Specifying Configuration in a System Configuration Profile

You can specify configuration of any system characteristic that is configurable by using smf(5) properties. For example, the system configuration profile can configure a root account, an initial user, keyboard layout, terminal type, an IPv4 network interface (static or DHCP) and default route, an IPv6 network interface (static or addrconf) and default route, and name service (name server list, search list, domain). If you specify a service or property that does not apply, that specification is ignored. Do not specify any particular property more than one time.

If you are not sure which SMF properties you need to specify, you can use the describe subcommand of the svccfg command to display a description of the property groups and properties of a service, including possible settings. See “Property Inspection and Modification Subcommands” on the svccfg(1M) man page.

svccfg -s FMRI describe [-v] [-t] [propertygroup/property]

A property group or specific property can be queried by specifying either the property group name, or the property group name and property name separated by a slash (/), as an argument.

The -v option gives all information available, including descriptions for current settings, constraints, and other possible setting choices.

The -t option shows only the template data for the selection (see the smf_template(5) man page), and does not display the current settings for property groups and properties.

$ svccfg -s name-service/switch describe config
config application
Name service switch configuration data as described in nsswitch.conf(4).
config/value_authorization astring solaris.smf.value.name-service.switch
config/default astring files
Default configuration database entry.
config/host astring "files dns mdns"
Override configuration for host database lookups. (both IPv4 and IPv6 hosts)
config/printer astring "user files"
Override configuration for printer database lookups.
$ svccfg -s name-service/switch describe -v config
config application
name: config
type: application
required: true
target: this
description: Name service switch configuration data as described in nsswitch.conf(4).
config/value_authorization astring solaris.smf.value.name-service.switch
config/default astring files
type: astring
required: true
Default configuration database entry.
visibility: readwrite
minimum number of values: 1
maximum number of values: 1
value: files
...
$ svccfg -s name-service/switch describe -t config
name: config
type: application
Name service switch configuration data as described in nsswitch.conf(4).
name: default
type: astring
Default configuration database entry.
name: host
type: astring
Override configuration for host database lookups. (both IPv4 and IPv6 hosts)
name: password
type: astring
Override configuration for passwd database lookups. Also used with the shadow and user_attr databases.
name: group
type: astring
Override configuration for group database lookups.
name: network
type: astring
Override configuration for network database lookups.
...
$ svccfg -s system/config-user describe root_account
root_account application
root_account/expire astring
root_account/password astring
root_account/read_authorization astring solaris.smf.read.system-config
root_account/stability astring Evolving
root_account/type astring

Configuring Root and User Accounts

Enter the following sysconfig create-profile command with the users grouping to generate a valid profile that configures the root user and initial user.

# sysconfig create-profile -g users -o sc_users.xml

The svc:/system/config-user SMF service configures user and root accounts. This service recognizes two property groups:

The root_account property group includes SMF properties that configure the root account.
The user_account property group includes SMF properties that configure user accounts.

Tip - One method of generating encrypted passwords for the Oracle Solaris OS is to create a user of the intended name and password, copy the password from the /etc/shadow file between the first and second colons of the user's record, and add that information into the password values in the manifest.

Configuring the Root Account

The root_account property group contains the properties listed in the following table.

Table 11-1 root_account Property Group Properties

Property	Type	Required	Description
`password`	`astring`	required	Encrypted root password. If you do not provide a root password, the root password is empty.
`type`	`astring`	optional	Account type: `normal` or `role`. The default is `normal`.
`expire`	`string`	optional	Expiration date for login. If set to 0 (zero), the user will be forced to change the root password at the next login.

Example 11-1 Configuring the Root Account Only With Password Expired

<service name="system/config-user" version="1" type="service">
    <instance name="default" enabled="true">
        <property_group name="root_account" type="application">
            <propval name="password" value="encrypted_password"/>
            <propval name="type" value="normal"/>
            <propval name="expire" value="0"/>
        </property_group>
    </instance>
</service>

Configuring a User Account

This section includes the following information:

Creating a User Account Without Depending on the Automounter
User Account Properties
Configuring Multiple Initial Users

Creating a User Account Without Depending on the Automounter

By default, when initial user accounts are created, the home directories are managed by the automounter and accessed under /home/login directories. To create initial user accounts without depending on the automounter, set the user_account/autohome property to the empty string ("") in the configuration profile.

