Although I've never tried it, I've been told that single-user mode on Solaris can be set up to allow network connections. It isn't the default setup, but I'm told it can be done. Under this scenario, you can access the RSCD Agent and set up a batch job that looks like the following:
1. boot to single-user mode
2. install the patch cluster
3. boot to normal mode
Of course, I know there are people out there who will have difficulty allowing network connectivity in single-user mode, in which case I'd go with what you suggested.
I do not beilieve atd (part of cron) is running in Single User mode. There is no S## scripts that includes a start of cron in /etc/rcS.d. In other rc#.d directories there is an S##cron script.
So, your solution would not work as the triggering daemon would not be running.
But, there is the possibility of adding a script to /etc/rcS.d to install the patch cluster, call shutdown -y -i 6 to schedule a reboot and then delete itself.
Your BLpackage would then install the script, put the patch cluster on the filesystem (make sure it is somewhere that is mounted a runlevel S) and have a post command in the deploy job to reboot into Singler User mode.
What you are describing is the approach I have used in the past. I think it is the better approach since running network stack in single user mode is not the norm and defeats the purpose of single user mode
Apparently the difference depends on whether you reboot to single user mode or go down to single user mode.
I am not a solaris admin, so don't don't quote me, but surely, if there are no K### scripts for level 1, then the network, cron & rscd will not go down?
Maybe someone who does know can elucidate.
I've created BLPackages for installing patch clusters in single user mode which seem to work fine. Robin is correct in that what's enabled in single user mode depends on the scripts in rcS.d.
If the BL job takes the server down to single user mode (init S), rscd will still be running, and the job will continue. Provided all apps, ssh and telnet are stopped by their appropriate K-scripts, no-one can access the system, which is all you need to achieve to apply the patches.
After the install_cluster script finishes, the BL job issues a shutdown -i6 which reboots the server.
Just to clarify, BLPackage could contain steps :-
Deploy patch cluster zip file to /tmp
unzip and 'install_cluster'
shutdown -i6 -y
No need for cron or AT jobs as its all controlled from Config Manager.
You can start up networking in single user mode...just copy over the inetsvc rc file to /etc/rc1.d and reboot the system with "reboot -- -s". The networking kernel modules won't become corrupted during installs because it is dynamically called when started and doesn't read the network module on disk until the system is restarted.
I've personally have never seen problems with doing single user patching in all my years as a Solaris admin. As a matter of fact, the new Solaris patching system (smpatch) depends on a network connection for checking and installing patches.