SVCCFG(8) Maintenance Commands and Procedures SVCCFG(8)

svccfgimport, export, and modify service configurations

svccfg [-v] [-z zone] [-s FMRI]

svccfg [-v] [-z zone] [-s FMRI] subcommand [args...]

svccfg [-v] [-z zone] [-s FMRI] -f command-file

The svccfg command manipulates data in the service configuration repository. svccfg can be invoked interactively, with an individual subcommand, or by specifying a command file that contains a series of subcommands.

Changes made to an existing service in the repository typically do not take effect for that service until the next time the service instance is refreshed. See the refresh subcommand on the svcadm(8) man page for more details.

The following options are supported:

file
Reads and executes svccfg subcommands from file.
FMRI
Selects the entity indicated by FMRI (a fault management resource identifier) before executing any subcommands. See smf(7).
Produce more verbose output.
zone
Manage services in the specified zone. This option is only applicable from the global zone, see zones(7).

Subcommands are divided into the categories specified in the subsections that follow.

All subcommands that accept FMRIs also accept abbreviated or globbed patterns. Instances and services can be abbreviated by specifying the instance name, or the trailing portion of the service name. For example, given the FMRI:

svc:/network/smtp:sendmail

All the following are valid abbreviations:

sendmail :sendmail smtp smtp:sendmail network/smtp

While the following are invalid:

mail network network/smt

Abbreviated forms of FMRIs are unstable, and should not be used in scripts or other permanent tools. If a pattern matches more than one instance or service, an error message is printed and no action is taken.

, exit, quit
Exits immediately.
repfile
Uses repfile as a repository. By default, svccfg uses the system repository.

Use repository only with files from the identical version of illumos, including updates, that you are currently running. Do not use this subcommand with the system repository, /etc/svc/repository.db.

[-v | -V]
Sets optional behavior. If no options are specified, set displays the options currently in effect.
Turns on verbose mode.
Turns off verbose mode.

[-n] file
If file is a service profile, properties, including general/enabled, that are specified in the file are modified in the SMF repository. Not-yet-existent properties and property groups will be created. The type of the pre-existing property groups will not be changed by the profile. Existing properties (as distinguished from property groups) have their type changed by the profile. Nonexistent services and instances are ignored. Services and instances modified by the profile will be refreshed. If -n is specified, the profile is processed and no changes are applied to the SMF repository. Any syntax error found will be reported on stderr and an exit code of 1 will be returned. See smf(7) for a description of service profiles. This command requires privileges to modify properties in the service and instance. See smf_security(7) for the privileges required to modify properties. If file is not a service profile, the subcommand fails.
[> file]
Prints a service profile which represents the enabled status of the service instances in the repository to standard output. The output may be redirected to a file.

[-a]
Dumps a full XML service description for all services, instances, and their persistent properties in the repository. This does not include transient properties such as service state, and is suitable for a relocatable repository backup.

Without the -a option, property groups containing protected information (identified by the presence of the read_authorization property — see smf_security(7)) will be archived without their property values. When the -a option is specified, all values will be archived. An error results if there are insufficient privileges to read these values.

[-a] service_FMRI [> file]
The service description for the specified service and its instances is written to standard output or redirected to the given file. Dependencies with a boolean “external” property set to true are omitted in the belief that they were created on behalf of another service.

Without the -a option, property groups containing protected information (identified by the presence of the read_authorization property — see smf_security(7)) will be exported without their property values. When the -a option is specified, all values will be archived. An error results if there are insufficient privileges to read these values.

Note that export requires a service FMRI. To ease the use of arguments cut and pasted from other command output, if you specify a complete instance FMRI, the entire corresponding service including all instances is exported and a warning is issued. If you specify an abbreviation, such as ‘apache2’ or ‘sendmail’, that specifies an instance, the command fails.

[-V] file
If file is a service manifest, then the services and instances it specifies are imported into the repository. According to the file, dependencies may be created in other services. See smf(7) for a description of service manifests. See smf_security(7) for the privileges required to create and modify service configurations.

Services and instances in the manifest will be validated against template data in the manifest and the repository, and warnings will be issued for all template violations. See smf_template(7) for a description of templates. If the -V option is specified, manifests that violate the defined templates will fail to import. In interactive invocations of svccfg, -V is the default behavior.

For existing services and instances, properties which have not changed since the last import snapshot was taken are upgraded to those specified by the manifest. Conflicts (properties which have been changed both in the repository and the manifest) are reported on the standard error stream. svccfg will never upgrade the “general/enabled” and “general/restarter” properties, since they represent administrator preference.

file
If file is determined to be a service manifest, then the FMRIs of the services and instances the file describes are printed. For each service, the FMRIs of its instances are displayed before the FMRI of the service.
Restores the contents of the repository from a full XML service description previously created by the archive subcommand. If the archive was generated without the use of the -a option, the contents of the repository following completion of the restore will not include the values of any read-protected properties (see smf_security(7)). If these are required, they must be restored manually.