Setting the user_account/autohome property to the empty string has the following effects:

The home directory entry in the /etc/passwd file is set to the mount point of the home ZFS dataset, not to /home/login. The default mount point of the home ZFS dataset is /export/home/login.
No mapping entry is added to the /etc/auto_home file.

User Account Properties

The user_account property group contains the properties listed in the following table.

Table 11-2 user_account Property Group Properties

Property	Type	Required	Description
`login`	`astring`	`required`	User's login.
`password`	`astring`	`required`	Encrypted user password.
`description`	`astring`	`optional`	Usually the user's full name.
`shell`	`astring`	`optional`	Full path name of the program used as the user's shell on login.
`uid`	`count`	`optional`	UID of the new user. The default UID is 101.
`gid`	`count`	`optional`	User's primary group membership. The default GID is 10.
`type`	`astring`	`optional`	Account type: `normal` or `role`. The default is `normal`.
`profiles`	`astring`	`optional`	One or more comma-separated execution profiles defined in `the prof_attr`(4) man page.
`roles`	`astring`	`optional`	One or more comma-separated roles defined in `the user_attr`(4) man page.
`sudoers`	`astring`	`optional`	Entry added to the `sudoers` file along with the `login`.
`expire`	`astring`	`optional`	Expiration date for the login. If set to 0 (zero), the user will be forced to change the password at the next login.
`home_zfs_dataset`	`astring`	`optional`	User's home directory ZFS dataset. The default is `root_pool/export/home/login`.
`home_mountpoint`	`astring`	`optional`	User's home directory mount point. The default is `/export/home/login`.
`autohome`	`astring`	`optional`	User's auto home directory mount point. The value is entered in the `/etc/auto_home` file for the configured user. The default value is `localhost:/export/home/login`. If the `autohome` property is set to the empty string (`""`), the user account is created without depending on the automounter.

Configuring Multiple Initial Users

To configure multiple users on the newly-installed system, specify the users by using the useradd(1M) command in a script. Then use a run-once SMF service to run the script at first boot. See Chapter 13, Running a Custom Script During First Boot for instructions.

Setting the System Identity

Use the sysconfig create-profile command with the identity grouping to generate a valid profile that configures the system node name.

# sysconfig create-profile -g identity -o sc_identity.xml

The svc:/system/identity:node SMF service sets the system host name. The node is the instance of svc:/system/identity.

The identity property group contains the properties listed in the following table.

Table 11-3 config Property Group Properties

Property	Type	Required	Description
`nodename`	`astring`	optional	System host name. The default is `solaris`.
`enable_mapping`	`boolean`	optional	Value used to disable node name mapping. The default is `true`.
`loopback`	`astring`	optional	Host name mapped to loopback. The default is `solaris`.

Example 11-2 Configuring the Host Name

This example sets the system host name to solaris.

<service name="system/identity" version="1" type="service">
    <instance name="node" enabled="true">
        <property_group name="config" type="application">
            <propval name="nodename" value="solaris"/>
        </property_group>
    </instance>
</service>

Example 11-3 Disabling Node Name Mapping

When you install the Oracle Solaris 11 OS or an Oracle Solaris 11 update release, by default the system node name is mapped to the loopback or to the IP address of the interface configured as part of installation. You can disable this default mapping by setting the enable_mapping property to false, as shown in the following example.

<service name="system/identity" version="1" type="service">
    <instance name="node" enabled="true">
        <property_group name="config" type="application">
            <propval name="nodename" value="solaris"/>
            <propval name="enable_mapping" value="false"/>
        </property_group>
    </instance>
</service>

Setting the Time Zone and Locale

Use the sysconfig create-profile command with the location grouping to generate a valid profile that configures the time zone and locale.

# sysconfig create-profile -g location -o sc_location.xml

The svc:/system/timezone SMF service sets the time zone for the system.

The timezone property group contains the properties listed in the following table.

