{"id":2966,"date":"2014-03-30T16:11:47","date_gmt":"2014-03-30T08:11:47","guid":{"rendered":"http:\/\/rmohan.com\/?p=2966"},"modified":"2014-03-30T16:57:20","modified_gmt":"2014-03-30T08:57:20","slug":"solaris-ssh-restart","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=2966","title":{"rendered":"Solaris ssh restart"},"content":{"rendered":"<p>To check if the service is online or offline:<br \/>\n# svcs -v ssh<br \/>\nonline &#8211; 12:23:17 115 svc:\/network\/ssh:default<\/p>\n<p>To stop the service:<br \/>\n#svcadm disable network\/ssh<\/p>\n<p>To start the service:<br \/>\n#svcadm enable network\/ssh<\/p>\n<p>To restart the service:<br \/>\n# svcadm restart network\/ssh<\/p>\n<p>To Restart the SSH Service<\/p>\n<p>Login to the command-line terminal<br \/>\nRun the command:<\/p>\n<p>svcadm restart svc:\/network\/ssh:default<\/p>\n<p>svcs -Ho state svc:\/network\/inetd<\/p>\n<p>&nbsp;<\/p>\n<p>Now lets check if it is really enabled.<\/p>\n<p><code># svcs -x system\/sar<br \/>\nsvc:\/system\/sar:default (system activity reporting package)<br \/>\nState: online since Sun Nov 16 10:07:42 2008<br \/>\nSee: sar(1M)<br \/>\nSee: \/var\/svc\/log\/system-sar:default.log<br \/>\nImpact: None.<\/code><\/p>\n<p>etting Information About Services Running on a System<\/p>\n<p>Let&#8217;s first take a look at the svcs command to generate a list of service instances that are being run on the system. Without any additional options, svcs provides a quick one-line status of each enabled service instance, as shown in Listing 1.<\/p>\n<p># svcs<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rcS_d\/S99openconnect-clean<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rc2_d\/S47pppd<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rc2_d\/S81dodatadm_udaplt<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rc2_d\/S89PRESERVE<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/platform\/i86pc\/acpihpd:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/ipsec\/policy:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/nis\/domain:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/early-manifest-import:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/svc\/restarter:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/tcp\/congestion-control:vegas<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/tcp\/congestion-control:highspeed<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/sctp\/congestion-control:highspeed<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/sctp\/congestion-control:vegas<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/tcp\/congestion-control:newreno<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/sctp\/congestion-control:cubic<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/tcp\/congestion-control:cubic<br \/>\n&#8230;<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/zones:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/power:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/hal:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/application\/texinfo-update:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/application\/pkg\/update:default<\/p>\n<p>Listing 1. Example svcs Output<\/p>\n<p># svcs -a<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rcS_d\/S99openconnect-clean<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rc2_d\/S47pppd<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rc2_d\/S81dodatadm_udaplt<br \/>\nlegacy_run\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 lrc:\/etc\/rc2_d\/S89PRESERVE<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/device\/mpxio-upgrade:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/install:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/ipfilter:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/ipsec\/ike:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/ipsec\/manual-key:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/name-service-cache:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/ldap\/client:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/nis\/client:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/ibd-post-upgrade:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/inetd-upgrade:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/nfs\/status:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/nfs\/nlockmgr:default<br \/>\n&#8230;<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/zones:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/power:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/hal:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/application\/texinfo-update:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/application\/pkg\/update:default<\/p>\n<p>this case, it amounts to 111 disabled services on this system.