Ksplice: Upgrade / Patch Your Linux Kernel Without Reboots

All Linux distributions need a scheduled reboot once to stay up to date with important kernel security updates. RHN (or other Linux distro vendors) provides Linux kernel security updates. You can apply kernel updates using yum command or apt-get command line options. After each upgrade, you need to reboot the server. Ksplice service allows you to skip reboot step and apply hotfixes to the kernel without rebooting the server. In this post, I will cover a quick installation of Ksplice for RHEL 5.x and try to find out if service is worth every penny. The technology and hack behind this looks pretty cool. This is useful if you’ve a small number of Linux based servers and/or you want avoid unscheduled reboot just to apply hotfix to Linux kernel.

How Do I Install Ksplice?

First, you need to register with Ksplice. Type the following command to install rpm repo under RHEL 5:
# rpm -ivh https://www.ksplice.com/yum/uptrack/centos/ksplice-uptrack-release.noarch.rpm
To install Ksplice, enter:
# yum install uptrack
Edit /etc/uptrack/uptrack.conf, enter:
# vi /etc/uptrack/uptrack.conf
Update it as follows (input your access key):

# Proxy to use when accessing the Uptrack server, of the form
# [protocol://]<host>[:port]
# The proxy must support making HTTPS connections. If this is unset,
# Uptrack will look for the https_proxy, HTTPS_PROXY, and http_proxy
# environment variables in that order, and then finally look for a
# proxy setting in the system-wide GConf database, if available.
https_proxy =
# Automatically install updates at boot time. If this is set, on
# reboot into the same kernel, Uptrack will re-install the same set of
# updates that were present before the reboot.
install_on_reboot = yes
# Options configuring the Uptrack cron job.
# GUI users will get all notices via the GUI and likely want to set
# the following cron options to "no".
# Cron job will install updates automatically
autoinstall = no
# Cron job will print a message when new updates are installed.
# This option is only relevant if autoinstall = yes
cron_output_install = no
# Cron job will print a message when new updates are available
cron_output_available = no
# Cron job will print a message when it encounters errors
cron_output_error = no

Save and close the file.

How Do I Apply Rebootless Kernel Updates?

You need to first download and apply updates via RHN:
# yum -y update
# yum update kernel kernel-headers kernel-devel
Don’t reboot the box, simply type the following command to apply hotfix:
# uptrack-upgrade
To see a list of updates that are currently installed, enter:
# uptrack-show -y

Sample Email Notification

You will get an email as follows when updates are available:

Fig.01: Ksplice Update Notification

Fig.01: Ksplice Update Notification

The web interface also provides information about your server and installed kernel updates:
Fig.02: Uptrack Web Interface

Fig.02: Uptrack Web Interface


The pricing is as follows:

  • Monthly price per system First 20 servers : $3.95
  • Beyond 20 servers: $2.95
  • Currently it is free for all Ubuntu users.

Ksplice is a pretty good and stable software. This is useful for Linux admin or business who can not accept downtime for patching. A few business comes in my mind:

  • Small shop, say 8-12 Linux based servers.
  • Pro-blogging or webmaster servers (a typical setup included one web server and one db server). Avoiding downtime means more ad revenue for webmasters.
  • Hosting companies – again avoiding downtime means good customer satisfactions and less work for sys admins. If you run VM based hosting (OpenVZ or XEN based vps) you can avoid downtime too.
  • Small cluster of Linux system, say 6 system – If cluster is using 80% of capacity and if one of node rebooted for kernel upgrade, load will up for rest of 5 systems. In such case, this service can help to keep load under control without rebooting the box. However, this is NOT very useful for very large Linux based cluster redundant load-balanced servers, routers, switches, firewalls etc. Since your cluster is so large that 4-5 servers failing makes no difference to the remaining nodes. In some cases it is possible to do geo load balancing too.

But I’ve HA Failover Solution In Place…

100% uptime depends upon lots of factors and and HA solution handles hardware or other failures very well. However, Ksplice service is not all about 100% uptime, it is about not rebooting your server for a Linux kernel upgrade. You can easily combine Ksplice with HA solution (such as keepalived+nginx reverse proxy) and try to get perfect five 9s. I highly recommend this service for small to medium size business or professional webmasters.

Further readings:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 10 comments so far... add one
CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
10 comments… add one
  • Firas Apr 9, 2010 @ 12:12

    Thanks Vivek, but it’s look that we will have trouble when we finish upgrading the kernel with csf iptables, in somehow “i think” we should reboot the server again after fixing the header’s with iptables, right ?


    • 🐧 nixCraft Apr 9, 2010 @ 13:10


      Why do you need to reboot server when you finish upgrading the kernel with csf iptables? Does it loads and compile additional modules? I don’t think so, but I never used csf.

  • Anonymous Apr 9, 2010 @ 14:06

    Excellent post. Tonight will try it on Ubuntu 🙂

  • Damijan Apr 11, 2010 @ 11:53


    Ksplice seems useless if you have your customized kernel. It needs to be ‘official’ kernel from e.g. Ubuntu or RHEL. I am running customized kernel on Debian Squeeze …

    So this technology is pretty useless to me (at least for now) ….



  • Fiber Optic Converter Apr 12, 2010 @ 6:43

    thanks for your sharing, it’s very helpful to me

  • Jalal Hajigholamali Jul 22, 2010 @ 13:16

    Thanks a lot…… Excellent post.

  • Nick B Aug 2, 2010 @ 21:18

    Can’t you just do the same thing with kexec?

    Actually – wouldn’t kexec let you load even a custom kernel?

    • 🐧 nixCraft Aug 3, 2010 @ 9:17

      Kexec only works on x86 32-bit platform only. I don’t have a single server running 32bit version here. Second kexec will overwrite memory. What will happen to existing files and process in memory?

      • Bart Sep 26, 2010 @ 12:28

        Are you sure? Because the package kexec-tools exists in Ubuntu amd64.

        I did try it out but the kernel restart time seems to be same as a normal reboot. I don’t know how to debug further remotely.
        On my Debian i386 server it reboots much more quickly than before.

        It’s true that for a high availability server Ksplice can wok well but for other, low traffic servers kexec is still useful because there should be fewer network timeouts (if at all).

  • Philippe Petrinko Jan 7, 2011 @ 13:10

    I had to STFW, because I used to think it was all FOSS, but it is now only OSS.

    At least, free utility is available for X86-64/32bits ( http://www.ksplice.com/software )

    Pricing for Professional users seems to be today affordable for most businesses, but I would like to know what the basic OpenSource part ( http://www.ksplice.com/software ) can do and why.

    On the Web site, Ksplice org. give big and scary warnings not to use free utility, but it seems to be counter-productive to advertise in the same time reliability of commercial version towards dangers of free utility..

    You wrote down: “Currently it is free for all Ubuntu users.”
    To be precise, UBUNTU desktop is free, UBUNTU server is not. Thanks for updating your post.

    I enjoyed this topic.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum