Version 3.1-en Solaris 10 Container Guide - 3.1 4. Best Practices Effective: 30/11/2009
4.4.3. Patching with upgrade server
[ug] A zone is transported from the production computer to a so-called upgrade server ( zoneadm
detach and zoneadm attach) that has the same version as the production server. On this
upgrade server, the upgrade or the installation of patches is then carried out. Subsequently, the zone
will have the new patch version. Variants:
•The upgrade server can then serve as the new production computer.
•A cluster (Sun cluster) can also be upgraded by installing the patches in the zones on an
upgrade server, then installing the patches in a cluster node and then moving the zones
there. Next, the first cluster node can be updated.
•If the zones are supposed to continue running, only one copy of the zone is moved and the
application is not started during the upgrade.
Thereby, the total run time of the upgrade, which depends on the number of patches and the number
of zones, is not so important anymore. Production continues to run during the upgrade process.
4.4.4. Patching with zoneadm attach -u
[ug/dd] With Solaris 10 10/08, the command zoneadm attach -u is available with which a
zone can be updated to the status of the new target system during zoneadm attach.
But this does not provide a new upgrade option.
However, it is a precondition for zoneadm attach -u that t he patch histo ry is q uite identical
and that the target system does not have a package containing an older version because it is not
possible to downgrade a package. This also holds true for a package's old patch status. A zoneadm
attach -u will nor work between arbitrary systems. Systems should be administered accordingly
for this purpose, such as for example in a cluster. Patches, installed by this method, can not be
backed out.
zoneadm attach -u installs only patches of packages, that have t he option
SUNW_PKG_ALLZONES=true set. These are typically OS-Packages, but not that of applications.
If zoneadm attach -u will be used for patching, it is important to know that patches of
applications will maybe not or not completely be installed. These p atches has to be post-installed to
stay in sync with the patch- and package-database.
With this knowledge and ext ensive evaluation zoneadm attach -u could be a very powerful
functionality for patching. Especially in time-critical situations is this method faster than parallel
patching with patchadd.
To summarize zoneadm attach -u will only work under certain preconditions and does not
help to apply all patches. It is therefore not usable as a normal patch/upgrade process.
4.4.5. Moving zones between architectures (sun4u/sun4v )
[ug] zoneadm attach -u allows moving zones between the two current SP ARC hardware
architectures. The precondition for this is, however, that the same packages are installed and that the
patch history is as identical as possible. It is advisable to prepare such a zone move by patching the
systems always in parallel.
53