How to enable TCP Wrappers with SMF services?
I am using a site.xml file to enable/disable services during a Jumpstart configuration. This works great.
However, I can't yet figure out how to configure the various properties of those services, such as enabling TCP Wrappers for a service. I can set the properties of a service and verify that they are set, but a "svccfg extract" does not capture that information.
Is this a short coming of svccfg extract? Or are the properties of a service stored and configured elsewhere?
# 1
Use <tt>svccfg export</tt> to get the settings (service properties) output in the form of a service manifest, like those found in <tt>/var/svc/manifest</tt>. (<tt>svccfg extract</tt>) exports the current services' enabled settings as a service profile, like those in <tt>/var/svc/profile</tt>.
- Stephen
# 2
Stephen,I tried that, and it didn't work. svccfg extract, at least on build 72, is not capturing the status of tcp wrappers. I posted about the problem in your blog on 12/09/2004.Thanks...
# 3
extract shouldn't capture property values, but export should. Is export also not working?- Stephen
# 4
Ok, just a little more hand holding and I should be there....
1) Now that I have my exported service description, is there a way to automatically import that on boot like site.xml?
2) How do I change global defaults for all service descriptions? For example, I would like tcp_wrappers=true by default for all services.
Thanks!
# 5
> Ok, just a little more hand holding and I should be
> there....
>
> 1) Now that I have my exported service description,
> is there a way to automatically import that on boot
> like site.xml?
Anything you put in /var/svc/manifest (that ends in .xml) will
be automatically imported. One approach is to take your
customized version, change the instance name to, say, "site",
and then use site.xml to deactivate the default instance and activate your site instance.
> 2) How do I change global defaults for all service
> descriptions? For example, I would like
> tcp_wrappers=true by default for all services.
I believe inetadm has options for this. The -p option will list the current default properties; the -M option lets you modify them.
- Stephen
# 6
>> Anything you put in /var/svc/manifest (that ends in
> .xml) will
> be automatically imported.
I'm assuming you mean /var/svc/manifest/site/whatever.xml?
> I believe inetadm has options for this. The -p
> option will list the current default properties; the
> -M option lets you modify them.
Got it...Now, my next obvious question...Is there a way to export/extract the inetadm defaults and put them into an xml file?
When is documentation that gets to this level of detail going to be available? I can still only find basic administrative type documentation, and simple this is how you create a service type stuff.
# 7
> I'm assuming you mean
> /var/svc/manifest/site/whatever.xml?
That will work, as will any path underneath /var/svc/manifest.
> > I believe inetadm has options for this. The -p
> > option will list the current default properties;
> the
> > -M option lets you modify them.
>
> Got it...Now, my next obvious question...Is there a
> way to export/extract the inetadm defaults and put
> them into an xml file?
Hmm. The defaults get written on the inetd service
I believe, so exporting that would give you the fragment
you want.
> When is documentation that gets to this level of
> detail going to be available? I can still only find
> basic administrative type documentation, and simple
> this is how you create a service type stuff.
We're still writing the developer guide, which will contain
descriptions of all of the techniques, commands, locations,
etc. you're looking for. The current documentation is
sparser than I would like, although the manual pages imply
a lot of what's possible.
Sorry that it's such a slog in the meanwhile.
- Stephen
# 8
> That will work, as will any path underneath
> /var/svc/manifest.
Got it working...Exported the inetd configuration, set tcp_wrappers to false, dropped inetd.xml into my jumpstart tree, jumped a box, and tcp_wrappers came up enabled by default for my inetd services!
What is the difference between the /var/svcs/profile and /var/svcs manifest directory? Is profile for enabling/disabling services and manifest for service configuration?
Does /var/svcs/profile/site.xml and /var/svcs/manifest/whatever.xml get read on every system boot? If not, what is the appropriate procedure to "reinitialize" smf if you want to change the existing behaviour by having it reread those files?
>> Hmm. The defaults get written on the inetd service
> I believe, so exporting that would give you the
> fragment
> you want.
It did, and I was able to accomplish what I needed to do.
> Sorry that it's such a slog in the meanwhile.
Will there be something before FCS in a couple weeks?
I can definetly see the managability and robustness of SMF. It's just going to take time to learn it, and documentation is needed for that.
Thanks for all your help!
