Is patching Sol 10 machines with zones safe?
Now that Sun update has been released, "smpatch update" explicitly checks for the presence of non global zones and refused to run.
Now, its fairly trival to reproduce the "smpatch update" functionality from "smpatch download" which still works and a bit of scripting.
Ive done this on a test machine with zones with no obvious ill effects.
However since Sun went to the trouble of disabling "smpatch update", you have to presume there was a good reason.
So is patching machines with zones safe. Or is there some known problem with doing this.
# 1
The problem was that the underlying tool patchadd was not zones aware and then changes (I believe for bug: 6200143 ) changed the exit codes that smpatch relies on.
Now in Solaris 10 patchadd/patchrm now returns only an exit code of 1 or 0 when using zones which is insufficient both for smpatch and for the Update Manager.
So there are two options:
If the system does not have any local zones configured then you can run "patch[add|rm] -t" in transitional mode which reverts back to the old pre Solaris 10 rich return codes that smpatch needs.
If there are zones on the system, using smpatch download + patchadd will work, but you cannot get rich status from patchadd:
Running "patchadd -t" on a system with local zones gives:
# patchadd -t
Transition patching (-t option) is not supported in a zones environment.
HTH
ethan
# 2
I was going to ask a question similar to the original one, but that answer part of mine.
If I do an smpatch download in the global zone then do a patchadd -G of those that were downloaded, will that work?
Then if I want to apply those patches to the local zones run a patchadd in that zone itself?
