Tuesday, October 20, 2009

[Level 2] Solaris 10 Technical Conference ( 2009/10/25,11/13,12/4 ) -- Basic SMF hands-on lab

The following is my lab file, please refer to it.

Wish this helps.

regards,
Stanley Huang

****************************************************************************************************
The purpose of this lab is to let you have basic SMF administration skill. And then you will have the following capabilities.
Lab 1:
* list service.
* check service dependenty.
* manage service.

Lab 1:
1. list services
# svcs -a; ## list all service included 'disabled services'
----------------------------
STATE          STIME    FMRI
...
----------------------------

# svcs */milestone/*;
----------------------------------------------------------------------------
STATE          STIME    FMRI
online          8:40:05 svc:/milestone/network:default
online          8:40:08 svc:/milestone/name-services:default
online          8:40:08 svc:/milestone/devices:default
online          8:40:09 svc:/milestone/single-user:default
online          8:40:13 svc:/milestone/sysconfig:default
online          8:40:25 svc:/milestone/multi-user:default
online          8:40:26 svc:/milestone/multi-user-server:default
----------------------------------------------------------------------------

2. list service associated instance.
# svcs -p inetd;
--------------------------------------------------
STATE          STIME    FMRI
online          8:40:13 svc:/network/inetd:default
                8:40:13      434 inetd
--------------------------------------------------

3. list service messages.
# svcs -l inetd;
-------------------------------------------------------------------
fmri         svc:/network/inetd:default
name         inetd
enabled      true
state        online
next_state   none
state_time   Sun Oct 18 08:40:13 2009
logfile      /var/svc/log/network-inetd:default.log
restarter    svc:/system/svc/restarter:default
contract_id  70
dependency   require_any/error svc:/network/loopback (online)
dependency   require_all/error svc:/system/filesystem/local (online)
dependency   optional_all/error svc:/milestone/network (online)
dependency   optional_all/error svc:/network/rpc/bind (online)
dependency   optional_all/none svc:/network/inetd-upgrade (disabled)
dependency   require_all/none svc:/milestone/sysconfig (online) svc:/milestone/name-services (online)
-------------------------------------------------------------------

4. list service error message.
# svcs -vx;
-------------------------------------------------------------------------------
svc:/system/cluster/cl-svc-cluster-milestone:default (Synchronizing the cluster userland services)
 State: disabled since Sun Oct 18 08:39:54 2009
Reason: Disabled by an administrator.
   See: http://sun.com/msg/SMF-8000-05
Impact: 1 dependent service is not running:
        svc:/system/cluster/sckeysync:default
-------------------------------------------------------------------------------

5. check service dependency. (-d: for parent, -D for child)
# svcs */milestone/*;
online          8:40:05 svc:/milestone/network:default
online          8:40:08 svc:/milestone/name-services:default
online          8:40:08 svc:/milestone/devices:default
online          8:40:09 svc:/milestone/single-user:default
online          8:40:13 svc:/milestone/sysconfig:default
online          8:40:25 svc:/milestone/multi-user:default
online          8:40:26 svc:/milestone/multi-user-server:default

# svcs -d multi-user | grep milestone;
online          8:40:08 svc:/milestone/name-services:default
online          8:40:09 svc:/milestone/single-user:default
online          8:40:13 svc:/milestone/sysconfig:default

# svcs -D multi-user | grep milestone;
online          8:40:26 svc:/milestone/multi-user-server:default

6. manage service.
# svcs *ssh*
STATE          STIME    FMRI
online          8:40:14 svc:/network/ssh:default

** stop service, service will not start next server boot.
# svcadm disable svc:/network/ssh:default
# svcadm disable ssh
# svcs -l ssh | grep enabled
-----------------------------
enabled      false
-----------------------------

** start service, service will start next server boot.
# svcadm enable svc:/network/ssh:default
# svcadm enable ssh
# svcs -l ssh | grep enabled
-----------------------------
enabled      true
-----------------------------

** restart service
** The option "restart" will not start the service status.
** If you want to start the service, please use "enable" option as above.
# svcadm restart svc:/network/ssh:default
# svcadm restart ssh

** temporary start/stop service, service will start next server boot.
# svcadm enable -t ssh
# svcadm disable -t ssh
# svcs -l ssh | grep enabled
-----------------------------
enabled      true (temporary)
-----------------------------

7. manage services with profiles.
** with secure net policy. stop un-secure service, like telnet, ftp, rpc...
# svccfg apply /var/svc/profile/generic_limited_net.xml
# cat /var/svc/profile/generic_limited_net.xml
PS. partial of the xml file.
-----------------------------------------------------------
  ...
 
   
   
   
 

 
   
   
 

 
   
 

  ...
-----------------------------------------------------------

** with generial net policy. start un-secure service, like telnet, ftp, rpc...
# svccfg apply /var/svc/profile/generic_open.xml
# cat /var/svc/profile/generic_open.xml
PS. partial of the xml file.
-----------------------------------------------------------
  ...
 
   
 

 
   
 

 
   
 

  ...
-----------------------------------------------------------