Subject: zoneadm attach -b option [PSARC/2008/410 FastTrack timeout 07/07/2008]
To:      PSARC-ext@Sun.Com
Cc:      
Bcc:     one-pager-list@sac.sfbay one-pager-log@sac.sfbay sac-bar@sac.sfbay

I am sponsoring this fast-track for myself.
I extended the timeout due to the July 4th
holiday in the US.

Thanks,
Jerry

Template Version: @(#)sac_nextcase 1.66 04/17/08 SMI
This information is Copyright 2008 Sun Microsystems
1. Introduction
    1.1. Project/Component Working Name:
	 zoneadm attach -b option
    1.2. Name of Document Author/Supplier:
	 Author:  Jerry Jelinek
    1.3  Date of This Document:
	27 June, 2008
4. Technical Description
SUMMARY: 

    This fast-track enhances the Solaris Zones [1] "update on attach"
    feature [2] to address a bug related to the handling of IDRs [3].

    To handle this, a new option, -b, will be added to the "zoneadm attach"
    subcommand for use in backing out patches from the zone, prior to
    updating.

    Patch binding is requested for this option.  The stability of this
    interface is documented in the interface table below.

DETAILS:

    Currently when we migrate a zone and update it to the new hosts pkg/patch
    level, we first verify that all pkgs/patches are the same release or newer.
    IDRs (Interim Diagnostics/Relief - these are temporary one-off patches
    that are provided to customers) are not handled by 'update on attach'
    since there is no metadata indicating if these patches are obsolete.  Thus,
    the IDR must also be installed on the target for the attach to succeed.

    However, the IDR may not be installed on the target machine for various
    reasons (e.g. it may not be valid to install the IDR on the target system,
    the problem may not exist, etc.).   Normally the solution would be to
    remove the IDR from the source system before migrating the zone but this
    might also not be possible (e.g. the IDR is required to keep the source
    system running, the source system is no longer available and the customer
    is trying to attach the zone on a new system, etc.).

    To address this we'll add a new option, -b.  This option allows the
    user to specify a patch (can be used for both official patches and IDRs)
    to be backed out of the zone before the update.  Multiple -b options
    can be specified on the CLI.  If any of the patches cannot be backed out
    for any reason, then the attach will fail and none of the patches will be
    backed out.

    This is an example usage:

    # zoneadm -z myzone attach -u -b IDR246802-01 -b 123456-08

    This new option is brand-specific and only applies to zone brands using
    SVr4 packaging.

EXPORTED INTERFACES

	zoneadm attach option
		[-b]			Committed for SVr4-based brands

IMPORTED INTERFACES

	patchrm CLI			Evolving PSARC/1996/303

REFERENCES

1. PSARC 2002/174 Virtualization and Namespace Isolation in Solaris
2. PSARC 2007/621 zone update on attach
3. update on attach needs a way to ignore IDRs
   Bugid 6715030 http://bugs.opensolaris.org/view_bug.do?bug_id=6715030

6. Resources and Schedule
    6.4. Steering Committee requested information
   	6.4.1. Consolidation C-team Name:
		on
    6.5. ARC review type: FastTrack
    6.6. ARC Exposure: open