Restoring an archive which is inconsistent with currently installed software (including patch revisions) might yield unpredictable results. Therefore, prior to restoring an archive, all system and application software, including any service manifests, should be restored to the same state it was in at the time the archive was made.

[file | fmri]
The validate subcommand can operate on a manifest file, an instance FMRI, or the current instance or snapshot entity selection. When an argument is specified, svccfg will check to see whether the specified file exists. If the file exists, it will be validated. If a file of the specified name does not exist, the argument is treated as an FMRI pattern. If a conflict arises between a filename and an FMRI, use the svc: and file: prefixes to tell svccfg how to interpret the argument.

When you specify a file, the file is processed in a manner similar to import -V, but no changes are made to the repository. If any errors are detected, svccfg displays the errors and exits with a nonzero exit status.

For an instance fmri, instance entity selection, or snapshot entity selection, the specified instance in its composed form (see “Properties and Property Groups” in smf(7)) will be validated against template data in the repository. Instance FMRIs and instance entity selections use the “running” snapshot for validation. Warnings will be issued for all template violations. See smf_template(7) for a description of templates.

An “entity” refers to a scope, service, or service instance.

name
A new entity with the given name is created as a child of the current selection. See smf_security(7) for the privileges required to create entities.
[-f] {name | fmri}
The named child of the current selection or the entity specified by fmri is deleted. Attempts to delete service instances in the “online” or “degraded” state will fail unless the -f flag is specified. If a service or service instance has a “dependents” property group of type “framework”, then for each of its properties with type “astring” or “fmri”, if the property has a single value which names a service or service instance then the dependency property group in the indicated service or service instance with the same name as the property will be deleted. See smf_security(7) for the privileges required to delete service configurations.
[pattern]
The child entities of the current selection whose names match the glob pattern pattern are displayed (see fnmatch(7)). “:properties” is also listed for property-bearing entities, namely services and service instances.
{name | fmri}
If the argument names a child of the current selection, it becomes the current selection. Otherwise, the argument is interpreted as an FMRI and the entity that the argument specifies becomes the current selection.
The parent of the current selection becomes the current selection.

name type [flags]
Adds a property group with the given name and type to the current selection. flags is a string of characters which designates the flags with which to create the property group. ‘P’ represents SCF_PG_FLAG_NONPERSISTENT (see scf_service_add_pg(3SCF)). See smf_security(7) for the privileges required to create property groups.
pg/name [type:] value
Adds the given value to a property. If type is given and the property exists, then if type does not agree with the property's type, the subcommand fails. The values may be enclosed in double-quotes. String values containing double-quotes or backslashes must be enclosed by double-quotes and the contained double-quotes and backslashes must be quoted by backslashes. Nonexistent properties are created, in which case the type specifier must be present. See scf_value_create(3SCF) for a list of available property types. See smf_security(7) for the privileges required to modify properties. The new value will be appended to the end of the list of property values associated with the property.
name
Deletes the property group name of the current selection. See smf_security(7) for the privileges required to delete property groups.
pg[/name]
Deletes the named property group or property of the current selection. See smf_security(7) for the privileges required to delete properties.
pg/name globpattern
Deletes all values matching the given glob pattern in the named property. Succeeds even if no values match. See smf_security(7) for the privileges required to modify properties.
[-v] [-t] [propertygroup/property]
Describes either the current or the possible settings.

When invoked without arguments, describe gives basic descriptions (if available) of the currently selected entity and all of its currently set property groups and properties. A property group or specific property can be queried by specifying either the property group name, or the property group name and property name, separated by a slash (‘/’), as an argument.

The -v option gives all information available, including descriptions for current settings, constraints, and other possible setting choices.

The -t option shows only the template data for the selection (see smf_template(7)), and does not display the current settings for property groups and properties.

Commented commands to reproduce the property groups and properties of the current selection are placed in a temporary file and the program named by the EDITOR environment variable is invoked to edit it. Upon completion, the commands in the temporary file are executed. The default editor is vi(1). See smf_security(7) for the privileges required to create, modify, or delete properties.
[pattern]
Displays the names, types, and flags of property groups of the current selection. If an argument is given, it is taken as a glob pattern and only property groups with names which match the argument are listed.

In interactive mode, a basic description of the property groups is also given.

