I've been spending some time researching ideas for how we could upgrade
Solaris 10 once its installed in a solaris10 branded zone on S.next.
We won't need this capability until S10u9 is released, but I want to make
sure we do whatever we need to do now in order to enable this for the future.
I have two possibilities in mind. Each of these is project level in its
own right, so I assume we will only actually be able to do one of the
1) Make live-upgrade work inside the solaris10 branded zone
I've been looking at the LU code to try to see what might be involved.
There is no way we can emulate for this. We would have to do a project
in the S10u9 LU code to make it solaris10 branded zone aware and enhance
the code to make it work for upgrade inside the zone. There are various
issues, such as ZFS pool awareness, mnttab parsing, file system mounting,
grub awareness, etc. which would have to be coded around or changed. To
enable this for the future I think we would have to set up the solaris10
zone now using a ZFS root dataset model similar to what we're doing today
with the ipkg brand on OpenSolaris.
a) The zone sysadmin would be in control of the upgrade.
b) The user would be using a S10 tool to upgrade the zone (even
though that tool will have been enhanced to be solaris10 zone aware).
c) The zone admin could use LU ABEs to apply patches to their zone.
a) We don't know this code.
b) This is S10-only code that would have be enhanced.
c) This is closed source so no community involvement.
d) This is complex, legacy code which is a hairball.
e) This code is fragile and there might be strong pushback for changing
it further in S10.
f) There is no re-use or other benefit to this work.
2) Enhance the zones "update on attach" code to do a real upgrade
The idea here is that we improve the 'update on attach' code so it can
use a Solaris 10 CD image as the source of the pkgs instead of the
global zone. We would also enhance the code so it uses the full pkg
list from the CD image instead of just the system software pkgs that
have to be updated to sync the zone. The global zone admin would run
this new code to upgrade specific solaris10 branded zones. They could
either upgrade the zone in place or clone the zone and upgrade the clone,
providing similar functionality to LU.
a) I think this would be a simpler project.
b) This code could be easily re-used to provide a true single zone
"upgrade on attach" feature for a S10 native zone backport - lots of
people want that.
c) We know this code.
d) This code is open source and readily re-usable.
a) Upgrade would be done by the global zone admin, not the zone admin,
so the zone admin is no longer the one in control.
b) Because LU wouldn't work this might cause a perception of
incompatibility between the solaris10 branded zone and a bare
c) This doesn't solve the problem of using LU to apply patches to
an ABE within the zone.
Please send me any comments on preferences for one solution or
the other, as well as any other thoughts on this topic.
zones-discuss mailing list