Ksplice Deployment Options for Oracle Linux

Ksplice is designed to work in many different computing environments. Because upgrading the kernel on any running system is a hassle, we want you to be able to deploy Ksplice as widely as possible. As a consequence of this, there are a number of ways to set up a Ksplice installation.

These choices can be a little confusing, so this best practice guide will go over your options, how to install them, and when each is appropriate. You should also watch the Oracle Linux Updating and Patching whiteboard presentation by Lenz covering this topic.

Ksplice comes with no extra charge as part of Oracle Linux Premier Support. Ksplice is very versatile and is designed to work with your environment — whatever that environment may be. Once you've decided on how you'll install Ksplice you can find more information in the Ksplice User's Guide or through your normal Oracle support channels.

Getting Started

If you need a little background on Ksplice and why you should be using it, check out this great blog post about Ksplice by Wim or head up to the OTN Ksplice overview page.

Before installing Ksplice you'll need to know where to get all of the Ksplice packages. Ksplice is available for customers with Oracle Linux Premier Support. Everything you'll need is available in a dedicated Ksplice channel on the Unbreakable Linux Network (ULN). The name of the channel is ol{release}_{architecture}_ksplice. You can find your release by running cat /etc/oracle-release and your architecture by running uname -m. For example, ol6_x86_64_ksplice is the Ksplice channel for Oracle Linux 6 running on x86_64. Ksplice is not available on our public yum server.

In this channel you will find the following packages:

  • uptrack

    This is the Ksplice client itself.

  • uptrack-offline

    This is the Ksplice client for systems without network access. When to install this package will be covered below.

  • uptrack-updates

    This package contains the Ksplice updates.

  • python-ksplice-uptrack

    This package contains bindings and example scripts for the Ksplice API. The Ksplice API is a REST API that you can use to query the status of Ksplice on your systems. You don't need to install this package to use it, but it helps. You can read more at our API Overview.

  • and any dependencies for these packages

Before installing Ksplice packages you will have to subscribe to this channel. Log on to ULN and click on the "Systems" tab. From this tab you can manage your channel subscriptions for each server. Once a system is subscribed to the Ksplice channel you can install the packages just like any other; for example by running yum install uptrack. Check out the Unbreakable Linux Network User's Guide for more instructions.

You'll also need to make sure that your kernel is supported by Ksplice. You can run any new Oracle Linux kernel released on ULN with Ksplice, but if you are running an older kernel you can use the Ksplice Inspector to see if your kernel is covered. Just enter your kernel information and the Inspector will tell you if your kernel is compatible with Ksplice and show you all the updates you can install. You can also read our full list of supported kernels.

Standard Configuration

In a standard Ksplice installation, each system connects directly to the Ksplice servers via the internet. The Ksplice client manages the Ksplice updates, there is no need to manually install them. Because each system is connecting to our servers, you can observe your systems using the Ksplice status interface or use our API to gather information. Finally, you have the option of setting Ksplice to autoinstall updates.

Install the following required packages on each system:

  • uptrack

Do not install the following packages:

  • uptrack-offline
  • uptrack-upgrades

Optional:

  • python-ksplice-uptrack

Pros:

  • Minimal packages to install
  • No need to manually manage updates
  • Status interface
  • API
  • Option to autoinstall updates

Cons:

  • Every system requires a direct outgoing internet connection to the remote Ksplice servers

Standard with Proxy

Our standard configuration works fine if your network is behind a proxy. You'll need to configure the proxy by adding the following configuration to /etc/uptrack/uptrack.conf on each system:

[Network]
https_proxy = [protocol://][username:password@]<host>[:port]

If you don't already have a proxy set up, or you want all of your Ksplice connections to come from only one system, you can use our Ksplice Local Server. This is a software package you install on one of your systems that will act as a single connection point between your servers and the Ksplice servers. Instructions for setting up a Ksplice Local Server can be found at https://www.ksplice.com/uptrack/local-server-install.

Install the following package on each system:

  • uptrack

Install the following package on only your Local Server system:

  • ksplice-local-server

Do not install the following packages:

  • uptrack-offline
  • uptrack-upgrades

Optional:

  • python-ksplice-uptrack

Pros:

  • Only one system connects to our servers
  • No need to manually manage updates
  • Status interface
  • API
  • Option to autoinstall updates

Cons:

  • More work than a standard installation

Offline with Local Yum

If you don't want any of your systems to connect to the internet in any fashion, you can still use Ksplice. The offline client for Ksplice requires no network connection, not even to other systems in your intranet. You will get the same Ksplice patches as our standard client and you can install them and remove them using the same tools, without a reboot.

The most common setup we see is one with a local yum mirror. In this case, you'll use your local yum mirror to distribute all the Ksplice packages and the offline client will take care of the rest. If your environment is setup this way the servers with Ksplice updates do not need to connect to our servers, but your server that is your local yum repository will need to connect to ULN to download all of the packages.

There is a tradeoff to this setup. Because your systems aren't connecting to our servers, you will not be able to use our status interface or API. Finally, you will be responsible for manually managing and distributing Ksplice updates. Each time a new kernel is released, you'll have to upgrade the uptrack-updates package that contains the Ksplice updates.

Install the following packages on each system:

  • uptrack-offline
  • uptrack-upgrades

Do not install the following packages:

  • uptrack
  • python-ksplice-uptrack

Pros:

  • No connection to our servers required
  • Use your local yum setup to have full control over installed packages

Cons:

  • No status interface
  • No API
  • Must manually manage updates

Completely Offline

The Ksplice offline client has no dependency on yum, so any method you use for distributing packages will work fine. You can move and install the packages using scp and ssh. If you have an environment where your systems have no network connection at all, you can still use Ksplice. Just distribute the packages how ever you normally do, whether that is DVD, USB, or even a floppy (we won't judge).

Install the following packages on each system:

  • uptrack-offline
  • uptrack-upgrades

Do not install the following packages:

  • uptrack
  • python-ksplice-uptrack

Pros:

  • No network connection required, not even to other internal servers
  • Maximum security

Cons:

  • No status interface
  • No API
  • Must manually manage updates
  • Distribution of packages is difficult
Solaris 11.2 Banner RHS