man/man8/svccfg.8

.\" The contents of this file are subject to the terms of the Common
.\" Development and Distribution License (the "License"). You may not use
.\" this file except in compliance with the License. You can obtain a copy
.\" of the license at usr/src/OPENSOLARIS.LICENSE or
.\" http://www.opensolaris.org/os/licensing.
.\"
.\" See the License for the specific language governing permissions and
.\" limitations under the License. When distributing Covered Code, include
.\" this CDDL HEADER in each file and include the License file at
.\" usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below
.\" this CDDL HEADER, with the
.\"
.\" fields enclosed by brackets "[]" replaced with your own identifying
.\" information: Portions Copyright [yyyy] [name of copyright owner]
.\"
.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
.\" Copyright 2012, Joyent, Inc. All Rights Reserved
.\" Copyright 2023 Oxide Computer Company
.\"
.Dd June 1, 2023
.Dt SVCCFG 8
.Os
.Sh NAME
.Nm svccfg
.Nd import, export, and modify service configurations
.Sh SYNOPSIS
.Nm
.Op Fl v
.Op Fl z Ar zone
.Op Fl s Ar FMRI
.Nm
.Op Fl v
.Op Fl z Ar zone
.Op Fl s Ar FMRI
.Ar subcommand Op Ar args Ns \&...
.Nm
.Op Fl v
.Op Fl z Ar zone
.Op Fl s Ar FMRI
.Fl f Ar command-file
.Sh DESCRIPTION
The
.Nm
command manipulates data in the service configuration repository.
.Nm
can be invoked interactively, with an individual subcommand, or by specifying a
command file that contains a series of subcommands.
.Pp
Changes made to an existing service in the repository typically do not take
effect for that service until the next time the service instance is refreshed.
See the
.Sy refresh
subcommand on the
.Xr svcadm 8
man page for more details.
.Sh OPTIONS
The following options are supported:
.Bl -tag -width Ar
.It Fl f Ar file
Reads and executes
.Nm
subcommands from
.Ar file .
.It Fl s Ar FMRI
Selects the entity indicated by
.Ar FMRI
.Pq a fault management resource identifier
before executing any subcommands.
See
.Xr smf 7 .
.It Fl v
Produce more verbose output.
.It Fl z Ar zone
Manage services in the specified zone.
This option is only applicable from the global zone, see
.Xr zones 7 .
.El
.Sh SUBCOMMANDS
Subcommands are divided into the categories specified in the subsections that
follow.
.Pp
All subcommands that accept
.Ar FMRI Ns No s
also accept abbreviated or globbed patterns.
Instances and services can be abbreviated by specifying the instance name, or
the trailing portion of the service name.
For example, given the
.Ar FMRI :
.Pp
.D1 svc:/network/smtp:sendmail
.Pp
All the following are valid abbreviations:
.Pp
.D1 sendmail :sendmail smtp smtp:sendmail network/smtp
.Pp
While the following are invalid:
.Pp
.D1 mail network network/smt
.Pp
Abbreviated forms of
.Ar FMRI Ns No s
are unstable, and should not be used in scripts or other permanent tools.
If a pattern matches more than one instance or service, an error message is
printed and no action is taken.
.Ss General Subcommands
.Bl -tag -width Ar
.It Ic end , exit , quit
Exits immediately.
.It Ic repository Ar repfile
Uses
.Ar repfile
as a repository.
By default,
.Nm
uses the system repository.
.Pp
Use repository only with files from the identical version of illumos, including
updates, that you are currently running.
Do not use this subcommand with the system repository,
.Pa /etc/svc/repository.db .
.It Ic set Oo Fl v | V Oc
Sets optional behavior.
If no options are specified, set displays the options currently in effect.
.Bl -tag -width Ds
.It Fl v
Turns on verbose mode.
.It Fl V
Turns off verbose mode.
.El
.El
.Ss Service Profile Subcommands
.Bl -tag -width Ar
.It Ic apply Oo Fl n Oc Ar file
If
.Ar file
is a service profile, properties, including general/enabled, that are specified
in the file are modified in the SMF repository.
Not-yet-existent properties and property groups will be created.
The type of the pre-existing property groups will not be changed by the profile.
Existing properties
.Pq as distinguished from property groups
.Em can
have their type changed by the profile.
Nonexistent services and instances are ignored.
Services and instances modified by the profile will be refreshed.
If
.Fl n
is specified, the profile is processed and no changes are applied to the SMF
repository.
Any syntax error found will be reported on
.Dv stderr
and an exit code of
.Sy 1
will be returned.
See
.Xr smf 7
for a description of service profiles.
This command requires privileges to modify properties in the service and
instance.
See
.Xr smf_security 7
for the privileges required to modify properties.
If
.Ar file
is not a service profile, the subcommand fails.
.It Ic extract Op > Ar file
Prints a service profile which represents the enabled status of the service
instances in the repository to standard output.
The output may be redirected to a file.
.El
.Ss Service Manifest Subcommands
.Bl -tag -width Ar
.It Ic archive Op Fl a
Dumps a full XML service description for all services, instances, and their
persistent properties in the repository.
This does not include transient properties such as service state, and is
suitable for a relocatable repository backup.
.Pp
Without the
.Fl a
option, property groups containing protected information
.Po
identified by the presence of the
.Sy read_authorization
property \(em see
.Xr smf_security 7
.Pc
will be archived without their property values.
When the
.Fl a
option is specified, all values will be archived.
An error results if there are insufficient privileges to read these values.
.It Ic export Oo Fl a Oc Ar service_FMRI Op > Ar file
The service description for the specified service and its instances is written
to standard output or redirected to the given file.
Dependencies with a boolean
.Dq external
property set to true are omitted in the belief that they were created on behalf
of another service.
.Pp
Without the
.Fl a
option, property groups containing protected information
.Po
identified by the presence of the
.Sy read_authorization
property \(em see
.Xr smf_security 7
.Pc
will be exported without their property values.
When the
.Fl a
option is specified, all values will be archived.
An error results if there are insufficient privileges to read these values.
.Pp
Note that
.Ic export
requires a service FMRI.
To ease the use of arguments cut and pasted from other command output, if you
specify a complete instance FMRI, the entire corresponding service including
all instances is exported and a warning is issued.
If you specify an abbreviation, such as
.Sq apache2
or
.Sq sendmail ,
that specifies an instance, the command fails.
.It Ic import Oo Fl V Oc Ar file
If
.Ar file
is a service manifest, then the services and instances it specifies are
imported into the repository.
According to the file, dependencies may be created in other services.
See
.Xr smf 7
for a description of service manifests.
See
.Xr smf_security 7
for the privileges required to create and modify service configurations.
.Pp
Services and instances in the manifest will be validated against template data
in the manifest and the repository, and warnings will be issued for all
template violations.
See
.Xr smf_template 7
for a description of templates.
If the
.Fl V
option is specified, manifests that violate the defined templates will fail to
import.
In interactive invocations of
.Nm ,
.Fl V
is the default behavior.
.Pp
For existing services and instances, properties which have not changed since
the last import snapshot was taken are upgraded to those specified by the
manifest.
Conflicts
.Pq properties which have been changed both in the repository and the manifest
are reported on the standard error stream.
.Nm
will never upgrade the
.Dq general/enabled
and
.Dq general/restarter
properties,
since they represent administrator preference.
.It Ic inventory Ar file
If
.Ar file
is determined to be a service manifest, then the FMRIs of the services and
instances the
.Ar file
describes are printed.
For each service, the FMRIs of its instances are displayed before the FMRI
of the service.
.It Ic restore
Restores the contents of the repository from a full XML service description
previously created by the
.Ic archive
subcommand.
If the archive was generated without the use of the
.Fl a
option, the contents of the repository following completion of the restore will
not include the values of any read-protected properties
.Pq see Xr smf_security 7 .
If these are required, they must be restored manually.
.Pp
Restoring an archive which is inconsistent with currently installed software
.Pq including patch revisions
might yield unpredictable results.
Therefore, prior to restoring an archive, all system and application software,
including any service manifests, should be restored to the same state it was in
at the time the archive was made.
.It Ic validate Op Ar file | fmri
The
.Ic validate
subcommand can operate on a manifest file, an instance FMRI, or the current
instance or snapshot entity selection.
When an argument is specified,
.Nm
will check to see whether the specified file exists.
If the file exists, it will be validated.
If a file of the specified name does not exist, the argument is treated as an
FMRI pattern.
If a conflict arises between a filename and an FMRI, use the svc: and file:
prefixes to tell
.Nm
how to interpret the argument.
.Pp
When you specify a file, the file is processed in a manner similar to
.Ic import
.Fl V ,
but no changes are made to the repository.
If any errors are detected,
.Nm
displays the errors and exits with a nonzero exit status.
.Pp
For an instance
.Ar fmri ,
instance entity selection, or snapshot entity selection, the specified instance
in its composed form
.Po
see
.Dq Properties and Property Groups
in
.Xr smf 7
.Pc
will be validated against template data in the repository.
Instance FMRIs and instance entity selections use the
.Dq running
snapshot for validation.
Warnings will be issued for all template violations.
See
.Xr smf_template 7
for a description of templates.
.El
.Ss Entity Selection, Modification, and Navigation Subcommands
An
.Dq entity
refers to a scope, service, or service instance.
.Bl -tag -width Ar
.It Ic add Ar name
A new entity with the given name is created as a child of the current selection.
See
.Xr smf_security 7
for the privileges required to create entities.
.It Ic delete Oo Fl f Oc Brq Ar name | fmri
The named child of the current selection or the entity specified by
.Ar fmri
is deleted.
Attempts to delete service instances in the
.Dq online
or
.Dq degraded
state will fail unless the
.Fl f
flag is specified.
If a service or service instance has a
.Dq dependents
property group of type
Dq framework ,
then for each of its properties with type
.Dq astring
or
.Dq fmri ,
if the property has a single value which names a service or service instance
then the dependency property group in the indicated service or service instance
with the same name as the property will be deleted.
See
.Xr smf_security 7
for the privileges required to delete service configurations.
.It Ic list Op Ar pattern
The child entities of the current selection whose names match the glob pattern
.Ar pattern
are displayed
.Pq see Xr fnmatch 7 .
.Dq :properties
is also listed for property-bearing entities, namely services and service
instances.
.It Ic select Brq Ar name | fmri
If the argument names a child of the current selection, it becomes the current
selection.
Otherwise, the argument is interpreted as an FMRI and the entity that the
argument specifies becomes the current selection.
.It Ic unselect
The parent of the current selection becomes the current selection.
.El
.Ss Property Inspection and Modification Subcommands
.Bl -tag -width Ar
.It Ic addpg Ar name Ar type Op Ar flags
Adds a property group with the given
.Ar name
and type to the current selection.
.Ar flags
is a string of characters which designates the flags with which to create the
property group.
.Sq P
represents
.Dv SCF_PG_FLAG_NONPERSISTENT
.Pq see Xr scf_service_add_pg 3SCF .
See
.Xr smf_security 7
for the privileges required to create property groups.
.It Ic addpropvalue Ar pg/name Oo Ar type Ns No \&: Oc Ar value
Adds the given value to a property.
If
.Ar type
is given and the property exists, then if
.Ar type
does not agree with the property's
.Ar type ,
the subcommand fails.
The values may be enclosed in double-quotes.
String values containing double-quotes or backslashes must be enclosed by
double-quotes and the contained double-quotes and backslashes must be quoted by
backslashes.
Nonexistent properties are created, in which case the
.Ar type
specifier must be present.
See
.Xr scf_value_create 3SCF
for a list of available property types.
See
.Xr smf_security 7
for the privileges required to modify properties.
The new value will be appended to the end of the list of property values
associated with the property.
.It Ic delpg Ar name
Deletes the property group
.Ar name
of the current selection.
See
.Xr smf_security 7
for the privileges required to delete property groups.
.It Ic delprop Ar pg Ns Op / Ns Ar name
Deletes the named property group or property of the current selection.
See
.Xr smf_security 7
for the privileges required to delete properties.
.It Ic delpropvalue Ar pg/name Ar globpattern
Deletes all values matching the given
.Ar glob
pattern in the named property.
Succeeds even if no values match.
See
.Xr smf_security 7
for the privileges required to modify properties.
.It Xo
.Ic describe
.Op Fl v
.Op Fl t
.Op Ar propertygroup Ns No / Ns Ar property
.Xc
Describes either the current or the possible settings.
.Pp
When invoked without arguments,
.Ic describe
gives basic descriptions
.Pq if available
of the currently selected entity and all of its currently set property groups
and properties.
A property group or specific property can be queried by specifying either the
property group name, or the property group name and property name, separated by
a slash
.Pq Sq / ,
as an argument.
.Pp
The
.Fl v
option gives all information available, including descriptions for current
settings, constraints, and other possible setting choices.
.Pp
The
.Fl t
option shows only the template data for the selection
.Pq see Xr smf_template 7 ,
and does not display the current settings for property groups and properties.
.It Ic editprop
Commented commands to reproduce the property groups and properties of the
current selection are placed in a temporary file and the program named by the
.Ev EDITOR
environment variable is invoked to edit it.
Upon completion, the commands in the temporary file are executed.
The default editor is
.Xr vi 1 .
See
.Xr smf_security 7
for the privileges required to create, modify, or delete properties.
.It Ic listpg Op Ar pattern
Displays the names, types, and flags of property groups of the current
selection.
If an argument is given, it is taken as a glob pattern and only property groups
with names which match the argument are listed.
.Pp
In interactive mode, a basic description of the property groups is also given.
.It Ic listprop Op Ar pattern
Lists property groups and properties of the current selection.
For property groups, names, types, and flags are listed.
For properties, names
.Pq prepended by the property group name and a slash Sq / ,
types, and values are listed.
See
.Xr scf_value_create 3SCF
for a list of available property types.
If an argument is supplied it is taken as a glob pattern and only property
groups and properties with names which match the argument are listed.
.It Xo
.Ic setenv
.Op Fl i | s
.Op Fl m Ar method_name
.Ar envvar value
.Xc
Sets a method environment variable for a service or instance by changing the
"environment" property in the
.Ar method_name
property group, if that property group has type
.Dq method .
If
.Ar method_name
is not specified and the
.Fl i
option is used, the
.Dq method_context
property group is used, if an instance is currently selected.
If the
.Fl s
option is used and a service is currently selected, its
.Dq method_context
property group is used.
If the
.Fl s
option is used and an instance is currently selected, the
.Dq method_context
property group of its parent is used.
If neither the
.Fl i
option nor the
.Fl s
option is used, the
.Dq start
property group is searched for in the currently selected entity and, if an
instance is currently selected, its parent is also searched.
If the
.Dq inetd_start
property group is not located, it is searched for in a similar manner.
.Pp
Once the property is located, all values which begin with
.Ar envvar
followed by a
.Dq \&=
are removed, and the value
.Dq Ar envvar Ns No = Ns Ar value
is added.
See
.Xr smf_security 7
for the privileges required to modify properties.
.It Xo
.Ic setprop
.Ar pg/name No =
.Op Ar type Ns No \&:
.Ar value
.Xc
.It Xo
.Ic setprop
.Ar pg/name No =
.Op Ar type Ns No \&:
.No \&( Ns Ar values \&... No \&)
.Xc
Sets the
.Ar name
property of the
.Ar pg
property group of the current selection to the given values of type
.Ar type .
See
.Xr scf_value_create 3SCF
for a list of available property types.
If the property already exists and the
.Ar type
disagrees with the existing
.Ar type
on the property, the subcommand fails.
Values may be enclosed in double-quotes.
String values which contain double-quotes or backslashes must be enclosed by
double-quotes and the contained double-quotes and backslashes must be quoted by
backslashes.
If the named property does not exist, it is created, as long as the type is
specified.
See
.Xr smf_security 7
for the privileges required to create or modify properties.
Multiple values will be stored in the order in which they are specified.
.It Xo
.Ic unsetenv
.Op Fl i | s
.Op Fl m Ar method_name
.Ar envvar value
.Xc
Removes a method environment variable for a service or instance by changing the
.Dq environment
property in the
.Ar method_name
property group, if that property group has type
.Dq method .
If
.Ar method_name
is not specified and the
.Fl i
option is used, the
.Dq method_context
property group is used, if an instance is currently selected.
If the
.Fl s
option is used and a service is currently selected, its
.Dq method_context
property group is used.
If the
.Fl s
option is used and an instance is currently selected, the
.Dq method_context
property group of its parent is used.
If neither the
.Fl i
option nor the
.Fl s
option is used, the
.Dq start
property group is searched for in the currently selected entity and, if an
instance is currently selected, its parent is also searched.
If the
.Dq inetd_start
property group is not located, it is searched for in a similar manner.
.Pp
Once the property is located, all values which begin with
.Ar envvar
followed by
.Dq =
are removed.
See
.Xr smf_security 7
for the privileges required to modify properties.
.El
.Ss Snapshot Navigation and Selection Subcommands
.Bl -tag -width Ar
.It Ic listsnap
Displays snapshots available for the currently selected instance.
.It Ic revert Op Ar snapshot
Reverts the properties of the currently selected instance and its service to
those recorded in the named snapshot.
If no argument is given, use the currently selected snapshot and deselect it on
success.
The changed property values can be made active via the
.Ic refresh
subcommand of
.Xr svcadm 8 .
See
.Xr smf_security 7
for the privileges required to change properties.
.It Ic selectsnap Op Ar name
Changes the current snapshot to the one named by
.Ar name .
If no
.Ar name
is specified, deselect the currently selected snapshot.
Snapshots are read-only.
.El
.Ss Instance Subcommands
.Bl -tag -width Ar
.It Ic refresh
Commit the values from the current configuration to the running snapshot,
making them available for use by the currently selected instance.
If the repository subcommand has not been used to select a repository, direct
the instance's restarter to reread the updated configuration.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev EDITOR
The command to run when the
.Ic editprop
subcommand is used.
The default editor is
.Xr vi 1 .
.El
.Sh EXIT STATUS
The following exit values are returned:
.Bl -tag -width Ds
.It Sy 0
Successful execution.
.It Sy 1
One or more subcommands resulted in failure.
Error messages are written to the standard error stream.
.It Sy 2
Invalid command line options were specified.
.El
.Sh EXAMPLES
.Sy Example 1 No Importing a Service Description
.Pp
The following example imports a service description for the
.Sy seismic
service in the XML manifest specified on the command line.
.Pp
.Dl # svccfg import /var/svc/manifest/site/seismic.xml
.Pp
Note that the manifest must follow the format specified in
.Xr service_bundle 5 .
.Pp
.Sy Example 2 No Exporting a Service Description
.Pp
To export a service description on the local system:
.Pp
.Dl # svccfg export dumpadm >/tmp/dump.xml
.Pp
.Sy Example 3 No Deleting a Service Instance
.Pp
To delete a service instance:
.Pp
.Dl # svccfg delete network/inetd-upgrade:default
.Pp
.Sy Example 4 - Checking Properties in an Alternate Repository
.Pp
To examine the state of a service's properties after loading an alternate
repository, use the sequence of commands shown below.
One might use such commands, for example, to determine whether a service was
enabled in a particular repository backup.
.Bd -literal -offset indent
# svccfg
svc:> repository /etc/svc/repository-boot
svc:> select telnet:default
svc:/network/telnet:default> listprop general/enabled
general/enabled  boolean false
svc:/network/telnet:default> exit
.Ed
.Pp
.Sy Example 5 No Enabling Debugging
.Pp
To modify
.Ev LD_PRELOAD
for a start method and enable the use of
.Xr libumem 3LIB
with debugging features active:
.Bd -literal -offset indent
$ svccfg -s system/service setenv LD_PRELOAD libumem.so
$ svccfg -s system/service setenv UMEM_DEBUG default
.Ed
.Pp
.Sy Example 6 No Using the Ic describe No Subcommand
.Pp
The following command illustrates the use of the
.Ic describe
subcommand.
.Bd -literal -offset indent
# svccfg -s console-login describe ttymon
ttymon                  application
ttymon/device           astring  /dev/console
   terminal device to be used for the console login prompt
ttymon/label            astring
   console appropriate entry from /etc/ttydefs
\&...
.Ed
.Sh INTERFACE STABILITY
The interactive output of
.Nm
is
.Sy Not-An-Interface
and may change at any time.
.Pp
The command line interface and non-interactive output of
.Nm
is
.Sy Committed .
.Sh SEE ALSO
.Xr svcprop 1 ,
.Xr svcs 1 ,
.Xr libscf 3LIB ,
.Xr libumem 3LIB ,
.Xr scf_service_add_pg 3SCF ,
.Xr scf_value_create 3SCF ,
.Xr contract 5 ,
.Xr service_bundle 5 ,
.Xr attributes 7 ,
.Xr fnmatch 7 ,
.Xr smf 7 ,
.Xr smf_method 7 ,
.Xr smf_security 7 ,
.Xr smf_template 7 ,
.Xr zones 7 ,
.Xr svc.configd 8 ,
.Xr svcadm 8