Go to main content

Installing Oracle® Solaris 11.3 Systems

Exit Print View

Updated: April 2019
 
 

Specifying Configuration in a System Configuration Profile

You can specify configuration of any system characteristic that is configurable by using SMF properties. For example, the system configuration profile can configure a root account, an initial user, keyboard layout, terminal type, an IPv4 network interface (static or DHCP) and default route, an IPv6 network interface (static or addrconf) and default route, and name service (name server list, search list, domain). If you specify a service or property that does not apply, that specification is ignored. Do not specify any particular property more than one time.

If you are not sure which SMF properties you need to specify, you can use the describe subcommand of the svccfg command to display a description of the property groups and properties of a service, including possible settings. See “Property Inspection and Modification Subcommands” on the svccfg(1M) man page.

svccfg -s FMRI describe [-v] [-t] [property-group/property]

A property group or specific property can be queried by specifying either the property group name, or the property group name and property name separated by a slash (/), as an argument.

The –v option gives all information available, including descriptions for current settings, constraints, and other possible setting choices.

The –t option shows only the template data for the selection (see the smf_template(5) man page), and does not display the current settings for property groups and properties.

$ svccfg -s name-service/switch describe config
config                      application
    Name service switch configuration data as described in nsswitch.conf(5).
config/value_authorization  astring             solaris.smf.value.name-service.switch
config/default              astring             files
    Default configuration database entry.
config/host                 astring             "files dns mdns"
    Override configuration for host database lookups. (both IPv4 and IPv6 hosts)
config/printer              astring             "user files"
    Override configuration for printer database lookups.
$ svccfg -s name-service/switch describe -v config
config                      application
    name: config
    type: application
    required: true
    target: this
    description: Name service switch configuration data as described in nsswitch.conf(5).
config/value_authorization  astring             solaris.smf.value.name-service.switch
config/default              astring             files
    type: astring
    required: true
    Default configuration database entry.
    visibility: readwrite
    minimum number of values: 1
    maximum number of values: 1
  value: files
...
$ svccfg -s name-service/switch describe -t config
name: config
type: application
    Name service switch configuration data as described in nsswitch.conf(5).
  name: default
  type: astring
    Default configuration database entry.
  name: host
  type: astring
    Override configuration for host database lookups. (both IPv4 and IPv6 hosts)
  name: password
  type: astring
    Override configuration for passwd database lookups. Also used with the shadow and user_attr databases.
  name: group
  type: astring
    Override configuration for group database lookups.
  name: network
  type: astring
    Override configuration for network database lookups.
...
$ svccfg -s system/config-user describe root_account
root_account                     application
root_account/expire              astring
root_account/password            astring
root_account/read_authorization  astring            solaris.smf.read.system-config
root_account/stability           astring            Evolving
root_account/type                astring

Configuring Root and User Accounts

Enter the following sysconfig create-profile command with the users grouping to generate a valid profile that configures the root user and initial user.

# sysconfig create-profile -g users [-o directory]

    The svc:/system/config-user SMF service configures user and root accounts. This service recognizes two property groups:

  • The root_account property group includes SMF properties that configure the root account.

  • The user_account property group includes SMF properties that configure user accounts.


Tip  -  Generate an encrypted password, or password hash, by using the pwhash command. You can provide the resulting hash for any account.

Configuring the Root Account

The root_account property group contains the properties listed in the following table.

Table 8  root_account Property Group Properties
Property
Type
Required
Description
password
astring
required
Encrypted root password. If you do not provide a root password, the root password is empty.
type
astring
optional
Account type: normal or role.
expire
string
optional
Expiration date for login. If set to 0 (zero), the user will be forced to change the root password at the next login.
Example 71  Configuring the Root Account Only With Password Expired
<service name="system/config-user" version="1" type="service">
    <instance name="default" enabled="true">
        <property_group name="root_account" type="application">
            <propval name="password" value="encrypted_password"/>
            <propval name="type" value="normal"/>
            <propval name="expire" value="0"/>
        </property_group>
    </instance>
</service>

Configuring a User Account

Creating a User Account Without Depending on the Automounter

By default, when initial user accounts are created, the home directories are managed by the automounter and accessed under /home/login directories. To create initial user accounts without depending on the automounter, set the user_account/autohome property to the empty string ("") in the system configuration profile.

    Setting the user_account/autohome property to the empty string has the following effects:

  • The home directory entry in the /etc/passwd file is set to the mount point of the home ZFS dataset, not to /home/login. The default mount point of the home ZFS dataset is /export/home/login.

