we have great trouble patching a server with local zones, where local zone's
/var is configured as a separate filesystem.
The situation is:
-Server running Solaris 10 Update 1 (01/06)
-Local zones with /var separated from local zone's root filesystem
-While installing patches during single user mode we will get error messages
like: "Cannot check name: //var/sadm/...". Patches will be installed partially.
Everything is ok if we install patches during multi-user. But this is not an
option for many patches!
In thread <http://www.opensolaris.org/jive/thread.jspa?threadID=18964> Enda
told us that we'd been caught by bug 6438808 and it will be fixed by patch
119254-31 to be available soon.
Well. In the meantime we got that patch to get around those "Cannot check name"
problems. We are able to patch servers
... running in multi-user (not recommended) or
... in single-user if there are no local zones with separated /var.
But we are not able to patch already existing zones with separated /var from
within single user, because "patchadd 119254-31" failes with "Patch 119254-31
failed to install due to a failure produced by pkgadd.".
Analysis showed that checkinstall is failing with SIGSEGV.
We found that patch 121004-03 (sh patch) will fix this.
Okay, we've tried to install 121004-03 at first, but 121004-03 fails while
patching local zones, because of bug 6438808.
That's a problem: we need 121004-03 for installing 119254-31, but we also need
119254-31 for installing 121004-03.
There is additional complexity because 119254-31 requires 121133-02 (zones
library and zones utility patch) which itself requires 120900-04 (libzonecfg
Patch). These patches cannot be installed, too! They are failing to install
into local zones with separate /var.
Now what? How can we patch our servers?
That's what we call in germany "Henne-und-Ei-Problem", a perdicament.
I think Sun's recommended and security patch clusters will have the same
problem if applied in single user mode on a server with local zones configured,
each with separated /var filesystem.
Any help highly appreciated,
This message posted from opensolaris.org
zones-discuss mailing list