Some thoughts regarding update on attach, and why I don't think it
will be as useful as it could be. Perhaps Jerry or someone could
enlighten me or give me some feedback.
This mainly applies to whole root zones, since they do not have any
inherited package directories.
The update to the local zone only updates packages that have the
SUNW_PKG_ALL_ZONES set to true or are in a package inherited
directory. This means it is not similar to an upgrade performed by the
installation system or live upgrade.
One useful scenario for update on attach was to have one node upgraded
without zones and then migrate the zone one after the other to the
upgraded host and have them upgraded on attach (quite useful when you
have 20+ zones in one machine). This will leave the zone in a
supported state, however the zone will have a mix of packages from the
old and new machine, depending on if they are required to be
consistent between all zones. Since many installations using local
zones keeps the local zones in sync with the global zone, this is not
an optimal situation. If we use update on attach today, that zone will
be different from the other zones created after the upgrade or zones
that have been upgraded at the same time as the global zone. In the
case of one machine being upgraded to a later update of Solaris, that
will be quite a few packages with different versions. This is not an
acceptable solution for many environments.
Shouldn't it be possible to implement the functionality to update all
packages that have newer versions in the global zone? That could
perhaps be an additional flag to attach -u, maybe -a?
I know packages could be of different version on purpose, but then
this option should not be used, or implement an option to supply a
list of packages to upgrade or leave alone.
zones-discuss mailing list