> As long as you've gone through the prerequisite patch list then I can't see > any particular problems.
I have and there isn't :-) Most of the problems I have helped customers through were related to patches not being applied or not installing the LU packages from U4. I've done this particular combo quite a few times. The patch list is somewhat lengthy and I do recall a couple of kernel patch reboots if you haven't been keeping up on your maintenance. Nice thing is that the fine folks in the patching group are now releasing LU recommended bundles to help. > I must confess, though, that I don't do any significant patching of systems > with zones, and haven't tried LU on a zoned system. I always migrate the > zones to different servers so that I have a bare system to do maintenance on. If you have the ability to do that - outstanding idea. And the upgrade on attach in Solaris 10 10/08 will make this approach even more interesting. Read that as - please look into it, brilliant stuff! Simple fact is that patching and upgrading with zones takes more time and resources than patching without zones. Live Upgrade takes most of the pain away from this by moving the process outside of schedules maintenance windows (in most cases). So if you have designed an environment where you can play peek-a-boo with your zones (in a supported way) then bravo - that's being way smart. If you are bought into the automated provisioning approaches, the next most efficient design point is to tear down zones, do your upgrade or patching, and then re-provision your zones. Works well in simple situations where teardown and rebuild are practical. Puts pressure on the maintenance windows and the lack of quick fall back. And simply doesn't work on zones where there is a heavy administrative burden (apps need a lot of configuring or managing). I have been doing this approach on a few systems here with simple things like web servers just to see how far I can push the automated provisioning approach. > I wonder whether I'm just different here, or whether people do patch or > upgrade > systems with zones intact, and whether it's really a good idea? On the other systems where I can't easily re-provision my apps, I do this. And I do move between s10 and nevada quite regularly to really stress the approach. It has been relatively painless since u4. The only thing I have run into that has been frustrating is that I can't bring up or shut down zones while the live upgrade is in flight. For patch clusters that isn't so bad, but do a u5 to nevada98 that takes all afternoon and that's a different situation. > (And by migrate, we have our own zone installation scripts. So we don't move > a whole zone, we simply shut it down, create a new one elsewhere, and zfs send > the zones dedicated data across before starting it up. We're not interested in > moving any of the OS components of the zone - that's just wasted effort.) There are two schools of thought on this one. You move the app+data or just the app. I wonder if your approach will change once upgrade on attach is available (it is in nevada should you choose to take a look at it immediately). There is a blogging opportunity here (like there's ever a lack of things to write about). Bob _______________________________________________ sysadmin-discuss mailing list sysadmin-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
