1.\" The contents of this file are subject to the terms of the Common 2.\" Development and Distribution License (the "License"). You may not use 3.\" this file except in compliance with the License. You can obtain a copy 4.\" of the license at usr/src/OPENSOLARIS.LICENSE or 5.\" http://www.opensolaris.org/os/licensing. 6.\" 7.\" See the License for the specific language governing permissions and 8.\" limitations under the License. When distributing Covered Code, include 9.\" this CDDL HEADER in each file and include the License file at 10.\" usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below 11.\" this CDDL HEADER, with the 12.\" 13.\" fields enclosed by brackets "[]" replaced with your own identifying 14.\" information: Portions Copyright [yyyy] [name of copyright owner] 15.\" 16.\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved 17.\" Copyright 2012, Joyent, Inc. All Rights Reserved 18.\" Copyright 2023 Oxide Computer Company 19.\" 20.Dd June 1, 2023 21.Dt SVCCFG 8 22.Os 23.Sh NAME 24.Nm svccfg 25.Nd import, export, and modify service configurations 26.Sh SYNOPSIS 27.Nm 28.Op Fl v 29.Op Fl z Ar zone 30.Op Fl s Ar FMRI 31.Nm 32.Op Fl v 33.Op Fl z Ar zone 34.Op Fl s Ar FMRI 35.Ar subcommand Op Ar args Ns \&... 36.Nm 37.Op Fl v 38.Op Fl z Ar zone 39.Op Fl s Ar FMRI 40.Fl f Ar command-file 41.Sh DESCRIPTION 42The 43.Nm 44command manipulates data in the service configuration repository. 45.Nm 46can be invoked interactively, with an individual subcommand, or by specifying a 47command file that contains a series of subcommands. 48.Pp 49Changes made to an existing service in the repository typically do not take 50effect for that service until the next time the service instance is refreshed. 51See the 52.Sy refresh 53subcommand on the 54.Xr svcadm 8 55man page for more details. 56.Sh OPTIONS 57The following options are supported: 58.Bl -tag -width Ar 59.It Fl f Ar file 60Reads and executes 61.Nm 62subcommands from 63.Ar file . 64.It Fl s Ar FMRI 65Selects the entity indicated by 66.Ar FMRI 67.Pq a fault management resource identifier 68before executing any subcommands. 69See 70.Xr smf 7 . 71.It Fl v 72Produce more verbose output. 73.It Fl z Ar zone 74Manage services in the specified zone. 75This option is only applicable from the global zone, see 76.Xr zones 7 . 77.El 78.Sh SUBCOMMANDS 79Subcommands are divided into the categories specified in the subsections that 80follow. 81.Pp 82All subcommands that accept 83.Ar FMRI Ns No s 84also accept abbreviated or globbed patterns. 85Instances and services can be abbreviated by specifying the instance name, or 86the trailing portion of the service name. 87For example, given the 88.Ar FMRI : 89.Pp 90.D1 svc:/network/smtp:sendmail 91.Pp 92All the following are valid abbreviations: 93.Pp 94.D1 sendmail :sendmail smtp smtp:sendmail network/smtp 95.Pp 96While the following are invalid: 97.Pp 98.D1 mail network network/smt 99.Pp 100Abbreviated forms of 101.Ar FMRI Ns No s 102are unstable, and should not be used in scripts or other permanent tools. 103If a pattern matches more than one instance or service, an error message is 104printed and no action is taken. 105.Ss General Subcommands 106.Bl -tag -width Ar 107.It Ic end , exit , quit 108Exits immediately. 109.It Ic repository Ar repfile 110Uses 111.Ar repfile 112as a repository. 113By default, 114.Nm 115uses the system repository. 116.Pp 117Use repository only with files from the identical version of illumos, including 118updates, that you are currently running. 119Do not use this subcommand with the system repository, 120.Pa /etc/svc/repository.db . 121.It Ic set Oo Fl v | V Oc 122Sets optional behavior. 123If no options are specified, set displays the options currently in effect. 124.Bl -tag -width Ds 125.It Fl v 126Turns on verbose mode. 127.It Fl V 128Turns off verbose mode. 129.El 130.El 131.Ss Service Profile Subcommands 132.Bl -tag -width Ar 133.It Ic apply Oo Fl n Oc Ar file 134If 135.Ar file 136is a service profile, properties, including general/enabled, that are specified 137in the file are modified in the SMF repository. 138Not-yet-existent properties and property groups will be created. 139The type of the pre-existing property groups will not be changed by the profile. 140Existing properties 141.Pq as distinguished from property groups 142.Em can 143have their type changed by the profile. 144Nonexistent services and instances are ignored. 145Services and instances modified by the profile will be refreshed. 146If 147.Fl n 148is specified, the profile is processed and no changes are applied to the SMF 149repository. 150Any syntax error found will be reported on 151.Dv stderr 152and an exit code of 153.Sy 1 154will be returned. 155See 156.Xr smf 7 157for a description of service profiles. 158This command requires privileges to modify properties in the service and 159instance. 160See 161.Xr smf_security 7 162for the privileges required to modify properties. 163If 164.Ar file 165is not a service profile, the subcommand fails. 166.It Ic extract Op > Ar file 167Prints a service profile which represents the enabled status of the service 168instances in the repository to standard output. 169The output may be redirected to a file. 170.El 171.Ss Service Manifest Subcommands 172.Bl -tag -width Ar 173.It Ic archive Op Fl a 174Dumps a full XML service description for all services, instances, and their 175persistent properties in the repository. 176This does not include transient properties such as service state, and is 177suitable for a relocatable repository backup. 178.Pp 179Without the 180.Fl a 181option, property groups containing protected information 182.Po 183identified by the presence of the 184.Sy read_authorization 185property \(em see 186.Xr smf_security 7 187.Pc 188will be archived without their property values. 189When the 190.Fl a 191option is specified, all values will be archived. 192An error results if there are insufficient privileges to read these values. 193.It Ic export Oo Fl a Oc Ar service_FMRI Op > Ar file 194The service description for the specified service and its instances is written 195to standard output or redirected to the given file. 196Dependencies with a boolean 197.Dq external 198property set to true are omitted in the belief that they were created on behalf 199of another service. 200.Pp 201Without the 202.Fl a 203option, property groups containing protected information 204.Po 205identified by the presence of the 206.Sy read_authorization 207property \(em see 208.Xr smf_security 7 209.Pc 210will be exported without their property values. 211When the 212.Fl a 213option is specified, all values will be archived. 214An error results if there are insufficient privileges to read these values. 215.Pp 216Note that 217.Ic export 218requires a service FMRI. 219To ease the use of arguments cut and pasted from other command output, if you 220specify a complete instance FMRI, the entire corresponding service including 221all instances is exported and a warning is issued. 222If you specify an abbreviation, such as 223.Sq apache2 224or 225.Sq sendmail , 226that specifies an instance, the command fails. 227.It Ic import Oo Fl V Oc Ar file 228If 229.Ar file 230is a service manifest, then the services and instances it specifies are 231imported into the repository. 232According to the file, dependencies may be created in other services. 233See 234.Xr smf 7 235for a description of service manifests. 236See 237.Xr smf_security 7 238for the privileges required to create and modify service configurations. 239.Pp 240Services and instances in the manifest will be validated against template data 241in the manifest and the repository, and warnings will be issued for all 242template violations. 243See 244.Xr smf_template 7 245for a description of templates. 246If the 247.Fl V 248option is specified, manifests that violate the defined templates will fail to 249import. 250In interactive invocations of 251.Nm , 252.Fl V 253is the default behavior. 254.Pp 255For existing services and instances, properties which have not changed since 256the last import snapshot was taken are upgraded to those specified by the 257manifest. 258Conflicts 259.Pq properties which have been changed both in the repository and the manifest 260are reported on the standard error stream. 