Jordan Brown writes: > James Carlson wrote: > > It's bad only because you're modifying the running system, and that > > itself is arguably an inherently bad thing no matter what precautions > > are taken. > > > > A better and safer answer is to modify an alternate boot environment > > (with everything still up and running), and then switch environments. > > With ZFS root, this should become very low cost: zfs snapshot, clone, > > write changes, and switch. > > Yes, yes, of course. And if we could guarantee that everybody was using > ZFS or Live Upgrade, it would be a lot easier. Plus it would help if we > didn't have to support S8 and S9 systems. But we can't, and we do.
You probably don't have to have any special SMF support for S8 and S9. As for the other points, I think that's the one of the main design points behind the use of a ZFS root in the OpenSolaris distribution: having a level playing field that includes all the features needed to make upgrade successful. (And as long as we're discussing this on the SMF opensolaris.org mailing list ...) > Note, however, that even alternate-boot-environment schemes have their > problems. If the system is running, are you sure that the running > software won't make some important change *after* you take the snapshot? > Patches occasionally want to write /etc/passwd; what happens if some > user changes their password at the wrong moment? What's supposed to happen is that administrative files (such as /etc/passwd) are sync'd over to the new boot environment on shut down and start-up. If that process fails, you'll get an error message, and you'll have to deal with the carnage by hand. I agree it's not perfect (something that knew how to merge changes would be at least a bit better), but I can't say I've ever run into such a problem. The act of creating a clone, applying patches to it, and then switching over to the new environment is so distinctive that it wouldn't even cross my mind that I could (or should) start performing random other administrative actions in the middle of that process. I think it's more of a theoretical problem. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