Table 11-4 timezone Property Group Properties

Property	Type	Required	Description
`localtime`	`astring`	optional	System time zone. The default is `UTC`.

Example 11-4 Configuring the Time Zone

This example sets the time zone to Central European Time/Prague, CZ.

<service name='system/timezone' version='1'>
  <instance name='default' enabled='true'>
    <property_group name='timezone'>
      <propval name='localtime' value='Europe/Prague'/>
    </property_group>
  </instance>
</service>

The svc:/system/environment:init SMF service sets the locale for the system.

The environment property group can define the following environment variables. See the environ(5) man page for information about environment variables.

Table 11-5 environment Property Group Properties

Environment Variable	Type	Required	Default Value
`LC_CTYPE`	`astring`	optional	`C`
`LC_NUMERIC`	`astring`	optional	`C`
`LC_TIME`	`astring`	optional	`C`
`LC_COLLATE`	`astring`	optional	`C`
`LC_MONETARY`	`astring`	optional	`C`
`LC_MESSAGES`	`astring`	optional	`C`
`LC_ALL`	`astring`	optional	`C`
`LANG`	`astring`	optional	`C`

Example 11-5 Configuring the Locale

This example sets the locale to Czech language (cs) and Czech Republic (CZ).

<service name='system/environment' version='1'>
  <instance name='init' enabled='true'>
    <property_group name='environment'>
      <propval name='LC_ALL' value='cs_CZ.UTF-8'/>
    </property_group>
  </instance>
</service>

Setting the Terminal Type and Keyboard Layout

Example 11-6 Configuring Terminal Type

The svc:/system/console-login SMF service configures the terminal type. See the ttymon(1M) man page for definition of related SMF properties.

This example sets the terminal type to vt100.

<service name="system/console-login" version="1" type="service">
    <instance name="default" enabled="true">
        <property_group name="ttymon" type="application">
            <propval name="terminal_type" value="vt100"/>
        </property_group>
    </instance>
</service>

Example 11-7 Configuring Keyboard Layout

Use the sysconfig create-profile command with the kbd_layout grouping to generate a valid profile that configures the keyboard layout.

# sysconfig create-profile -g kbd_layout -o sc_kdb.xml

The svc:/system/keymap SMF service configures the keyboard layout. See the kbd(1) man page for definition of related SMF properties.

This example sets the keyboard layout to Czech.

<service name='system/keymap' version='1' type='service'>
    <instance name='default' enabled='true'>
        <property_group name='keymap' type='system'>
            <propval name='layout' value='Czech'/>
        </property_group>
    </instance>
</service>

Configuring a Static Network

Use the sysconfig create-profile command with the network grouping to generate a valid profile that configures the network.

# sysconfig create-profile -g network -o sc_network.xml

The svc:/network/install SMF service configures an initial physical network interface. This service is initially disabled with property values that do not result in any system configuration.

Note - If the installation target is an iSCSI device, do not configure that network interface in any system configuration profile for that installation. For iSCSI boot, the network interface for the iSCSI device is configured early in the client boot process. If you configure that same interface again, the network/install service for the interface goes into maintenance state.

To configure multiple network interfaces, specify the configuration in a script, and use a run-once SMF service to run the script at first boot. See Chapter 13, Running a Custom Script During First Boot for instructions and a sample script.

The svc:/network/install service supports configuring one IPv4 interface and one IPv6 interface and, optionally, a default route reachable by these interfaces. The service defines two property groups: one property group for an IPv4 interface and one for an IPv6 interface. The service uses its properties and ipadm(1M) to configure the network interfaces. Similarly, the service uses its properties and route(1M) to define a default route.

See the examples in Specifying Static Network Configuration.

The install_ipv4_interface property group contains the properties listed in the following table.