261.Nm 262will never upgrade the 263.Dq general/enabled 264and 265.Dq general/restarter 266properties, 267since they represent administrator preference. 268.It Ic inventory Ar file 269If 270.Ar file 271is determined to be a service manifest, then the FMRIs of the services and 272instances the 273.Ar file 274describes are printed. 275For each service, the FMRIs of its instances are displayed before the FMRI 276of the service. 277.It Ic restore 278Restores the contents of the repository from a full XML service description 279previously created by the 280.Ic archive 281subcommand. 282If the archive was generated without the use of the 283.Fl a 284option, the contents of the repository following completion of the restore will 285not include the values of any read-protected properties 286.Pq see Xr smf_security 7 . 287If these are required, they must be restored manually. 288.Pp 289Restoring an archive which is inconsistent with currently installed software 290.Pq including patch revisions 291might yield unpredictable results. 292Therefore, prior to restoring an archive, all system and application software, 293including any service manifests, should be restored to the same state it was in 294at the time the archive was made. 295.It Ic validate Op Ar file | fmri 296The 297.Ic validate 298subcommand can operate on a manifest file, an instance FMRI, or the current 299instance or snapshot entity selection. 300When an argument is specified, 301.Nm 302will check to see whether the specified file exists. 303If the file exists, it will be validated. 304If a file of the specified name does not exist, the argument is treated as an 305FMRI pattern. 306If a conflict arises between a filename and an FMRI, use the svc: and file: 307prefixes to tell 308.Nm 309how to interpret the argument. 310.Pp 311When you specify a file, the file is processed in a manner similar to 312.Ic import 313.Fl V , 314but no changes are made to the repository. 315If any errors are detected, 316.Nm 317displays the errors and exits with a nonzero exit status. 318.Pp 319For an instance 320.Ar fmri , 321instance entity selection, or snapshot entity selection, the specified instance 322in its composed form 323.Po 324see 325.Dq Properties and Property Groups 326in 327.Xr smf 7 328.Pc 329will be validated against template data in the repository. 330Instance FMRIs and instance entity selections use the 331.Dq running 332snapshot for validation. 333Warnings will be issued for all template violations. 334See 335.Xr smf_template 7 336for a description of templates. 337.El 338.Ss Entity Selection, Modification, and Navigation Subcommands 339An 340.Dq entity 341refers to a scope, service, or service instance. 342.Bl -tag -width Ar 343.It Ic add Ar name 344A new entity with the given name is created as a child of the current selection. 345See 346.Xr smf_security 7 347for the privileges required to create entities. 348.It Ic delete Oo Fl f Oc Brq Ar name | fmri 349The named child of the current selection or the entity specified by 350.Ar fmri 351is deleted. 352Attempts to delete service instances in the 353.Dq online 354or 355.Dq degraded 356state will fail unless the 357.Fl f 358flag is specified. 359If a service or service instance has a 360.Dq dependents 361property group of type 362Dq framework , 363then for each of its properties with type 364.Dq astring 365or 366.Dq fmri , 367if the property has a single value which names a service or service instance 368then the dependency property group in the indicated service or service instance 369with the same name as the property will be deleted. 370See 371.Xr smf_security 7 372for the privileges required to delete service configurations. 373.It Ic list Op Ar pattern 374The child entities of the current selection whose names match the glob pattern 375.Ar pattern 376are displayed 377.Pq see Xr fnmatch 7 . 378.Dq :properties 379is also listed for property-bearing entities, namely services and service 380instances. 381.It Ic select Brq Ar name | fmri 382If the argument names a child of the current selection, it becomes the current 383selection. 