Generally, all Linux distributions needs a scheduled reboot once to stay up to date with important kernel security updates. RHN (or other distro vendors) provides Linux kernel security updates. You can apply kernel updates using yum command or apt-get command line options. After each upgrade you need to reboot the server. Ksplice service allows you to skip reboot step and apply hotfixes to kernel without rebooting the server. In this post I will cover a quick installation of Ksplice for RHEL 5.x and try to find out if service is worth every penny.
The technology and hack behind this looks pretty cool. This is useful if you've a small number of Linux based servers and/or you want avoid unscheduled reboot just to apply hotfix to Linux kernel.
How Do I Install Ksplice?
First, you need to register with Ksplice. Type the following command to install rpm repo under RHEL 5:
# rpm -ivh https://www.ksplice.com/yum/uptrack/centos/ksplice-uptrack-release.noarch.rpm
To install Ksplice, enter:
# yum install uptrack
Edit /etc/uptrack/uptrack.conf, enter:
# vi /etc/uptrack/uptrack.conf
Update it as follows (input your access key):
[Auth] accesskey = ADD-YOUR-ACCESS-KEY-HERE [Network] # Proxy to use when accessing the Uptrack server, of the form # [protocol://]
[:port] # The proxy must support making HTTPS connections. If this is unset, # Uptrack will look for the https_proxy, HTTPS_PROXY, and http_proxy # environment variables in that order, and then finally look for a # proxy setting in the system-wide GConf database, if available. https_proxy = [Settings] # Automatically install updates at boot time. If this is set, on # reboot into the same kernel, Uptrack will re-install the same set of # updates that were present before the reboot. install_on_reboot = yes # Options configuring the Uptrack cron job. # # GUI users will get all notices via the GUI and likely want to set # the following cron options to "no". # Cron job will install updates automatically autoinstall = no # Cron job will print a message when new updates are installed. # This option is only relevant if autoinstall = yes cron_output_install = no # Cron job will print a message when new updates are available cron_output_available = no # Cron job will print a message when it encounters errors cron_output_error = no
Save and close the file.
How Do I Apply Rebootless Kernel Updates?
You need to first download and apply updates via RHN:
# yum -y update
# yum update kernel kernel-headers kernel-devel
Don't reboot the box, simply type the following command to apply hotfix:
To see a list of updates that are currently installed, enter:
# uptrack-show -y
Sample Email Notification
You will get an email as follows when updates are available:
The web interface also provides information about your server and installed kernel updates:
The pricing is as follows:
- Monthly price per system First 20 servers : $3.95
- Beyond 20 servers: $2.95
- Currently it is free for all Ubuntu users.
Ksplice is a pretty good and stable software. This is useful for Linux admin or business who can not accept downtime for patching. A few business comes in my mind:
- Small shop, say 8-12 Linux based servers.
- Pro-blogging or webmaster servers (a typical setup included one web server and one db server). Avoiding downtime means more ad revenue for webmasters.
- Hosting companies - again avoiding downtime means good customer satisfactions and less work for sys admins. If you run VM based hosting (OpenVZ or XEN based vps) you can avoid downtime too.
- Small cluster of Linux system, say 6 system - If cluster is using 80% of capacity and if one of node rebooted for kernel upgrade, load will up for rest of 5 systems. In such case, this service can help to keep load under control without rebooting the box. However, this is NOT very useful for very large Linux based cluster redundant load-balanced servers, routers, switches, firewalls etc. Since your cluster is so large that 4-5 servers failing makes no difference to the remaining nodes. In some cases it is possible to do geo load balancing too.
But I've HA Failover Solution In Place...
100% uptime depends upon lots of factors and and HA solution handles hardware or other failures very well. However, Ksplice service is not all about 100% uptime, it is about not rebooting your server for a Linux kernel upgrade. You can easily combine Ksplice with HA solution (such as keepalived+nginx reverse proxy) and try to get perfect five 9s. I highly recommend this service for small to medium size business or professional webmasters.
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop