7 Replies Latest reply on Aug 8, 2005 7:51 PM by Sung Koo

    Installing Solaris patch clusters in single-user mode

      Has anyone built an end-to-end CM process for installing a Solaris patch cluster in single-user mode? I would hypothesize the process might be something like this:



      1. Set up a script (labelled X) to install the patch cluster and reboot the server.

      2. Set up an AT job to run the script X in 10 minutes.

      3. Reboot the server in single-user mode.


      Would that work?

        • 1. Re: Installing Solaris patch clusters in single-user mode

          Although I've never tried it, I've been told that single-user mode on Solaris can be set up to allow network connections. It isn't the default setup, but I'm told it can be done. Under this scenario, you can access the RSCD Agent and set up a batch job that looks like the following:


          1. boot to single-user mode

          2. install the patch cluster

          3. boot to normal mode


          Of course, I know there are people out there who will have difficulty allowing network connectivity in single-user mode, in which case I'd go with what you suggested.

          • 2. Re: Installing Solaris patch clusters in single-user mode

            I do not beilieve atd (part of cron) is running in Single User mode. There is no S## scripts that includes a start of cron in /etc/rcS.d. In other rc#.d directories there is an S##cron script.


            So, your solution would not work as the triggering daemon would not be running.


            But, there is the possibility of adding a script to /etc/rcS.d to install the patch cluster, call shutdown -y -i 6 to schedule a reboot and then delete itself.


            Your BLpackage would then install the script, put the patch cluster on the filesystem (make sure it is somewhere that is mounted a runlevel S) and have a post command in the deploy job to reboot into Singler User mode.

            • 3. Re: Installing Solaris patch clusters in single-user mode

              Thanks Michael,


              What you are describing is the approach I have used in the past. I think it is the better approach since running network stack in single user mode is not the norm and defeats the purpose of single user mode

              • 4. Re: Installing Solaris patch clusters in single-user mode

                Apparently the difference depends on whether you reboot to single user mode or go down to single user mode.


                I am not a solaris admin, so don't don't quote me, but surely, if there are no K### scripts for level 1, then the network, cron & rscd will not go down?


                Maybe someone who does know can elucidate.

                • 5. Re: Installing Solaris patch clusters in single-user mode

                  I've created BLPackages for installing patch clusters in single user mode which seem to work fine. Robin is correct in that what's enabled in single user mode depends on the scripts in rcS.d.


                  If the BL job takes the server down to single user mode (init S), rscd will still be running, and the job will continue. Provided all apps, ssh and telnet are stopped by their appropriate K-scripts, no-one can access the system, which is all you need to achieve to apply the patches.


                  After the install_cluster script finishes, the BL job issues a shutdown -i6 which reboots the server.

                  • 6. Re: Installing Solaris patch clusters in single-user mode

                    Just to clarify, BLPackage could contain steps :-


                    init S

                    Deploy patch cluster zip file to /tmp

                    unzip and 'install_cluster'

                    shutdown -i6 -y


                    No need for cron or AT jobs as its all controlled from Config Manager.

                    • 7. Re: Installing Solaris patch clusters in single-user mode

                      You can start up networking in single user mode...just copy over the inetsvc rc file to /etc/rc1.d and reboot the system with "reboot -- -s". The networking kernel modules won't become corrupted during installs because it is dynamically called when started and doesn't read the network module on disk until the system is restarted.


                      I've personally have never seen problems with doing single user patching in all my years as a Solaris admin. As a matter of fact, the new Solaris patching system (smpatch) depends on a network connection for checking and installing patches.