[pattern]
Lists property groups and properties of the current selection. For property groups, names, types, and flags are listed. For properties, names (prepended by the property group name and a slash ‘/’), types, and values are listed. See scf_value_create(3SCF) for a list of available property types. If an argument is supplied it is taken as a glob pattern and only property groups and properties with names which match the argument are listed.
[-i | -s] [-m method_name] envvar value
Sets a method environment variable for a service or instance by changing the "environment" property in the method_name property group, if that property group has type “method”. If method_name is not specified and the -i option is used, the “method_context” property group is used, if an instance is currently selected. If the -s option is used and a service is currently selected, its “method_context” property group is used. If the -s option is used and an instance is currently selected, the “method_context” property group of its parent is used. If neither the -i option nor the -s option is used, the “start” property group is searched for in the currently selected entity and, if an instance is currently selected, its parent is also searched. If the “inetd_start” property group is not located, it is searched for in a similar manner.

Once the property is located, all values which begin with envvar followed by a “=” are removed, and the value “envvar=value” is added. See smf_security(7) for the privileges required to modify properties.

pg/name = [type:] value
 
pg/name = [type:] (values ... )
Sets the name property of the pg property group of the current selection to the given values of type type. See scf_value_create(3SCF) for a list of available property types. If the property already exists and the type disagrees with the existing type on the property, the subcommand fails. Values may be enclosed in double-quotes. String values which contain double-quotes or backslashes must be enclosed by double-quotes and the contained double-quotes and backslashes must be quoted by backslashes. If the named property does not exist, it is created, as long as the type is specified. See smf_security(7) for the privileges required to create or modify properties. Multiple values will be stored in the order in which they are specified.
[-i | -s] [-m method_name] envvar value
Removes a method environment variable for a service or instance by changing the “environment” property in the method_name property group, if that property group has type “method”. If method_name is not specified and the -i option is used, the “method_context” property group is used, if an instance is currently selected. If the -s option is used and a service is currently selected, its “method_context” property group is used. If the -s option is used and an instance is currently selected, the “method_context” property group of its parent is used. If neither the -i option nor the -s option is used, the “start” property group is searched for in the currently selected entity and, if an instance is currently selected, its parent is also searched. If the “inetd_start” property group is not located, it is searched for in a similar manner.

Once the property is located, all values which begin with envvar followed by “=” are removed. See smf_security(7) for the privileges required to modify properties.

Displays snapshots available for the currently selected instance.
[snapshot]
Reverts the properties of the currently selected instance and its service to those recorded in the named snapshot. If no argument is given, use the currently selected snapshot and deselect it on success. The changed property values can be made active via the refresh subcommand of svcadm(8). See smf_security(7) for the privileges required to change properties.
[name]
Changes the current snapshot to the one named by name. If no name is specified, deselect the currently selected snapshot. Snapshots are read-only.

Commit the values from the current configuration to the running snapshot, making them available for use by the currently selected instance. If the repository subcommand has not been used to select a repository, direct the instance's restarter to reread the updated configuration.

The command to run when the editprop subcommand is used. The default editor is vi(1).

The following exit values are returned:

Successful execution.
One or more subcommands resulted in failure. Error messages are written to the standard error stream.
Invalid command line options were specified.

Example 1 Importing a Service Description

The following example imports a service description for the service in the XML manifest specified on the command line.

# svccfg import /var/svc/manifest/site/seismic.xml

Note that the manifest must follow the format specified in service_bundle(5).

Example 2 Exporting a Service Description

To export a service description on the local system:

# svccfg export dumpadm >/tmp/dump.xml

Example 3 Deleting a Service Instance

To delete a service instance:

# svccfg delete network/inetd-upgrade:default

Example 4 - Checking Properties in an Alternate Repository

To examine the state of a service's properties after loading an alternate repository, use the sequence of commands shown below. One might use such commands, for example, to determine whether a service was enabled in a particular repository backup.

# svccfg
svc:> repository /etc/svc/repository-boot
svc:> select telnet:default
svc:/network/telnet:default> listprop general/enabled
general/enabled  boolean false
svc:/network/telnet:default> exit

Example 5 Enabling Debugging

To modify LD_PRELOAD for a start method and enable the use of libumem(3LIB) with debugging features active:

$ svccfg -s system/service setenv LD_PRELOAD libumem.so
$ svccfg -s system/service setenv UMEM_DEBUG default

Example 6 Using the describe Subcommand

The following command illustrates the use of the describe subcommand.

# svccfg -s console-login describe ttymon
ttymon                  application
ttymon/device           astring  /dev/console
   terminal device to be used for the console login prompt
ttymon/label            astring
   console appropriate entry from /etc/ttydefs
...

The interactive output of svccfg is and may change at any time.

The command line interface and non-interactive output of svccfg is .

svcprop(1), svcs(1), libscf(3LIB), libumem(3LIB), scf_service_add_pg(3SCF), scf_value_create(3SCF), contract(5), service_bundle(5), attributes(7), fnmatch(7), smf(7), smf_method(7), smf_security(7), smf_template(7), zones(7), svc.configd(8), svcadm(8)

June 1, 2023 OmniOS