Using Update on Attach as a Patching Solution

The update on attach process developed for migrating zones to a different system can also be used to patch zones. This method allows the global zone to be available more quickly. The system administrator can then control which zones are updated first and get those zones running before less critical zones are updated and booted.

The following process updates all patches so that the zone looks like a newly installed zone on the system:

1. Before applying a patch bundle to the global zone, detach all of the non-global zones.

2. Apply the patch bundle to the global zone.

3. After the bundle has been applied and the system has been rebooted, use the zoneadm attach command with the -U option to bring the non-global zones up to the same patch level as the global zone.

Any packages installed inside the zone but not installed in the global zone are ignored and not affected.

See Solaris 10 10/09: Zones Parallel Patching to Reduce Patching Time for a fast patching solution that utilizes the patchadd utility.