<\/p>\n<p># svcs | wc -l<br \/>\n147<br \/>\n# svcs -a | wc -l<br \/>\n258<\/p>\n<p>Now that we&#8217;ve seen a listing of all service instances, let&#8217;s explore one of the service instances and get some more information about it. In this example, let&#8217;s choose the svc:\/system\/zones:default service instance. We can use the -l option and the service name to get more information, as shown in Listing 3.<\/p>\n<p># svcs -l svc:\/system\/zones:default<br \/>\nfmri\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 svc:\/system\/zones:default<br \/>\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Zones autoboot and graceful shutdown<br \/>\nenabled\u00a0\u00a0\u00a0\u00a0\u00a0 true<br \/>\nstate\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 online<br \/>\nnext_state\u00a0\u00a0 none<br \/>\nstate_time\u00a0\u00a0 June 14, 2012 08:30:31 PM NZST<br \/>\nlogfile\u00a0\u00a0\u00a0\u00a0\u00a0 \/var\/svc\/log\/system-zones:default.log<br \/>\nrestarter\u00a0\u00a0\u00a0 svc:\/system\/svc\/restarter:default<br \/>\nmanifest\u00a0\u00a0\u00a0\u00a0 \/etc\/svc\/profile\/generic.xml<br \/>\nmanifest\u00a0\u00a0\u00a0\u00a0 \/lib\/svc\/manifest\/system\/zones.xml<br \/>\nmanifest\u00a0\u00a0\u00a0\u00a0 \/lib\/svc\/manifest\/system\/zonestat.xml<br \/>\ndependency\u00a0\u00a0 require_all\/none svc:\/milestone\/multi-user-server (online)<br \/>\ndependency\u00a0\u00a0 optional_all\/none svc:\/system\/pools:default (disabled)<br \/>\ndependency\u00a0\u00a0 optional_all\/none svc:\/system\/pools\/dynamic:default (disabled)<br \/>\ndependency\u00a0\u00a0 optional_all\/none svc:\/system\/zones-monitoring (online)<\/p>\n<p>Listing 3. Getting Information About a Service Instance<\/p>\n<p>svcs -d svc:\/system\/zones:default<br \/>\ngman@rampage:~$ svcs -d zones<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/pools:default<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/pools\/dynamic:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/zones-monitoring:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/milestone\/multi-user-server:default<\/p>\n<p>Let&#8217;s now have a look at another related service instance, svc:\/system\/zones-monitoring:default, and see what services depend on this service using the -D option to svcs:<\/p>\n<p># svcs -D svc:\/system\/zones-monitoring:default<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nonline\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/zone:default<\/p>\n<p>The result, svc:\/system\/zones:default, is relatively unsurprising since we had already determined that relationship in the previous example. One of the key features of SMF is that administrators manage services rather than the individual processes themselves. But what if we wanted to know what processes were being started by a given service instance? We can look at this easily by using the -p option to svcs, which ps helps to confirm:<\/p>\n<p># svcs -p zones-monitoring<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/zones-monitoring:default<br \/>\nJun_14\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 216 zonestatd<\/p>\n<p># ps 216<br \/>\nPID TT\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 S\u00a0 TIME COMMAND<br \/>\n216 ?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 S\u00a0 0:01 \/usr\/lib\/zones\/zonestatd<\/p>\n<p>Up until now, we have always used the full FMRI on the command line to specify the service that we are interested in. SMF also supports abbreviated FMRIs. All of the following examples of getting information about the svc:\/system\/system-log:default service instance are equivalent because they each uniquely identify the service:<\/p>\n<p># svcs -l svc:\/system\/system-log:default<br \/>\n# svcs -l system\/system-log:default<br \/>\n# svcs -l system-log:default<br \/>\n# svcs -l system-log<\/p>\n<p>Starting and Stopping Services<\/p>\n<p>Now that we&#8217;ve looked at what services are running on the system and retrieved some basic information about those services, let&#8217;s now look at how we can administer the state of those services with the svcadm command. For the next few examples, we&#8217;ll take a look at the svc:\/application\/management\/net-snmp:default service instance, which is responsible for managing the \/usr\/sbin\/snmpd SNMP agent that is used to collect information about a system through a set of Management Information Bases (MIBs). We can check the initial state of this service and the types of dependencies it has using the svcs command, as shown in Listing 4.<\/p>\n<p># svcs net-snmp<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/application\/management\/net-snmp:default<br \/>\n# svcs -d net-snmp<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/rpc\/rstat:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/cryptosvc:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/milestone\/network:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/filesystem\/local:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/milestone\/name-services:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/system\/system-log:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/milestone\/multi-user:default<br \/>\n# svcs -l net-snmp<br \/>\nfmri\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 svc:\/application\/management\/net-snmp:default<br \/>\nname\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 net-snmp SNMP daemon<br \/>\nenabled\u00a0\u00a0\u00a0\u00a0\u00a0 false<br \/>\nstate\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 disabled<br \/>\nnext_state\u00a0\u00a0 none<br \/>\nstate_time\u00a0\u00a0 June 19, 2012 01:50:37 PM NZST<br \/>\nlogfile\u00a0\u00a0\u00a0\u00a0\u00a0 \/var\/svc\/log\/application-management-net-snmp:default.log<br \/>\nrestarter\u00a0\u00a0\u00a0 svc:\/system\/svc\/restarter:default<br \/>\ncontract_id<br \/>\nmanifest\u00a0\u00a0\u00a0\u00a0 \/etc\/svc\/profile\/generic.xml<br \/>\nmanifest\u00a0\u00a0\u00a0\u00a0 \/lib\/svc\/manifest\/application\/management\/net-snmp.xml<br \/>\ndependency\u00a0\u00a0 require_all\/none svc:\/milestone\/multi-user (online)<br \/>\ndependency\u00a0\u00a0 require_all\/none svc:\/system\/filesystem\/local (online)<br \/>\ndependency\u00a0\u00a0 optional_all\/none svc:\/milestone\/name-services (online)<br \/>\ndependency\u00a0\u00a0 optional_all\/none svc:\/system\/system-log (online)<br \/>\ndependency\u00a0\u00a0 optional_all\/none svc:\/network\/rpc\/rstat (disabled)<br \/>\ndependency\u00a0\u00a0 require_all\/restart svc:\/system\/cryptosvc (online)<br \/>\ndependency\u00a0\u00a0 require_all\/restart svc:\/milestone\/network (online)<br \/>\ndependency\u00a0\u00a0 require_all\/refresh file:\/\/localhost\/etc\/net-snmp\/snmp\/snmpd.conf (online)<\/p>\n<p>Listing 4. Checking the Initial State and Dependencies of a Service<\/p>\n<p>The net-snmp service instance is initially disabled, but all its required dependencies are online (only one optional dependency, svc:\/network\/rpc\/rstat, is disabled). Let&#8217;s go ahead and enable this using the svcadm enable command:<\/p>\n<p># svcadm enable net-snmp<br \/>\n# svcs -p net-snmp<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 9:33:40 svc:\/application\/management\/net-snmp:default<br \/>\n9:33:40\u00a0\u00a0\u00a0\u00a0 6062 snmpd<\/p>\n<p>As we can see above, the \/usr\/sbin\/snmpd daemon agent has now been started, and we can verify that the SNMP agent is working using the snmpwalk command, as shown in Listing 5.<\/p>\n<p># snmpwalk -v 1 -c public localhost<br \/>\nSNMPv2-MIB::sysDescr.0 = STRING: SunOS rampage 5.11 11.1 i86pc<br \/>\nSNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.3<br \/>\nDISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (186832) 0:31:08.32<br \/>\nSNMPv2-MIB::sysContact.0 = STRING: &#8220;System administrator&#8221;<br \/>\nSNMPv2-MIB::sysName.0 = STRING: rampage<br \/>\nSNMPv2-MIB::sysLocation.0 = STRING: &#8220;System administrators office&#8221;<br \/>\nSNMPv2-MIB::sysServices.0 = INTEGER: 72<br \/>\nSNMPv2-MIB::sysORLastChange.0 = Timeticks: (31) 0:00:00.31<br \/>\nSNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance<br \/>\nSNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance<br \/>\nSNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance<br \/>\nSNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB<br \/>\nSNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB<br \/>\nSNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip<br \/>\nSNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB<br \/>\nSNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup<br \/>\nSNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.<br \/>\nSNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.<br \/>\n&#8230;<br \/>\nNOTIFICATION-LOG-MIB::nlmConfigGlobalEntryLimit.0 = Gauge32: 1000<br \/>\nNOTIFICATION-LOG-MIB::nlmConfigGlobalAgeOut.0 = Gauge32: 1440 minutes<br \/>\nNOTIFICATION-LOG-MIB::nlmStatsGlobalNotificationsLogged.0 = Counter32: 0 notifications<br \/>\nNOTIFICATION-LOG-MIB::nlmStatsGlobalNotificationsBumped.0 = Counter32: 0 notifications<\/p>\n<p>Listing 5. Verifying That the SNMP Agent is Working<\/p>\n<p>Before we go any further, let&#8217;s also take a quick look at SMF&#8217;s ability to restart any processes in the event of a hardware or software failure. As we saw above, the \/usr\/sbin\/snmpd agent daemon is running with a process ID of 6062. Let&#8217;s kill that process and see what happens:<\/p>\n<p># kill -9 6062<br \/>\n# svcs -p net-snmp<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 9:38:12 svc:\/application\/management\/net-snmp:default<br \/>\n9:38:12\u00a0\u00a0\u00a0\u00a0 6065 snmpd<\/p>\n<p>We can see that the \/usr\/sbin\/snmpd process has restarted with a new process ID of 6065 and the service is still online! Permanently disabling the service is also simple by using the svcadm disable command, as follows:<\/p>\n<p># svcadm disable net-snmp<br \/>\n# svcs net-snmp<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\ndisabled\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 9:44:40 svc:\/application\/management\/net-snmp:default<br \/>\n# snmpwalk -v 1 -c public localhost<br \/>\nTimeout: No response from localhost<\/p>\n<p>If we had chosen to, we could also have disabled the service temporarily until the next reboot using the -t option. Each service in SMF is always in one of a few different states, as shown in Table 2.<br \/>\nTable 2. SMF Service States<br \/>\nState \u00a0\u00a0 \u00a0Description<br \/>\nuninitialized \u00a0\u00a0 \u00a0This is the initial state of all services until its restarter (usually svc.startd) moves services to another state.<br \/>\noffline \u00a0\u00a0 \u00a0The instance is enabled but not yet running or unable to run.<br \/>\nonline \u00a0\u00a0 \u00a0The instance is enabled and running.<br \/>\nmaintenance \u00a0\u00a0 \u00a0The instance is enabled but unable to run for some reason, and administrative action will be required.<br \/>\ndisabled \u00a0\u00a0 \u00a0The instance is disabled.<br \/>\nlegacy-run \u00a0\u00a0 \u00a0The service is not directly managed by SMF, but it was started at some point.<\/p>\n<p>If, for any reason, we wanted to restart a service, we could use the svcadm restart command.<br \/>\nSMF Milestones<\/p>\n<p>SMF milestones are services that aggregate multiple service dependencies and describe a specific state of system readiness on which other services can depend. Administrators can see the list of milestones that are defined by using the svcs command, as shown in Listing 6.<\/p>\n<p># svcs milestone*<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/unconfig:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/config:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/devices:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/network:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/single-user:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/name-services:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/self-assembly-complete:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/multi-user:default<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_30\u00a0\u00a0 svc:\/milestone\/multi-user-server:default<\/p>\n<p>Listing 6. Listing Milestones<\/p>\n<p>Some of the above milestones correspond to the traditional system run levels S (svc:\/milestone\/single-user), 2 (svc:\/milestone\/multi-user), and 3 (svc:\/milestone\/multi-user-server). Others correspond to internal implementation of the system configuration framework, sysconfig. While changing milestones is possible with svcadm, it is recommended that administrators continue to use the init command.<br \/>\nMaking Some Basic Configuration Changes to Services<\/p>\n<p>From time to time, it might be necessary to modify some of the configuration behind a service instance. One of the significant changes in Oracle Solaris 11 is that some of the system configuration traditionally located in \/etc was moved into the SMF configuration repository. One of the primary drivers for this change was to more seamlessly manage a system upgrade and preservation of configuration while being able to easily merge in any vendor-provided configuration for configuration options that haven&#8217;t been locally modified. The SMF configuration repository, managed by the svc.configd daemon, has been modified to store its configuration in a series of layers, as a series of administrative customizations and configuration provided through site profiles, system profiles, and manifests. We will cover this in more detail in another article.