No results found
Your search did not match any results.
How to Update An Oracle Linux Kernel Without Rebooting
by the Oracle Linux Ksplice team
Published December 2012
The uptrack-update command applies patches to your Linux kernel while your system is still running.
Articles, software downloads, documentation, and other resources for Oracle sysadmins. Hear about them and discuss on the Oracle Sysadmin Facebook page.
A Ksplice Uptrack subscription gets you so much more than rebootless kernel updates. Here are some details.
Ksplice Uptrack Command-Line Tools
uptrack-upgrade
Ksplice updates are the same security and bug-fix updates you would get from your Linux vendor, packaged in a special rebootless form. To apply Ksplice updates, just run uptrack-upgrade, as shown in Listing 1:
Listing 1. Running the uptrack-upgrade Command
You can apply all available updates, bringing your system instantly up to date, by running uptrack-upgrade -y, or you can apply updates individually by specifying a Ksplice ID (the characters in brackets in Listing 1).
uptrack-show
You can see what updates have been installed by running uptrack-show, as shown in Listing 2:
Listing 2. Running the uptrack-show Command
You can see what updates are available to be installed by running uptrack-show --available, as shown in Listing 3:
Listing 3. Running the uptrack-show --available Command
uptrack-remove
Removing Ksplice updates is easy: just run uptrack-remove. As with uptrack-upgrade, you can uninstall all updates, bringing you back to your original stock kernel, or uninstall individual updates by specifying a Ksplice ID, as shown in Listing 4:
Listing 4. Running the uptrack-remove Command
Running uptrack-show verifies that there are no updates installed after running uptrack-remove, as shown in Listing 5:
Listing 5. Running the uptrack-show Command
uptrack-uname
Ksplice Uptrack does not change the output of uname, and uname will continue to reflect the version of the kernel into which a machine was booted.
Instead, once you install updates, use uptrack-uname to see what effective kernel a machine is running. The uptrack-uname command has the same format as uname and supports the common uname flags, including -r and -a.
Before installing updates, the original kernel and effective kernel are the same, and uname and uptrack-uname report the same information, as shown in Listing 6:
Listing 6. Checking the Kernel Version Before Updating
After installing updates, uptrack-uname reflects the updated running kernel, as shown in Listing 7:
Listing 7. Checking the Kernel Version After Updating
You can also see a machine's effective kernel on the Web interface or through the API.
Automatic Updates
You can configure your systems to automatically install updates as they become available. To enable autoinstall, set autoinstall = yes in your /etc/uptrack/uptrack.conf file, or pass the --autoinstall flag during installation.
Autoinstall is the most popular configuration. It is a scalable way to ensure that updates get installed quickly as they become available, regardless of when they are released.
Please note that enabling autoinstall does not mean the Ksplice Uptrack client itself is automatically upgraded. You will be notified via e-mail when a new Ksplice Uptrack client is available, and you can upgrade the client through your package manager.
Your Package Manager
Ksplice Uptrack updates your running kernel in memory. We recommended that, in addition to using Ksplice, you continue to use your package manager to update the kernel on disk as new kernels become available. That way, if a reboot becomes necessary (for example, after a power loss or a hardware upgrade), you have the option of booting into a newer kernel. Under this plan, you would install all the updates available via both Ksplice Uptrack and your package manager.
Ksplice Uptrack also works great in environments where it is desirable to stay with a particular original kernel version (for example, because of third-party modules that are compiled against that kernel), but you want to stay up to date with all the important security and reliability updates for your kernel.
By default, Ksplice Uptrack will reinstall rebootless updates during the boot process. That way you remain secure even after a reboot. You can configure this behavior with the install_on_reboot option in your /etc/uptrack/uptrack.conf file.
Firewall and Proxy Configuration
The Ksplice Uptrack client communicates with the Ksplice Uptrack server by connecting to https://updates.ksplice.com:443. You can either make your firewall allow those connections or configure the client to use a proxy server.
To configure Ksplice Uptrack to use a proxy server, edit your /etc/uptrack/uptrack.conf file and set the https_proxy option (in the [Network] section) to a value of the form [protocol://]host[:port].
Graphical Interface
This feature is currently available for Ubuntu 12.04, 11.10, 11.04, and 10.04 LTS and for Fedora 17 and 16.
If you'd like to see it for your distribution, please contact us.
After Ksplice Uptrack is installed, a panel icon will notify you when new kernel updates are available, as shown in Figure 1:
Figure 1. Ksplice Uptrack Alert Icon
You can click the icon to view the available updates, as shown in Figure 2:
Figure 2. New Updates Available
Click the Install all updates button to start the update process. A progress bar shows you the updates as they are being installed, as shown in Figure 3:
Figure 3. Progress Bar During Update
When the process is complete, the update list will look like Figure 4:
Figure 4. Ksplice Uptrack Update List
The panel icon will also return to normal, as shown in Figure 5:
Figure 5. Normal Panel Icons
Your kernel is now up to date and secure!
Web Interface
A Ksplice Uptrack subscription comes with a Web interface that summarizes important information about your machines and will tell you if Ksplice is currently working on new updates for your distributions. Log in to your Web interface at https://uptrack.ksplice.com.
Overview
See what machines are up to date and what machines need attention in one easy summary on the Overview page shown in Figure 6:
Figure 6. Ksplice Uptrack Overview Page
Beyond machines with available updates, the Overview page also has notifications for the following items, and more:
- Rebootless updates currently in progress for your distributions
- New Ksplice Uptrack client releases
- Inactive machines (those that have stopped using Ksplice Uptrack or can't communicate with the Ksplice Uptrack servers)
You can also group your machines for easy management.
Machine Detail Pages
Get an in-depth look at your machine's status on its machine detail page, where you can see the available and installed updates, basic system information, uptime, and when the machine last communicated with a Ksplice Uptrack server, as shown in Figure 7:
Figure 7. Ksplice Uptrack Machine Detail Page
Access Policies
Want an extra layer of control over which machines using your access can use the Ksplice Uptrack service? Maybe you manage Uptrack-enabled machines for other people and want to let them use the service while still having control over which machines have access.
It's easy to customize your Ksplice Uptrack access policies to get the access control you want!
You can set access policies for an individual machine or groups of existing machines as well as set a default access policy for new machines. For example, you might use a default deny policy, in which machines that have just installed Ksplice Uptrack cannot receive updates from the Uptrack servers until you specifically authorize them (see Figure 8):
Figure 8. Ksplice Uptrack Access Policies
Notification and Monitoring
E-mail Notifications
When new rebootless updates are available for one of your distributions, we'll send an announcement to your technical contact address. (You can configure this address on the Settings page of your Web interface.)
Monitoring
Aside from the command-line tools and Web interface, Ksplice Uptrack has two ways to help you monitor your machines:- The Uptrack API. Use the REST API directly or download Python bindings. The bindings come with scripts to monitor individual machines and groups of machines and to change the authorization for machines.
- Nagios plug-ins, for easy integration into your existing monitoring infrastructure.
The Python bindings and Nagios plug-in can be installed through your package manager or from a tarball on the Ksplice Uptrack Website.