Skip to content

Creating a hot patch

Notice

The following procedure should only be performed under the advisement of SoftIron support.

Procedure

  1. Generate a unique name called the hot patch ID.
  2. The name should be unique among all hot patch IDs.
  3. The name should be descriptive.
  4. The name must contain only alphanumeric characters, dashes ( - ), and underscores ( _ ).
  5. The name must not be index.
  6. Generate a Tcl script which determines under what conditions the hot patch is to be applied.
  7. The Tcl script is run in a Tcl Safe Interpreter.
  8. Additionally the Tcl commands file exist and file stat are available.
  9. There is a command called patchApplied which can be used to check to see if another patch is currently applied (one need not check for the current patch, the condition will only be evaluated when the patch has not been applied).
  10. A global variable called cmdline exists, as a Tcl array, containing all the kernel command-line parameters.
  11. A global variable called versionData exists, as a Tcl array, containing the following elements:
    1. release: Version of HyperCloud (e.g., 0.6).
    2. datecode: Date of release or check-in, as a numerically comparable value.
    3. buildid: ID of build, check-in of build, or for final releases FINAL.
  12. A global variable called id exists, which is the hot patch ID.
  13. The script will be evaluated and should return true if the patch should be applied, or false if it should not be applied. If an error is generated then false will be assumed.
  14. If the condition is NULL (in the database) or blank (on the command-line) then entry created in the hot patch file (bundle) will indicate that the hotpatch ID specified should be removed. This is a negative patch.
  15. Generate the hot patch executable, which can be any arbitrary executable or shell script to execute when the condition above is met.
  16. Generate the hot patch file:
    1. $ tclsh hotpatch-mk hotpatchFile hotpatchId conditionOrConditionFile hotpatchFile
    2. Multiple hot patches may be put into a single hot patch file (which is called a bundle).

Example

$ cd /tmp
$ cat <<_EOF_ > updateCacheMode
#! /bin/bash
cd /tmp
sed -i 's@cache = "none"@cache = "writeback"@' /etc/one/vmm_exec/vmm_exec_kvm.conf
export SSH_AUTH_SOCK="$((ls -1 /tmp/ssh-dashboard/agent.sock || ls -1 /tmp/ssh-*/agent.*) 2>/dev/null | head -n 1)"
sudo -u oneadmin one stop
sudo -u oneadmin one start
_EOF_
$ tclsh hotpatch-mk updateCacheMode-a14fee87c4-1-0_6.bundle updateCacheMode-a14fee87c4-1-0_6 'if {$cmdline(hypercloud_type) != "dashboard"} { return false }; if {$versionData(dateCode) = 20150506055907} { return false }; return true;' updateCacheMode
$ rm -f updateCacheMode

Notes

  • Hot patches are applied by hotpatchd immediately during boot up and while the system is running -- make sure your hot patch will work in both cases.
  • Once a hot patch is applied (whether it was successful or not) it will never be checked for again.
  • The hot patch condition WILL be re-evaluated every polling interval (10 minutes) if the hot patch has not been applied.
  • Keep in mind that the future will happen. Hot patches should be able to not apply when no longer applicable. The easiest way to do this is to tie the condition to a versionData(dateCode) that corresponds with the commit that fixes the problem.
  • There may be additional hot patches applied to the system -- they will only be applied one-at-a-time (in serial) but if they modify or replace the same file keep in mind that only one will win.