<\/p>\n<p>At the heart of the configuration repository are property groups and properties. Property groups are exactly what they say they are\u2014a set of properties that have been organized into a logical grouping. Within each property group, an arbitrary number of properties can exist storing a variety of different configuration types\u2014simple strings, integers, Booleans, and network addresses, to name a few. Properties and property groups can be specific to a given service instance or global across all instances of a particular service. A property might have different values set on a parent service and a service instance, and the value from the service instance will take precedence.<\/p>\n<p>Before we go into detail about how to modify changes in the SMF repository, let&#8217;s quickly look at the command svcprop and how we can use it to list property groups and properties of a given service or service instance. Listing 7 shows it being used with the svc:\/network\/dns\/client:default instance.<\/p>\n<p># svcprop dns\/client:default<br \/>\ngeneral\/complete astring<br \/>\ngeneral\/enabled boolean true<br \/>\ngeneral\/action_authorization astring solaris.smf.manage.name-service.dns.client<br \/>\ngeneral\/entity_stability astring Unstable<br \/>\ngeneral\/single_instance boolean true<br \/>\ngeneral\/value_authorization astring solaris.smf.manage.name-service.dns.client<br \/>\nconfig\/value_authorization astring solaris.smf.value.name-service.dns.client<br \/>\nconfig\/nameserver net_address 192.168.0.1<br \/>\nsysconfig\/group astring naming_services<br \/>\nmilestoneconfig_network_dns_client\/entities fmri svc:\/milestone\/config<br \/>\nmilestoneconfig_network_dns_client\/external boolean true<br \/>\nmilestoneconfig_network_dns_client\/grouping astring optional_all<br \/>\nmilestoneconfig_network_dns_client\/restart_on astring none<br \/>\nmilestoneconfig_network_dns_client\/type astring service<br \/>\nlocation_dns-client\/entities fmri svc:\/network\/location:default<br \/>\n&#8230;<br \/>\nrestarter\/state_timestamp time 1339662573.051463000<br \/>\nrestarter_actions\/auxiliary_tty boolean false<br \/>\nrestarter_actions\/auxiliary_fmri astring svc:\/network\/location:default<br \/>\ngeneral_ovr\/enabled boolean true<\/p>\n<p>Listing 7. Listing Property Groups and Properties<\/p>\n<p>In Listing 7, we are using svcprop without any other options, and we get a composed view by default\u2014one that includes properties from both the parent service and the service instance. If we just wanted to look at the instance properties, we can use the -C option, as shown in Listing 8.<\/p>\n<p># svcprop -C dns\/client:default<br \/>\ngeneral\/complete astring<br \/>\ngeneral\/enabled boolean true<br \/>\nrestarter\/logfile astring \/var\/svc\/log\/network-dns-client:default.log<br \/>\nrestarter\/start_pid count 572<br \/>\nrestarter\/start_method_timestamp time 1339662573.041262000<br \/>\nrestarter\/start_method_waitstatus integer 0<br \/>\nrestarter\/transient_contract count<br \/>\nrestarter\/auxiliary_state astring dependencies_satisfied<br \/>\nrestarter\/next_state astring none<br \/>\nrestarter\/state astring online<br \/>\nrestarter\/state_timestamp time 1339662573.051463000<br \/>\nrestarter_actions\/auxiliary_tty boolean false<br \/>\nrestarter_actions\/auxiliary_fmri astring svc:\/network\/location:default<br \/>\ngeneral_ovr\/enabled boolean true<\/p>\n<p>Listing 8. Listing Only Instance Properties<\/p>\n<p>If we wanted to focus on a particular property, we can use the -p option to specify the property group and property. In this case, we&#8217;re going to find the config\/nameserver property on the service rather than on the service instance. This property is used as a replacement to the legacy \/etc\/resolv.conf file in previous versions of Oracle Solaris, though the value is mirrored to that file for compatibility with applications that might be parsing it.<\/p>\n<p># svcprop -p config\/nameserver dns\/client<br \/>\n192.168.0.1<\/p>\n<p>Now that we&#8217;ve seen how to query properties, let&#8217;s take a look at another command, svccfg, that we can use to set properties. svccfg provides a number of different ways to set properties: directly on the command line, through an interactive text-based interface, or through a text editor. Let&#8217;s keep with our svc:\/network\/dns\/client example and see how easy it is to set the name server configuration.