Liane Praza's Weblog

Lots of large (and some not so large) organizations have run-books for systems operation that must span multiple OS versions. smf(5) can throw a spanner in the works, as the following procedure to stop, then restart a service no longer works in Solaris 10 (I'll use sendmail as an example):

1. pkill sendmail

2. Do whatever work was required

3. /etc/init.d/sendmail start

If a user was running a program called "sendmail-monitor" or some such, their program would be killed off. That's not so good. This also doesn't work as expected on Solaris 10 because the pkill sendmail step only causes smf(5) to restart sendmail. And, if you're running the command in the global zone on a system that has some local zones installed, it'll kill sendmail in all of the local zones! A better run-book procedure would be:

1. /etc/init.d/sendmail stop

2. Do whatever work was required

3. /etc/init.d/sendmail start

This has the benefit of working on all versions of Solaris, including Solaris 10. In Solaris 10, we've retained commonly-used init.d scripts like sendmail, nfs.server, and nscd. However, they've been re-implemented to use the appropriate smf(5) commands under the covers. Thus, /etc/init.d/nscd on a Solaris 10 system looks like:

#!/sbin/sh
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident  "@(#)nscd       1.1     04/12/20 SMI"

# This service is managed by smf(5).  Thus, this script provides
# compatibility with previously documented init.d script behaviour.

FMRI=system/name-service-cache:default

case "$1" in
'start')
        [ -f /etc/nscd.conf ] && [ -f /usr/sbin/nscd ] || exit 0
        /usr/sbin/svcadm enable -t $FMRI
        ;;

'stop')
        [ -f /usr/sbin/nscd ] && /usr/sbin/svcadm disable -t $FMRI
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac

We use the -t flag to svcadm to indicate that this change is temporary; that is, disable the service until either the operating system restarts, or the administrator enables the service again. Solaris itself never uses these scripts, but they're really helpful to maintain compatibility for administrators' well-trained finger macros. If we've missed important ones, let me know!

If you're converting your home-grown applications to be managed by smf(5), you can use the template above to create a similar init.d script for your application. It isn't required, but if admins are accustomed to uttering /etc/init.d/foo [start|stop], doing this will slightly reduce the amount of swearing when trying to reconfigure the application at 4AM.

I'll talk more about the details of smf(5) profiles later, but I've been motivated by an email question to post a profile use-case before I get around to the entire description. You can read about profiles in smf(5) and the somewhat inscrutable smf_bootstrap(5).

Profiles are really just a way to configure a bunch of services as enabled or disabled. They're generally located in /var/svc/profile (but that's not a requirement). You can use svccfg apply to apply a profile to a running system. See Stephen's post for a specific example.

Profiles are particularly useful if you want to enable or disable a bunch of services during jumpstart. All you need to do is create a site.xml file that reflects the services you want enabled and disabled, and drop it into /a/var/svc/profile/site.xml during your finish script. It will be imported automatically on the first reboot. For example, if I wanted to disable sendmail, I'd create a site.xml that looks like this:

<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
<service_bundle type='profile' name='default'>
     <service name='network/smtp' version='1' type='service'>
          <instance name='sendmail' enabled='false'/>
     </service>
</service_bundle>

You can easily add more services to this example by just replicating the three "service" lines, and changing them to reflect the specific service name and instance name you want to enable/disable.