Monday, February 21, 2011

Solaris ssh is offline?

Solaris ssh is offline

I'm sure you must have seen a situation like this, where for some reason ssh died and you cannot login to the server remotely. If you have console access to box, you see the ssh is offline.

root@app1 # svcs -a | grep ssh
offline 1:40:22 svc:/network/ssh:default

svcs -d will tell us what other services depends on ssh

root@app1 # svcs -d ssh
STATE STIME FMRI
online 1:40:19 svc:/network/loopback:default
online 1:40:24 svc:/network/physical:default
disable 1:41:04 svc:/system/cryptosvc:default
online 1:41:16 svc:/system/filesystem/local:default
online 1:42:44 svc:/system/filesystem/autofs:default
online 1:42:43 svc:/system/utmp:default

Offline means that the service is enabled, but something it depends on is missing, disable or in maintenance mode

Here in our case crypto is disable. You might have a service with lots of dependencies that are disabled, or you might have dependencies disabled many levels deep.

Do you want to walk through all those services, find out why they're not on, and enable every dependency by hand? Of course you don't. So svcadm has a "recursive enable" option that goes through and enables everything that your service depends on.

# svcadm enable -r network/ssh


#svcs network/ssh
STATE STIME FMRI
online 1:02:23 svc:/network/ssh:default


#svcs -d network/ssh:default
STATE STIME FMRI
online 1:40:19 svc:/network/loopback:default
online 1:40:24 svc:/network/physical:default
disabled 1:41:04 svc:/system/cryptosvc:default
online 1:41:16 svc:/system/filesystem/local:default
online 1:42:44 svc:/system/filesystem/autofs:default
online 1:42:43 svc:/system/utmp:default

As you can see, we recursively enabled not only ssh, but everything it depended on, allowing it to come online.

One last option of note for enable/disable is the "temporary" option. Say that you want to enable/disable a service just for this session, but have it revert to its previous state on reboot, in case there are problems. If ssh is disabled and you issue:

#svcadm enable -t network/ssh
The enable will only be temporary. If you reboot the machine, the service will once again be disabled.

refresh
Refresh serves two purposes. One is if you've changed any of the properties of your service, say that you've added a dependency or changed the timeout for starting, you refresh the service, and the properties become active. The other purpose is that there's an optional method, in addition to "start" and "stop", called "refresh" that you can define. If your daemon can be sent a HUP signal to re-read its configuration file, you put this in the refresh method, and when you refresh the service, this method is called.

restart
Restart is pretty self evident. Restarting a service means that you stop it and start it again. Where in the past you might have issued a

/etc/init.d/sendmail stop followed by /etc/init.d/sendmail start, now you would use:

#svcadm restart network/smtp:sendmail
... which will restart sendmail.

mark (degraded | maintenance)
Mark is used to force a service into a certain state. (The states are here if you've forgotten them) An administrator might want to force a service into the maintenance state to let other administrators know that there's something wrong with it that needs to be addressed before it's started again. You can force a service into either maintenance (which will shut the service down) or degraded (which will leave it running, but let others know that it's running in a degraded state).

Keeping with our earlier example of ssh:

#svcadm mark maintenance network/ssh

#svcs network/ssh
STATE STIME FMRI
maintenance 1:12:47 svc:/network/ssh:default

clear
Clear is used to "reset" the state of a service, and have it be re-evaluated. For example, say that syslog is in maintenance:

#svcs system/system-log
STATE STIME FMRI
maintenance 1:15:33 svc:/system/system-log:default
You debug the problem, and realize that syslog failed to start because someone had accidentally deleted syslog.conf, which syslog needs to start. It attempted to start, saw that the conf file was missing, and fell into maintenance. You repair the file, and issue a clear:

# svcadm clear system/system-log

# svcs system/system-log
STATE STIME FMRI
online 1:25:07 svc:/system/system-log:default

Summary
These are SMF basic maintenance on a Solaris 10 machine. SMF administration is quite easy, and incredibly powerful. No longer do you have to hunt around for daemons and init scripts, every service is given a unique FMRI, administered through a unified framework. This, combined with explicit states and dependencies, gives administrators flexibility and power that is unavailable in other Unix distributions.

