Thoughts from a colleague - Enda O'Connor - inline...
Best,
-Don
Enda O'Connor wrote:
Hi
Some people have recommended Update On Attach see
http://wikis.sun.com/display/BluePrints/Maintaining+Solaris+with+Live+Upgrade+and+Update+On+Attach
and also the following for a description of how update on attach works
in conjunction with patching.
http://www.sun.com/bigadmin/features/articles
/zone_attach_patch.jsp#Patching
it is important to first read the bigadmin article to understand how
it works before goign down this route.
Enda
On 13/07/2010 16:32, Enda O'Connor wrote:
Hi David
the major issue with patching a live system with a failover zone is if
the zone failed over for any reason during patching. This would cause
patch corruption, one would need to suspend the HA container
resource, i.e.
clrg suspend << the resource group >>
detach zones on remaining node
apply patch
attach zone on other node
clrg resume the resource group
But one would need to take some care to identify patches that can be
applied in such fashion.
the following doc has section on applying patches that require Single
User Mode in failover zone environment.
http://docs.sun.com/app/docs/doc/819-2971/z4000076997776?a=view
I have cc'ed Chris who has lots of experience in this area.
But the main concern is that the zone might failover during such
patching.
Enda
On 13/07/2010 10:56, Don O'Malley wrote:
Hey Enda/Ed,
Any thoughts on this?
In addition to the no reboot question, is it better to detaches your
zones and use update on attach to bring the local zones back in
sync, or
is there no difference between the two (I thought update on attach was
quicker)?
Best,
-Don
David Stark wrote:
Hi List.
A bit off-topic, but PCA's involved, so I'm going to push my luck.
We've got a number of Sun Cluster installs using (lots of) failover
zones and with no LiveUpgrade alt. boot space set up, which we need to
patch. If we were to patch the clusters node-by-node (including the
kernel patches that don't like zones being booted when they're
applied), the zones would fail over between the nodes and never get
patched themselves, and since kernel (and some other?) patches can't
be applied from inside zones we would end up in a situation where the
zones' patch databases are out of sync with the Global zone. I know
from very bitter experience that this is a Bad Thing, so to avoid that
we're currently bringing the clusters down to patch them. This
obviously isn't optimal - people expecting 100% uptime from the
clusters are naturally a bit annoyed at having their applications down
for several hours while we unleash the mighty PCA.
So, to minimise downtime I'd like to apply the noreboot patches, say,
the night before, and have a more minimal patch run with the clusters
down. This brings me to the question:
Has anyone ever had any problems with noreboot patches applied to live
systems? Any weirdness at all? I've patched plenty of test machines in
multi-user mode, but never busy production boxes - these are fairly
large Oracle and SAP environments for the most part.
Anyone with experience patching Sun Cluster care to share any top
tips?
Cheers!
Dave
