Liane Praza wrote:
> It leaves a bad taste
> in my mouth, but then again so does the fact that we've got two
> different patching systems which require the system to be in different
> states when they run.
Well, sort of.
All of them agree that the system should be "in single user mode". The
difference is how you get there, and *exactly* what it means.
The legacy is that it means interactive, shell-prompt single-user mode.
We're trying to implement (or, rather keep supporting) automatic
installation of these patches, and interactive shell prompt single-user
mode isn't reasonable for automatic installation. (There are one or two
really gross ways to do it - boot the system to single user mode,
including a service that runs before single user mode, puts itself in
the background, and waits for SMF to reach milestone/single-user, then
*while the interactive single-user login is available* do the patch
installs in the background and reboot the system.)
The two automatic schemes attempt to install patches at a system state
that is epsilon different from interactive single-user mode. (Either
epsilon earlier than interactive or epsilon later than single-user would
be OK, with epsilon earlier being easier to implement and epsilon later
being slightly more desirable.) One, UCE, does this by running its
automatic mechanism from a high-numbered rcS.d script. The other,
SunUC-S (a.k.a. smpatch or Update Manager) does it by running its
automatic mechanism from a SMF service that runs during system shutdown
at a point intended to be equivalent to single-user mode.
(The reason that SunUC-S does its work during shutdown rather than
startup is that most of these patches require a subsequent reboot, and
doing the patching during shutdown means that there's only one reboot.
This is better in theory than in practice, because system shutdown is
not as well controlled as system startup and many services are left
running until the bitter end.)
Anyhow, the goal here is to find at least one strategy for automatic
installation of these patches that everybody can agree to support. Of
course, my slight preference is that it be installation during shutdown
(because that reduces the number of reboots), but my expectation is that
it will involve installation epsilon from interactive single-user mode,
with a subsequent reboot required.
zones-discuss mailing list