<\/p>\n<p># svccfg -s dns\/client setprop config\/nameserver = 10.0.0.1<br \/>\n# svccfg -s dns\/client listprop config\/nameserver<br \/>\nconfig\/nameserver net_address 10.0.0.1<\/p>\n<p>Changes made to an existing service in the respository typically do not take effect until the service instance has been refreshed.<\/p>\n<p># svcprop -p config\/nameserver dns\/client<br \/>\n192.168.0.1<br \/>\n# svcadm refresh dns\/client:default<br \/>\n# svcprop -p config\/nameserver dns\/client<br \/>\n10.0.0.1<\/p>\n<p>Equally, we could have used the interactive interface to make these changes. Let&#8217;s change the value of config\/nameserver back to what it was originally, 192.168.0.1, as shown in Listing 9.<\/p>\n<p># svccfg<br \/>\nsvc:&gt; select dns\/client<br \/>\nsvc:\/network\/dns\/client&gt; listprop config\/nameserver<br \/>\nconfig\/nameserver net_address 10.0.0.1<br \/>\nsvc:\/network\/dns\/client&gt; describe config\/nameserver<br \/>\nconfig\/nameserver net_address 10.0.0.1<br \/>\nThe value used to construct the &#8220;nameserver&#8221; directive in resolv.conf(4)<br \/>\nsvc:\/network\/dns\/client&gt; setprop config\/nameserver = 192.168.0.1<br \/>\nsvc:\/network\/dns\/client&gt; listprop config\/nameserver<br \/>\nconfig\/nameserver net_address 192.168.0.1<br \/>\nsvc:\/network\/dns\/client&gt; select default<br \/>\nsvc:\/network\/dns\/client:default&gt; refresh<br \/>\nsvc:\/network\/dns\/client:default&gt; exit<\/p>\n<p>Listing 9. Using the Interactive Interface<\/p>\n<p>svccfg supports a number of other useful commands, such as listpg to list property groups on a given service, editprop to open up a text editor to more easily allow configuration of multiple properties at the same time, and extract to allow administrators to easily capture service customizations as an XML file that can be applied on other systems. We will cover more of these in another article.<br \/>\nMonitoring the State of Services<\/p>\n<p>One of the new features added to SMF in Oracle Solaris 11 is the ability to monitor the state of services and get notified if they change, either through e-mail or SNMP traps. Notifications can be quickly set to check if any SMF services go into maintenance mode or if a particular service goes online, for example. As a quick example, let&#8217;s set an e-mail notification to be sent anytime an SMF service goes into maintenance mode, as shown in Listing 10.<\/p>\n<p># svccfg setnotify -g maintenance mailto:admin@mycompany.com<br \/>\n# svccfg listnotify -g<br \/>\nEvent: to-maintenance (source: svc:\/system\/svc\/global:default)<br \/>\nNotification Type: smtp<br \/>\nActive: true<br \/>\nto: admin@mycompany.com<\/p>\n<p>Event: from-maintenance (source: svc:\/system\/svc\/global:default)<br \/>\nNotification Type: smtp<br \/>\nActive: true<br \/>\nto: admin@mycompany.com<\/p>\n<p>Listing 10. Example of Setting a Notification<\/p>\n<p>By default, SMF will use an existing simple e-mail template to fill in the values of any SMF service that has gone into or out of the maintenance state; however, this can be modified easily by setting a parameter, msg_template, in the mailto: address, as follows:<\/p>\n<p># svccfg setnotify -g maintenance &#8220;&#8216;mailto:admin@mycompany.com?msg_template=\/usr\/local\/share\/new-smf-email-template'&#8221;<\/p>\n<p>We can also monitor individual services. In this case, let&#8217;s monitor the svc:\/network\/http:apache22 Apache Web server default instance for any changes away from its current online state:<\/p>\n<p># svcs http:apache22<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Jun_14\u00a0\u00a0 svc:\/network\/http:apache22<br \/>\n# svccfg -s http:apache22 setnotify from-online mailto:admin@mycompany.com<br \/>\n# svccfg -s http:apache22 listnotify<br \/>\nEvent: from-online (source: svc:\/network\/http:apache22)<br \/>\nNotification Type: smtp<br \/>\nActive: true<br \/>\nto: admin@mycompany.com<\/p>\n<p>Troubleshooting<\/p>\n<p>Now that we have covered some of the basics of administration with SMF, let&#8217;s quickly take a look at some of the things we can do to troubleshoot what might be wrong with a service. To quickly get an idea of what services are not running due to errors, we can use the -xv options to svcs, as shown in Listing 11.<\/p>\n<p># svcs -xv<br \/>\nsvc:\/system\/identity:node (system identity (nodename))<br \/>\nState: disabled since June 22, 2012 08:11:14 PM NZST<br \/>\nReason: Disabled by an administrator.<br \/>\nSee: http:\/\/sun.com\/msg\/SMF-8000-05<br \/>\nSee: man -M \/usr\/share\/man -s 4 nodename<br \/>\nSee: \/var\/svc\/log\/system-identity:node.log<br \/>\nImpact: 5 dependent services are not running:<br \/>\nsvc:\/network\/rpc\/bind:default<br \/>\nsvc:\/network\/rpc\/gss:default<br \/>\nsvc:\/system\/filesystem\/autofs:default<br \/>\nsvc:\/network\/rpc\/smserver:default<br \/>\nsvc:\/network\/nfs\/mapid:default<\/p>\n<p>Listing 11. Determining Which Services Have Errros<\/p>\n<p>In this case, we have a simple problem: svc:\/system\/identity:node has been disabled causing five dependent services to not run. Enabling it fixes the problem.<\/p>\n<p>Another reason for failure might be a missing configuration file, as in this example with svc:\/application\/management\/net-snmp:default:<\/p>\n<p># svcs -xv<br \/>\nsvc:\/application\/management\/net-snmp:default (net-snmp SNMP daemon)<br \/>\nState: offline since June 22, 2012 08:17:28 PM NZST<br \/>\nReason: Dependency file:\/\/localhost\/etc\/net-snmp\/snmp\/snmpd.conf is absent.<br \/>\nSee: http:\/\/sun.com\/msg\/SMF-8000-E2<br \/>\nSee: man -M \/usr\/share\/man\/ -s 8 snmpd<br \/>\nSee: \/var\/svc\/log\/application-management-net-snmp:default.log<br \/>\nImpact: This service is not running.<\/p>\n<p>Once we have fixed the problem (by ensuring that the snmpd.conf file exists), we need to restart the service.<\/p>\n<p>Another failure might be due to an incorrect configuration file or missing executables, as it the case here with svc:\/network\/http:apache22:<\/p>\n<p># svcs -xv<br \/>\nsvc:\/network\/http:apache22 (Apache 2.2 HTTP server)<br \/>\nState: maintenance since June 22, 2012 08:23:35 PM NZST<br \/>\nReason: Method failed.<br \/>\nSee: http:\/\/sun.com\/msg\/SMF-8000-8Q<br \/>\nSee: man -M \/usr\/apache2\/2.2\/man -s 8 httpd<br \/>\nSee: http:\/\/httpd.apache.org<br \/>\nSee: \/var\/svc\/log\/network-http:apache22.log<br \/>\nImpact: This service is not running.<\/p>\n<p>In this case, it&#8217;s not clear from a quick summary of the error what the fault is; however, it&#8217;s clear that the service is now in maintenance state requiring explicit administrative intervention. The next logical step is to look at the service log located at \/var\/svc\/log\/network-http:apache22.log, as shown in Listing 12, which soon reveals the problem.<\/p>\n<p># tail \/var\/svc\/log\/network-http\\:apache22.log<br \/>\n[ Jun 22 20:22:34 Method &#8220;stop&#8221; exited with status 0. ]<br \/>\n[ Jun 22 20:22:34 Executing start method (&#8220;\/lib\/svc\/method\/http-apache22 start&#8221;). ]<br \/>\nApache version is 2.2<br \/>\n[ Jun 22 20:22:35 Method &#8220;start&#8221; exited with status 0. ]<br \/>\n[ Jun 22 20:23:35 Stopping because service restarting. ]<br \/>\n[ Jun 22 20:23:35 Executing stop method (&#8220;\/lib\/svc\/method\/http-apache22 stop&#8221;). ]<br \/>\nApache version is 2.2<br \/>\n\/usr\/apache2\/2.2\/bin\/apachectl[86]: \/usr\/apache2\/2.2\/bin\/httpd: not found<br \/>\n[No such file or directory]<br \/>\nServer failed to start. Check the error log (defaults to<br \/>\n\/var\/apache2\/2.2\/logs\/error_log) for more information, if any.<br \/>\n[ Jun 22 20:23:35 Method &#8220;stop&#8221; exited with status 95. ]<\/p>\n<p>Listing 12. Checking the Service Log<\/p>\n<p>We can easily see that our system is missing the \/usr\/apache2\/2.2\/bin\/httpd executable file. This can be fixed easily by restoring the missing file using the IPS package manager with a pkg fix apache-22 command. Once we have identified and fixed the problem, we need to clear the state of the SMF service:<\/p>\n<p># svcadm clear http:apache22<br \/>\n# svcs http:apache22<br \/>\nSTATE\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 STIME\u00a0\u00a0\u00a0 FMRI<br \/>\nonline\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 20:34:04 svc:\/network\/http:apache22<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To check if the service is online or offline: # svcs -v ssh online &#8211; 12:23:17 115 svc:\/network\/ssh:default<\/p>\n<p>To stop the service: #svcadm disable network\/ssh<\/p>\n<p>To start the service: #svcadm enable network\/ssh<\/p>\n<p>To restart the service: # svcadm restart network\/ssh<\/p>\n<p>To Restart the SSH Service<\/p>\n<p>Login to the command-line terminal Run the command:<\/p>\n<p>svcadm restart [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2966"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2966"}],"version-history":[{"count":3,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2966\/revisions"}],"predecessor-version":[{"id":2969,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2966\/revisions\/2969"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}