I'm currently patching our Solaris 10 servers. My question is simple, Is there a way patch a system with zone on zone at a time? So I don't have to take down the whole server and all the zones at one time. Has anyone done this? is it worth it? What is your experience?
I'm not sure if there is such way. If we speak about minimizing downtime I would suggest to use Live Upgrade to upgrade the Global and all Local Zones. Unfortunately at some point you will have to reboot the global zone. You can perform Live Upgrade with local zones on both UFS and ZFS filesystem.
There is also a possibility to Update Zones on attach. But this is also an disadvantage, as before proceeding with patching Global Zone [Patch Cluster, Live Upgrade or Media Upgrade] you will have to detach all local zones, and after successful upgrade of Global Zone you would have to attach those zones with '-u' option.
If you have more than one Solaris OS host with the same Kernel patch level (as the machine you would like to upgrade) you can migrate zones to second host, patch the host (from which zones has been migrated), migrate them back and update on attach.
Doc ID: 1364856.1
Title: How to Patch Oracle Solaris Using Advanced Oracle Solaris Live Upgrade Strategies for Zones and Clusters
Solaris 10 11/06: Migrating a Non-Global Zone to a Different Machine
Thanks for replying to my post. We don't use Live update at my work. I did some reading and the patchadd command has a switch -G that will apply patches to that zone only. So It looks like I can patch each zone one at a time like this. This will work for Java patches, but will it work with system patches like 10_recomended patches?
Basically I'm asking for someone to tell me what they do.