  • No mapping entry is added to the /etc/auto_home file.

User Account Properties

The user_account property group contains the properties listed in the following table.

Table 9  user_account Property Group Properties
Property
Type
Required
Description
login
astring
required
User's login.
password
astring
required
Encrypted user password.
description
astring
optional
Usually the user's full name.
shell
astring
optional
Full pathname of the program used as the user's shell on login.
uid
count
optional
UID of the new user. y default the UID is set to the next number above the highest number currently assigned.
gid
count
optional
User's primary group membership. The default GID is 10, which is the staff group.
type
astring
optional
Account type: normal or role.
profiles
astring
optional
One or more comma-separated execution profiles defined in the prof_attr(4) man page.
roles
astring
optional
One or more comma-separated roles defined in the user_attr(4) man page.
sudoers
astring
optional
Entry added to the /etc/sudoers.d/svc-system-config-user file along with the login.
expire
astring
optional
Expiration date for the login. If set to 0 (zero), the user will be forced to change the password at the next login.
home_zfs_dataset
astring
optional
User's home directory ZFS dataset.
home_mountpoint
astring
optional
User's home directory mount point.
autohome
astring
optional
User's auto home directory mount point. The default value is the local host's /export/home/login directory. If the autohome property is set to the empty string (""), the user account is created without depending on the automounter.
The property setting is stored in the /etc/auto_home file for the configured user.
Example 72  Configuring an Account That Does Not Use a Password

In this example, the password is set to NP so that the account can only be accessed using the su command as a privileged user or the ssh command with key-based authentication.

<service name="system/config-user" version="1" type="service">
    <instance name="default" enabled="true">
        <property_group name="user_account">
          <propval name="login" value="jack"/>
          <propval name="password" value="NP"/>
          <propval name="description" value="default_user"/>
          <propval name="shell" value="/usr/bin/bash"/>
          <propval name="gid" value="10"/>
          <propval name="uid" value="1001"/>
          <propval name="type" value="normal"/>
          <propval name="roles" value="root"/>
          <propval name="profiles" value="System Administrator"/>
        </property_group>
    </instance>
</service>
Configuring Multiple Initial Users

To configure multiple users on the newly-installed system, specify the users by using the useradd command in a script. Then use a run-once SMF service to run the script at first boot. See Running a Custom Script During First Boot for instructions.

Configuring SSH Keys

The ssh_public_keys property group holds pre-generated ssh keys. The keys will be written to the users $HOME/ .ssh/authorized_keys file when the system is configured.

Example 73  Configuring SSH Keys
  <property_group name="user_account" type="application">
    <...>
    <property type="astring" name="ssh_public_keys">
        <astring_list>
            <value_node value='[<options>] <key-type> <base64-encoding-key> [<comment>] />'
            <value_node value='[<options>] <key-type> <base64-encoding-key> [<comment>] />'
        </astring_list>
     </property>
   </property_group>

Setting the System Identity

Use the sysconfig create-profile command with the identity grouping to generate a valid profile that configures the system node name.

# sysconfig create-profile -g identity [-o directory]

The svc:/system/identity:node SMF service sets the system host name. The node is the instance of svc:/system/identity.

The identity property group contains the properties listed in the following table.

Table 10  config Property Group Properties
Property
Type
Required
Description
nodename
astring
optional
System host name.
enable_mapping
boolean
optional
Value used to disable node name mapping.
loopback
astring
optional
Host name mapped to loopback.
Example 74  Configuring the Host Name

This example sets the system host name to solaris.

<service name="system/identity" version="1" type="service">
    <instance name="node" enabled="true">
        <property_group name="config" type="application">
            <propval name="nodename" value="solaris"/>
        </property_group>
    </instance>
</service>
Example 75  Disabling Node Name Mapping

When you install the Oracle Solaris 11 OS or an Oracle Solaris 11 update release, by default the system node name is mapped to the loopback or to the IP address of the interface configured as part of installation. You can disable this default mapping by setting the enable_mapping property to false, as shown in the following example.

<service name="system/identity" version="1" type="service">
    <instance name="node" enabled="true">
        <property_group name="config" type="application">
            <propval name="nodename" value="solaris"/>
            <propval name="enable_mapping" value="false"/>
        </property_group>
    </instance>
</service>

Setting the Time Zone and Locale

Use the sysconfig create-profile command with the location grouping to generate a valid profile that configures the time zone and locale.

# sysconfig create-profile -g location [-o directory]

The svc:/system/timezone SMF service sets the time zone for the system.

The timezone property group contains the properties listed in the following table.