384Otherwise, the argument is interpreted as an FMRI and the entity that the 385argument specifies becomes the current selection. 386.It Ic unselect 387The parent of the current selection becomes the current selection. 388.El 389.Ss Property Inspection and Modification Subcommands 390.Bl -tag -width Ar 391.It Ic addpg Ar name Ar type Op Ar flags 392Adds a property group with the given 393.Ar name 394and type to the current selection. 395.Ar flags 396is a string of characters which designates the flags with which to create the 397property group. 398.Sq P 399represents 400.Dv SCF_PG_FLAG_NONPERSISTENT 401.Pq see Xr scf_service_add_pg 3SCF . 402See 403.Xr smf_security 7 404for the privileges required to create property groups. 405.It Ic addpropvalue Ar pg/name Oo Ar type Ns No \&: Oc Ar value 406Adds the given value to a property. 407If 408.Ar type 409is given and the property exists, then if 410.Ar type 411does not agree with the property's 412.Ar type , 413the subcommand fails. 414The values may be enclosed in double-quotes. 415String values containing double-quotes or backslashes must be enclosed by 416double-quotes and the contained double-quotes and backslashes must be quoted by 417backslashes. 418Nonexistent properties are created, in which case the 419.Ar type 420specifier must be present. 421See 422.Xr scf_value_create 3SCF 423for a list of available property types. 424See 425.Xr smf_security 7 426for the privileges required to modify properties. 427The new value will be appended to the end of the list of property values 428associated with the property. 429.It Ic delpg Ar name 430Deletes the property group 431.Ar name 432of the current selection. 433See 434.Xr smf_security 7 435for the privileges required to delete property groups. 436.It Ic delprop Ar pg Ns Op / Ns Ar name 437Deletes the named property group or property of the current selection. 438See 439.Xr smf_security 7 440for the privileges required to delete properties. 441.It Ic delpropvalue Ar pg/name Ar globpattern 442Deletes all values matching the given 443.Ar glob 444pattern in the named property. 445Succeeds even if no values match. 446See 447.Xr smf_security 7 448for the privileges required to modify properties. 449.It Xo 450.Ic describe 451.Op Fl v 452.Op Fl t 453.Op Ar propertygroup Ns No / Ns Ar property 454.Xc 455Describes either the current or the possible settings. 456.Pp 457When invoked without arguments, 458.Ic describe 459gives basic descriptions 460.Pq if available 461of the currently selected entity and all of its currently set property groups 462and properties. 463A property group or specific property can be queried by specifying either the 464property group name, or the property group name and property name, separated by 465a slash 466.Pq Sq / , 467as an argument. 468.Pp 469The 470.Fl v 471option gives all information available, including descriptions for current 472settings, constraints, and other possible setting choices. 473.Pp 474The 475.Fl t 476option shows only the template data for the selection 477.Pq see Xr smf_template 7 , 478and does not display the current settings for property groups and properties. 479.It Ic editprop 480Commented commands to reproduce the property groups and properties of the 481current selection are placed in a temporary file and the program named by the 482.Ev EDITOR 483environment variable is invoked to edit it. 484Upon completion, the commands in the temporary file are executed. 485The default editor is 486.Xr vi 1 . 487See 488.Xr smf_security 7 489for the privileges required to create, modify, or delete properties. 490.It Ic listpg Op Ar pattern 491Displays the names, types, and flags of property groups of the current 492selection. 493If an argument is given, it is taken as a glob pattern and only property groups 494with names which match the argument are listed. 495.Pp 496In interactive mode, a basic description of the property groups is also given. 497.It Ic listprop Op Ar pattern 498Lists property groups and properties of the current selection. 499For property groups, names, types, and flags are listed. 500For properties, names 501.Pq prepended by the property group name and a slash Sq / , 502types, and values are listed. 