Re: pca install features vs. smpatch
- From: Martin Paul <map@xxxxxxxxxxxxxxxx>
- Date: Mon, 04 Jun 2007 10:30:17 +0200
Neal A. Lucier wrote:
One nice feature of smpatch on Solaris 10 is that on the next reboot all the patches disallowed by the patch policy (reboot immediate, single user, etc.) are automatically applied as the system is coming down.
I'm not a big fan of that feature, mainly for two reasons:
I want to have close control over patch installation. If I decide to install (a subset of) patches in single user mode, I will do that manually. A system starting to install patches automatically during a reboot just doesn't make me feel comfortable.
There have been (and still are) a lot of patches with wrong patch properties (reboot, reconfig, etc.). Knowing that I can't trust this data, I wouldn't trust automatic patch installation either. An example from today is patch 121580. It only installs two header files (*.h). Still, in rev 01 it was tagged to require a reboot, and in rev 02 it's tagged to be installed in single-user mode.
I'm ass-u-me'ing that pca only has different logic from smpatch to determine which patches in which order need to be applied, but that it uses the standard Sun tools to actually apply the patches, thus people using pca still get the afore mentioned nice feature.
Only partly correct. pca does use standard Sun tools to install patches, namely patchadd. The deferred patch installation is a feature of smpatch, though, which is *not* used by pca. So - no, you don't get this feature with pca. I've thought about implementing it in the past, but as pca would have to install a script in /etc/init.d/ (or an SMF service) I never did. I can think of too many things that could go wrong, and it's against pca's principle of not modifying the system whenever possible.
The recommendation for pca is one of these:
Download all patches with "pca -d", reboot to single user mode, and install all patches with "pca -i". Then do another reboot. This is the safest method.
Install all patches in multi-user mode, and reboot afterwards. I've done that for years, and never had a problem. Still, I wouldn't do that on my most important production servers, probably.
Download all patches but only install those that don't require a reboot with "pca --noreboot -i". Then reboot into single user mode, and install the rest with "pca -i". This is similar to smpatch's feature of deferred patch installation.
hth,
mp.
--
Systems Administrator | Institute of Scientific Computing | Univ. of Vienna
| http://www.par.univie.ac.at/solaris/pca/
Patch Check Advanced | Analyze, download and install patches for Sun Solaris
.
- References:
- pca install features vs. smpatch
- From: Neal A. Lucier
- pca install features vs. smpatch
- Prev by Date: blackbox and bbkeys?
- Next by Date: Re: Where to find X4100 preflash script?
- Previous by thread: pca install features vs. smpatch
- Next by thread: Where to find X4100 preflash script?
- Index(es):
Relevant Pages
|