Table 11  timezone Property Group Properties
Property
Type
Required
Description
localtime
astring
optional
System time zone.
Example 76  Configuring the Time Zone

This example sets the time zone to Central European Time/Prague, CZ.

<service name='system/timezone' version='1'>
  <instance name='default' enabled='true'>
    <property_group name='timezone'>
      <propval name='localtime' value='Europe/Prague'/>
    </property_group>
  </instance>
</service>

The svc:/system/environment:init SMF service sets the locale for the system.

The environment property group can define the following environment variables. See the environ(5) man page for information about environment variables.

Table 12  environment Property Group Properties
Environment Variable
Type
Required
Default Value
LC_CTYPE
astring
optional
C
LC_NUMERIC
astring
optional
C
LC_TIME
astring
optional
C
LC_COLLATE
astring
optional
C
LC_MONETARY
astring
optional
C
LC_MESSAGES
astring
optional
C
LC_ALL
astring
optional
C
LANG
astring
optional
C
Example 77  Configuring the Locale

This example sets the locale to Czech language (cs) and Czech Republic (CZ).

<service name='system/environment' version='1'>
  <instance name='init' enabled='true'>
    <property_group name='environment'>
      <propval name='LC_ALL' value='cs_CZ.UTF-8'/>
    </property_group>
  </instance>
</service>

Setting the Terminal Type and Keyboard Layout

The following examples show how to set the terminal type and keyboard layout for the console in a system configuration profile.

Example 78  Configuring Terminal Type

The svc:/system/console-login SMF service configures the terminal type. See the ttymon(1M) man page for definition of related SMF properties.

This example sets the terminal type to vt100.

<service name="system/console-login" version="1" type="service">
    <instance name="default" enabled="true">
        <property_group name="ttymon" type="application">
            <propval name="terminal_type" value="vt100"/>
        </property_group>
    </instance>
</service>
Example 79  Configuring Keyboard Layout

Use the sysconfig create-profile command with the keyboard grouping to generate a valid profile that configures the keyboard layout.

# sysconfig create-profile -g keyboard [-o directory]

The svc:/system/keymap SMF service configures the keyboard layout. See the kbd(1) man page for definition of related SMF properties.

This example sets the keyboard layout to Czech.

<service name='system/keymap' version='1' type='service'>
    <instance name='default' enabled='true'>
        <property_group name='keymap' type='system'>
            <propval name='layout' value='Czech'/>
        </property_group>
    </instance>
</service>

Configuring Network Interfaces

Use the sysconfig create-profile command with the network grouping to generate a valid profile that configures the network. This command will start the SCI Tool, which will prompt you for the information needed to configure an interface.

# sysconfig create-profile -g network [-o directory]

The svc:/network/install SMF service configures an initial physical network interface. This service is initially disabled with property values that do not result in any system configuration.


Note -  If the installation target is an iSCSI device, do not configure that network interface in any system configuration profile for that installation. For iSCSI boot, the network interface for the iSCSI device is configured early in the client boot process. If you configure that same interface again, the network/install service for the interface goes into maintenance state.

To configure multiple network interfaces, specify the configuration in a script, and use a run-once SMF service to run the script at first boot. See Running a Custom Script During First Boot for instructions and a sample script.

The svc:/network/install service supports multiple IPv4 and IPv6 interfaces and, optionally, a default route reachable by these interfaces. The service allows you to configure IPv4 and IPv6 interfaces. The service uses its properties and the ipadm command to configure the network interfaces. Similarly, the service uses its properties and the route command to define a default route.

See the examples in Specifying Static Network Configuration.

The install_ipv4_interface property group only allows one interface to be configured, but the ipv4_interface property group allows for multiple interfaces to be configured. Both IPv4 property groups contain the properties listed in the following table.

Table 13  Property Group Properties for an IPv4 Network Interface
Property
Type
Required
Description
name
astring
required
Name of the network interface.
address_type
astring
required
Value used to construct the –T option for the ipadm create-addr subcommand. Valid values are static or dhcp.
static_address
net_address_v4
optional
Only required with an address_type of static. Used to construct the local address for the ipadm create_addr subcommand.
dhcp_wait
astring
optional
Only applies with an address_type of dhcp. If defined, this property is used to construct the –w seconds (or forever) portion of the ipadm create-addr subcommand.
default_route
net_address_v4
optional
Used to define a default route using the routecommand.
# /usr/sbin/route \
-p add default default-route \
-ifp ifname
The value of ifname is the interface name portion of the name property.

