDAP server by name --> <value_node value="ldapserver.my.domain.com"/> </host_list> </property> <propval type="astring" name="search_base" value="dc=my,dc=domain,dc=com"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/nis/domain"> <property_group type="application" name="config"> <propval type="hostname" name="domainname" value="my.domain.com"/> </property_group> <instance enabled="true" name="default"/> </service> </service_bundle>
비슷한 방법으로 NIS를 DNS와 함께 사용할 수 있습니다.
<?xml version='1.0'?> <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> <service_bundle type="profile" name="sysconfig"> <service version="1" type="service" name="system/name-service/switch"> <property_group type="application" name="config"> <propval type="astring" name="default" value="files nis"/> <propval type="astring" name="host" value="files dns"/> <propval type="astring" name="printer" value="user files nis"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="system/name-service/cache"> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/dns/client"> <property_group type="application" name="config"> <property type="net_address" name="nameserver"> <net_address_list> <value_node value="10.0.0.10"/> </net_address_list> </property> <propval type="astring" name="domain" value="my.domain.com"/> <property type="astring" name="search"> <astring_list> <value_node value="my.domain.com"/> </astring_list> </property> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/nis/domain"> <property_group type="application" name="config"> <propval type="hostname" name="domainname" value="my.domain.com"/> </property_group> <instance enabled="true" name="default"/> </service> <service version="1" type="service" name="network/nis/client"> <property_group type="application" name="config"> <propval type="boolean" name="use_broadcast" value="true"/> </property_group> <instance enabled="true" name="default"/> </service> </service_bundle>