Table 11-6 install_ipv4_interface Property Group Properties

Property	Type	Required	Description
`name`	`astring`	`required`	Name of the network interface.
`address_type`	`astring`	`required`	Value used to construct the `-T` option for the `ipadm`(1M) `create-addr` subcommand. Valid values are `static` or `dhcp`.
`static_address`	`net_address_v4`	`optional`	Only required with an `address_type` of `static`. Used to construct the local address for the `ipadm`(1M) `create-addr` subcommand.
`dhcp_wait`	`astring`	`optional`	Only applies with an `address_type` of `dhcp`. If defined, this property is used to construct the `-w` `seconds` (or `forever`) portion of the `ipadm`(1M) `create-addr` subcommand.
`default_route`	`net_address_v4`	`optional`	Used to define a default route using `route`(1M). # /usr/sbin/route \ -p add default `default-route` \ -ifp `ifname` The value of `ifname` is the interface name portion of the `name` property.

The install_ipv6_interface property group contains the properties listed in the following table.

Table 11-7 install_ipv6_interface Property Group Properties

Property	Type	Required	Description
`name`	`astring`	`required`	Name of the network interface.
`address_type`	`astring`	`required`	Value used to construct the `-T` option for the `ipadm`(1M) `create-addr` subcommand. Valid values are `static` or `addrconf`.
`static_address`	`net_address_v6`	`optional`	Only required with an `address_type` of `static`. Used to construct the local address for the `ipadm`(1M) `create-addr` subcommand.
`interface_id`	`net_address_v6`	`optional`	Only applies with an `address_type` of `addrconf`. Used to construct the `-i` `interface_id` portion of the `ipadm`(1M) `create-addr` subcommand.
`stateless`	`astring`	`optional`	Only applies with an `address_type` of `addrconf`. Used to construct the `-p` `stateless=yes\|no` portion of the `ipadm`(1M) `create-addr` subcommand.
`stateful`	`astring`	`optional`	Only applies with an `address_type` of `addrconf`. Used to construct the `-p` `stateful=yes\|no` portion of the `ipadm`(1M) `create-addr` subcommand.
`default_route`	`net_address_v6`	`optional`	Used to define a default route using `route`(1M). # /usr/sbin/route \ -p add default `default-route` \ -ifp `ifname` The value of `ifname` is the interface name portion of the `name` property.

The svc:/network/dns/client service supports the configuration of a DNS client. The service defines one property group: config. The service uses its properties to construct a DNS resolv.conf(4) file.

The config property group contains the properties listed in the following table.

Table 11-8 config Property Group Properties

Property	Type	Required	Description
`domain`	`astring`	`optional`	Local domain name. Used to construct the `domain` directive in `resolv.conf`(4).
`nameserver`	`net_address_list`	`required`	List of IPv4 and IPv6 addresses. Used to construct the `nameserver` directives in `resolv.conf`(4).
`search`	`astring_list`	`optional`	List of domain values for the search list for host name lookup. Used to construct the `search` directive in `resolv.conf`(4).

Configuring Name Service

Use the sysconfig create-profile command with the naming_services grouping to generate a valid profile that configures DNS, NIS, and LDAP clients and name service switch.

# sysconfig create-profile -g naming_services -o sc_ns.xml

The svc:/network/dns/client SMF service configures an initial DNS client configuration. This service is initially disabled with property values that do not result in any system configuration. See the examples in Specifying Name Service Configuration.

Setting Up Oracle Configuration Manager and Oracle Auto Service Request

Oracle Configuration Manager enables you to log your system configurations with My Oracle Support, and Oracle Auto Service Request can automatically generate service requests for specific hardware faults.

Use the sysconfig create-profile command with the support grouping to generate a valid profile that configures Oracle Configuration Manager and Oracle Auto Service Request.

# sysconfig create-profile -g support -o sc_support.xml

The output profile sets up the first phase of registration, which is the same for all clients that match the following criteria:

The systems use the same My Oracle Support credentials to register. All client systems that use this profile register with My Oracle Support in the same way. The data from all of these clients will be associated with the same My Oracle Support account.
The systems access My Oracle Support through the same network configuration. All client systems that use this profile access My Oracle Support through the same proxy servers and aggregation hubs, for example.

If you need to create additional profiles for different groups of AI client systems, you should rerun the sysconfig create-profile command, rather than copy and edit an existing profile. If your proxy server has a user name and password, then you must rerun sysconfig create-profile since the passwords are encrypted.

Skip Navigation Links
Exit Print View
	Installing Oracle Solaris 11.1 Systems Oracle Solaris 11.1 Information Library