Steve Lawrence wrote:
> So you want to be able to interrupt any boot to any milestone, and instead do
> the patch processing if a patch is pending.  You basically want to interrupt
> the current milestone, and instead just boot to filesystem-local and do the
> patching.

That would be my initial plan, at least roughly.  I wouldn't think of it 
in terms of going to a different milestone, per se, but rather that 
there is a point in system startup where we look to see if there are any 
patches pending.  If not, we continue; if so, we apply them.  If they 
require reboot, we reboot, else we let the system continue to come up.

That point needs to be early enough so that the system is quiescent, but 
late enough so that the services needed by the patches tools (e.g. local 
file systems) and the patches themselves are present.

> The question is, can the smf milestone be changed mid-milestone?
> My test shows that it can.  How about:
> 1. Create patch-test-service, on which single-user depends.  This will
>    "svcadm milestone patch-install-milestone" if a patch needs to be
>    installed.  This service is always enabled.
> 2. Create patch-install-milestone, which depends on patch-install-service
>    below.
> 3. Create patch-install service, which depends on:
>       single-user
>       filesystem-local
>    This service is always enabled. It will install a patch if it is pending,
>    otherwise, do nothing.  If the service fails, it might need to:
>       # svcadm milestone single-user
>    So that a maintenance prompt will be appear on the console.  This might
>    not be necessary.  you might get this anyway, as console-login is not
>    reached.
> It should be ok to issue smf commands from an smf service, as long as they
> do not try to do any synchronous operations (-s).

Seems a little convoluted, but might be workable.

patch-install-service might need to

     ms=`svcprop -p options/milestone svc:/system/svc/restarter:default`
     svcadm milestone "$ms"

if the patches installed don't need a reboot.

> This approach is also good because an explicit boot to single user WILL NOT
> attempt to install pending patches.

That would be very nice, but are you sure?  It seems like 
patch-test-service would override the milestone specified at boot time, 
and the system would continue up to the patch installation milestone.

> Disabling the patch-test and patch-install services will disable the
> automatic installation of pending patches on reboot.
zones-discuss mailing list

Reply via email to