5 comments:

Anonymous said...

thank you

Anonymous said...

Cld u pls help, solution did not work for me

bash-3.2# svcs -a |grep ssh
offline 12:44:53 svc:/network/ssh:default
bash-3.2# svcadm enable -r network/ssh
bash-3.2# svcs network/ssh
STATE STIME FMRI
offline 12:44:53 svc:/network/ssh:default
bash-3.2#

Anonymous said...

bash-3.2# svcs -d ssh
STATE STIME FMRI
online 12:44:51 svc:/network/loopback:default
online 12:44:57 svc:/network/physical:default
offline 12:44:51 svc:/system/cryptosvc:default
offline 12:44:51 svc:/system/filesystem/local:default
offline 12:44:52 svc:/system/filesystem/autofs:default
offline 12:44:52 svc:/system/utmp:default
bash-3.2# clear
bash-3.2# svcs -a |grep ssh
offline 12:44:53 svc:/network/ssh:default
bash-3.2# svcadm enable -r network/ssh
bash-3.2# svcs netmork/ssh
svcs: Pattern 'netmork/ssh' doesn't match any instances
STATE STIME FMRI
bash-3.2# clear
bash-3.2# svcs -a |grep ssh
offline 12:44:53 svc:/network/ssh:default
bash-3.2# svcadm enable -r network/ssh
bash-3.2# svcs network/ssh
STATE STIME FMRI
offline 12:44:53 svc:/network/ssh:default
bash-3.2# clear
bash-3.2# svcs -a |grep ssh
offline 12:44:53 svc:/network/ssh:default
bash-3.2# svcadm -v enable svc:/network/ssh:default
svc:/network/ssh:default enabled.
bash-3.2# svcs -a |grep ssh
offline 12:44:53 svc:/network/ssh:default
bash-3.2# svcs -d ssh
STATE STIME FMRI
online 12:44:51 svc:/network/loopback:default
online 12:44:57 svc:/network/physical:default
offline 12:44:51 svc:/system/cryptosvc:default
offline 12:44:51 svc:/system/filesystem/local:default
offline 12:44:52 svc:/system/filesystem/autofs:default
offline 12:44:52 svc:/system/utmp:default
bash-3.2# svcadm -v enable svc:/system/cryptosvc:default
svc:/system/cryptosvc:default enabled.
bash-3.2# svcadm -v enable svc:/system/filesystem/local:default
svc:/system/filesystem/local:default enabled.
bash-3.2# svcadm -v enable svc:/system/filesystem/autofs:default
svc:/system/filesystem/autofs:default enabled.
bash-3.2# svcadm -v enable svc:/system/utmp:default
svc:/system/utmp:default enabled.
bash-3.2# svcs -d ssh
STATE STIME FMRI
online 12:44:51 svc:/network/loopback:default
online 12:44:57 svc:/network/physical:default
offline 12:44:51 svc:/system/cryptosvc:default
offline 12:44:51 svc:/system/filesystem/local:default
offline 12:44:52 svc:/system/filesystem/autofs:default
offline 12:44:52 svc:/system/utmp:default
bash-3.2# svcadm enable -r network/ssh
bash-3.2# svcs -d ssh
STATE STIME FMRI
online 12:44:51 svc:/network/loopback:default
online 12:44:57 svc:/network/physical:default
offline 12:44:51 svc:/system/cryptosvc:default
offline 12:44:51 svc:/system/filesystem/local:default
offline 12:44:52 svc:/system/filesystem/autofs:default
offline 12:44:52 svc:/system/utmp:default

Pankaj Gautam said...

bash-3.2# svcadm -v enable svc:/system/cryptosvc:default
svc:/system/cryptosvc:default enabled.
bash-3.2# svcadm -v enable svc:/system/filesystem/local:default
svc:/system/filesystem/local:default enabled.
bash-3.2# svcadm -v enable svc:/system/filesystem/autofs:default
svc:/system/filesystem/autofs:default enabled.


mostly likely all these above services dies just after starting, check the logs to get more insight

Anticipate said...

Thank you Pankaj !!!