503See 504.Xr scf_value_create 3SCF 505for a list of available property types. 506If an argument is supplied it is taken as a glob pattern and only property 507groups and properties with names which match the argument are listed. 508.It Xo 509.Ic setenv 510.Op Fl i | s 511.Op Fl m Ar method_name 512.Ar envvar value 513.Xc 514Sets a method environment variable for a service or instance by changing the 515"environment" property in the 516.Ar method_name 517property group, if that property group has type 518.Dq method . 519If 520.Ar method_name 521is not specified and the 522.Fl i 523option is used, the 524.Dq method_context 525property group is used, if an instance is currently selected. 526If the 527.Fl s 528option is used and a service is currently selected, its 529.Dq method_context 530property group is used. 531If the 532.Fl s 533option is used and an instance is currently selected, the 534.Dq method_context 535property group of its parent is used. 536If neither the 537.Fl i 538option nor the 539.Fl s 540option is used, the 541.Dq start 542property group is searched for in the currently selected entity and, if an 543instance is currently selected, its parent is also searched. 544If the 545.Dq inetd_start 546property group is not located, it is searched for in a similar manner. 547.Pp 548Once the property is located, all values which begin with 549.Ar envvar 550followed by a 551.Dq \&= 552are removed, and the value 553.Dq Ar envvar Ns No = Ns Ar value 554is added. 555See 556.Xr smf_security 7 557for the privileges required to modify properties. 558.It Xo 559.Ic setprop 560.Ar pg/name No = 561.Op Ar type Ns No \&: 562.Ar value 563.Xc 564.It Xo 565.Ic setprop 566.Ar pg/name No = 567.Op Ar type Ns No \&: 568.No \&( Ns Ar values \&... No \&) 569.Xc 570Sets the 571.Ar name 572property of the 573.Ar pg 574property group of the current selection to the given values of type 575.Ar type . 576See 577.Xr scf_value_create 3SCF 578for a list of available property types. 579If the property already exists and the 580.Ar type 581disagrees with the existing 582.Ar type 583on the property, the subcommand fails. 584Values may be enclosed in double-quotes. 585String values which contain double-quotes or backslashes must be enclosed by 586double-quotes and the contained double-quotes and backslashes must be quoted by 587backslashes. 588If the named property does not exist, it is created, as long as the type is 589specified. 590See 591.Xr smf_security 7 592for the privileges required to create or modify properties. 593Multiple values will be stored in the order in which they are specified. 594.It Xo 595.Ic unsetenv 596.Op Fl i | s 597.Op Fl m Ar method_name 598.Ar envvar value 599.Xc 600Removes a method environment variable for a service or instance by changing the 601.Dq environment 602property in the 603.Ar method_name 604property group, if that property group has type 605.Dq method . 606If 607.Ar method_name 608is not specified and the 609.Fl i 610option is used, the 611.Dq method_context 612property group is used, if an instance is currently selected. 613If the 614.Fl s 615option is used and a service is currently selected, its 616.Dq method_context 617property group is used. 618If the 619.Fl s 620option is used and an instance is currently selected, the 621.Dq method_context 622property group of its parent is used. 623If neither the 624.Fl i 625option nor the 626.Fl s 627option is used, the 628.Dq start 629property group is searched for in the currently selected entity and, if an 630instance is currently selected, its parent is also searched. 631If the 632.Dq inetd_start 633property group is not located, it is searched for in a similar manner. 634.Pp 635Once the property is located, all values which begin with 636.Ar envvar 637followed by 638.Dq = 639are removed. 640See 641.Xr smf_security 7 642for the privileges required to modify properties. 643.El 644.Ss Snapshot Navigation and Selection Subcommands 645.Bl -tag -width Ar 646.It Ic listsnap 647Displays snapshots available for the currently selected instance. 