Liane Praza wrote:
> It leaves a bad taste 
> in my mouth, but then again so does the fact that we've got two 
> different patching systems which require the system to be in different 
> states when they run.

Three :-)

Well, sort of.

All of them agree that the system should be "in single user mode".  The 
difference is how you get there, and *exactly* what it means.

The legacy is that it means interactive, shell-prompt single-user mode.

We're trying to implement (or, rather keep supporting) automatic 
installation of these patches, and interactive shell prompt single-user 
mode isn't reasonable for automatic installation.  (There are one or two 
really gross ways to do it - boot the system to single user mode, 
including a service that runs before single user mode, puts itself in 
the background, and waits for SMF to reach milestone/single-user, then 
*while the interactive single-user login is available* do the patch 
installs in the background and reboot the system.)

The two automatic schemes attempt to install patches at a system state 
that is epsilon different from interactive single-user mode.  (Either 
epsilon earlier than interactive or epsilon later than single-user would 
be OK, with epsilon earlier being easier to implement and epsilon later 
being slightly more desirable.)  One, UCE, does this by running its 
automatic mechanism from a high-numbered rcS.d script.  The other, 
SunUC-S (a.k.a. smpatch or Update Manager) does it by running its 
automatic mechanism from a SMF service that runs during system shutdown 
at a point intended to be equivalent to single-user mode.

(The reason that SunUC-S does its work during shutdown rather than 
startup is that most of these patches require a subsequent reboot, and 
doing the patching during shutdown means that there's only one reboot. 
This is better in theory than in practice, because system shutdown is 
not as well controlled as system startup and many services are left 
running until the bitter end.)

Anyhow, the goal here is to find at least one strategy for automatic 
installation of these patches that everybody can agree to support.  Of 
course, my slight preference is that it be installation during shutdown 
(because that reduces the number of reboots), but my expectation is that 
it will involve installation epsilon from interactive single-user mode, 
with a subsequent reboot required.
zones-discuss mailing list

Reply via email to