The install_ipv6_interface property group only allows one interface to be configured, but the ipv6_interface property group allows for multiple interfaces to be configured. The property groups for an IPv6 interface contains the properties listed in the following table.

Table 14  Property Group Properties for an IPv6 Network Interface
Property
Type
Required
Description
name
astring
required
Name of the network interface.
address_type
astring
required
Value used to construct the –T option for the ipadm create-addr subcommand. Valid values are static or addrconf.
static_address
net_address_v6
optional
Only required with an address_type of static. Used to construct the local address for the ipadm create-addr subcommand.
interface_id
net_address_v6
optional
Only applies with an address_type of addrconf. Used to construct the –i interface_id portion of the ipadm create-addr subcommand.
stateless
astring
optional
Only applies with an address_type of addrconf. Used to construct the –p stateless=yes|no portion of the ipadm create-addr subcommand.
stateful
astring
optional
Only applies with an address_type of addrconf. Used to construct the –p stateful=yes|no portion of the ipadm create-addr subcommand.
default_route
net_address_v6
optional
Used to define a default route using the route command.
# /usr/sbin/route \
-p add default default-route \
-ifp ifname
The value of ifname is the interface name portion of the name property.

Configuring Name Service

Use the sysconfig create-profile command with the naming_services grouping to generate a valid profile that configures DNS, NIS, and LDAP clients and the name service switch.

# sysconfig create-profile -g naming_services [-o directory]

    The naming_services grouping includes two SMF services.

  • The svc:/system/name-service/switch service manages the naming service.

  • The svc:/network/dns/client service manages the DNS service.

The svc:/system/name-service/switch SMF service configures the name service switch. This service is initially disabled with property values that do not result in any system configuration. See the examples in Specifying Name Service Configuration. The config property group of the svc:/system/name-service/switch service includes the properties listed in the following table. For a complete listing of all of the properties see the nsswitch.conf(4) man page.

Table 15  config Properties of the svc:/system/name-service/switch Property Group
Property
Type
Required
Description
default
astring
optional
Sets the default source configuration for all name service switch databases
bootparam
astring
optional
Overrides the default source configuration for the bootparams database
ether
astring
optional
Overrides the default source configuration for the ethers database
group
astring
optional
Overrides the default source configuration for the group database
host
astring
optional
Overrides the default source configuration for the host database
netmask
astring
optional
Overrides the default source configuration for the netmask database
network
astring
optional
Overrides the default source configuration for the network database
password
astring
optional
Overrides the default source configuration for the passwd database
protocol
astring
optional
Overrides the default source configuration for the protocol database
rpc
astring
optional
Overrides the default source configuration for the rpc database

The svc:/network/dns/client service supports the configuration of a DNS client. The service defines one property group: config. The service uses its properties to construct a configuration information for the DNS service. See the examples in Specifying Name Service Configuration.

The config property group contains the properties listed in the following table.

Table 16  config Property Group Properties
Property
Type
Required
Description
domain
astring
optional
Local domain name. Used to construct the domain directive in resolv.conf.
nameserver
net_address_list
required
List of IPv4 and IPv6 addresses. Used to construct the nameserver directives in resolv.conf.
search
astring_list
optional
List of domain values for the search list for host name lookup. Used to construct the search directive in resolv.conf.

Configuring Kerberos

A system configuration profile that includes Kerberos configuration information for an AI client should be created by the kclient command. Although the profile can be viewed, editing the file by hand is not suggested. For more information, see How to Configure Kerberos Clients Using AI.

Setting Up Oracle Configuration Manager and Oracle Auto Service Request

Oracle Configuration Manager enables you to log your system configurations with My Oracle Support, and Oracle Auto Service Request can automatically generate service requests for specific hardware faults.

Use the sysconfig create-profile command with the support grouping to generate a valid profile that configures Oracle Configuration Manager and Oracle Auto Service Request.

# sysconfig create-profile -g support [-o directory]

    The output profile sets up the first phase of registration, which is the same for all AI clients that match the following criteria:

  • The systems use the same My Oracle Support credentials to register. All AI clients hat use this profile register with My Oracle Support in the same way. The data from all of these AI clients will be associated with the same My Oracle Support account.

  • The systems access My Oracle Support through the same network configuration. All AI client that use this profile access My Oracle Support through the same proxy servers and aggregation hubs, for example.

If you need to create additional profiles for different groups of AI client, you should rerun the sysconfig create-profile command, rather than copy and edit an existing profile. If your proxy server has a user name and password, then you must rerun sysconfig create-profile since the passwords are encrypted.