648.It Ic revert Op Ar snapshot 649Reverts the properties of the currently selected instance and its service to 650those recorded in the named snapshot. 651If no argument is given, use the currently selected snapshot and deselect it on 652success. 653The changed property values can be made active via the 654.Ic refresh 655subcommand of 656.Xr svcadm 8 . 657See 658.Xr smf_security 7 659for the privileges required to change properties. 660.It Ic selectsnap Op Ar name 661Changes the current snapshot to the one named by 662.Ar name . 663If no 664.Ar name 665is specified, deselect the currently selected snapshot. 666Snapshots are read-only. 667.El 668.Ss Instance Subcommands 669.Bl -tag -width Ar 670.It Ic refresh 671Commit the values from the current configuration to the running snapshot, 672making them available for use by the currently selected instance. 673If the repository subcommand has not been used to select a repository, direct 674the instance's restarter to reread the updated configuration. 675.El 676.Sh ENVIRONMENT 677.Bl -tag -width Ds 678.It Ev EDITOR 679The command to run when the 680.Ic editprop 681subcommand is used. 682The default editor is 683.Xr vi 1 . 684.El 685.Sh EXIT STATUS 686The following exit values are returned: 687.Bl -tag -width Ds 688.It Sy 0 689Successful execution. 690.It Sy 1 691One or more subcommands resulted in failure. 692Error messages are written to the standard error stream. 693.It Sy 2 694Invalid command line options were specified. 695.El 696.Sh EXAMPLES 697.Sy Example 1 No Importing a Service Description 698.Pp 699The following example imports a service description for the 700.Sy seismic 701service in the XML manifest specified on the command line. 702.Pp 703.Dl # svccfg import /var/svc/manifest/site/seismic.xml 704.Pp 705Note that the manifest must follow the format specified in 706.Xr service_bundle 5 . 707.Pp 708.Sy Example 2 No Exporting a Service Description 709.Pp 710To export a service description on the local system: 711.Pp 712.Dl # svccfg export dumpadm >/tmp/dump.xml 713.Pp 714.Sy Example 3 No Deleting a Service Instance 715.Pp 716To delete a service instance: 717.Pp 718.Dl # svccfg delete network/inetd-upgrade:default 719.Pp 720.Sy Example 4 - Checking Properties in an Alternate Repository 721.Pp 722To examine the state of a service's properties after loading an alternate 723repository, use the sequence of commands shown below. 724One might use such commands, for example, to determine whether a service was 725enabled in a particular repository backup. 726.Bd -literal -offset indent 727# svccfg 728svc:> repository /etc/svc/repository-boot 729svc:> select telnet:default 730svc:/network/telnet:default> listprop general/enabled 731general/enabled boolean false 732svc:/network/telnet:default> exit 733.Ed 734.Pp 735.Sy Example 5 No Enabling Debugging 736.Pp 737To modify 738.Ev LD_PRELOAD 739for a start method and enable the use of 740.Xr libumem 3LIB 741with debugging features active: 742.Bd -literal -offset indent 743$ svccfg -s system/service setenv LD_PRELOAD libumem.so 744$ svccfg -s system/service setenv UMEM_DEBUG default 745.Ed 746.Pp 747.Sy Example 6 No Using the Ic describe No Subcommand 748.Pp 749The following command illustrates the use of the 750.Ic describe 751subcommand. 752.Bd -literal -offset indent 753# svccfg -s console-login describe ttymon 754ttymon application 755ttymon/device astring /dev/console 756 terminal device to be used for the console login prompt 757ttymon/label astring 758 console appropriate entry from /etc/ttydefs 759\&... 760.Ed 761.Sh INTERFACE STABILITY 762The interactive output of 763.Nm 764is 765.Sy Not-An-Interface 766and may change at any time. 767.Pp 768The command line interface and non-interactive output of 769.Nm 770is 771.Sy Committed . 772.Sh SEE ALSO 773.Xr svcprop 1 , 774.Xr svcs 1 , 775.Xr libscf 3LIB , 776.Xr libumem 3LIB , 777.Xr scf_service_add_pg 3SCF , 778.Xr scf_value_create 3SCF , 779.Xr contract 5 , 780.Xr service_bundle 5 , 781.Xr attributes 7 , 782.Xr fnmatch 7 , 783.Xr smf 7 , 784.Xr smf_method 7 , 785.Xr smf_security 7 , 786.Xr smf_template 7 , 787.Xr zones 7 , 788.Xr svc.configd 8 , 789.Xr svcadm 8 790