Upgrading the system is one of the very common tasks a Linux Administrator usually do. One can easily update the system with Yum or apt-get commands but the main problem which everyone faces is to reboot the system after a kernel upgrade. This comes out to be a big problem for small organizations, where one don’t have High Availability setup and can’t afford to reboot the system because of the upgrade.

Since reboots are disruptive, many system administrators delay the update of there patches and makes their system vulnerable to attacks. Below given is the frequency of reboots needed in the last year for respective flavors of linux.

Reboots required
Reboots required for kernel updates by major Linux distributions, 2009–present

Ksplice is a third party tool which allows you to go rebootless with upgrading your kernel as soon as a new patch is released. The technology behind this is pretty cool but that is not something which i will be explaining below, but will be showing how to configure/install Ksplice (for RHEL machine). If you would like to read about the details, please visit their website Ksplice.com.

Few of the features of Ksplice which you will really like are:

  1. Hassle free setup – Unlike other third party tools, this is very simple to install and configure, and your system will be ready to go reboot-less in no time.
  2. Virtualization ready – Update systems in any virtualization environment, including VMware, Virtuozzo, and Xen–both as hosts and guests which really matters in present world.
  3. Rollback capability – Instantly reverse any update to the Linux kernel and that also without any reboots.
  4. Web management tool – Check whether all of your systems are up to date, in just one window of your browser.
  5. Secure infrastructure – Ksplice Uptrack uses security best practices for preparing our software packages and rebootless updates. All our software packages and rebootless updates are cryptographically signed.

Installation:

First step which you need to do before starting anything is to register with Ksplice. After this you will get the access key which you will need later on. Now install the RPM repo with the following command

# rpm -ivh https://www.ksplice.com/yum/uptrack/centos/ksplice-uptrack-release.noarch.rpm

The command above will install only repository for ksplice, nothing else. To install the ksplice package, run this command

# yum -y install uptrack

Now open the “/etc/uptrack/uptrack.conf” file in your favorite editor (vim in my case)

# vim /etc/uptrack/uptrack.conf

Update the file according to your needs. Remember to update it with the access file you got on your e-mail.

[Auth]
accesskey = INPUT YOUR ACCESS KEY HERE

[Network]
# Proxy to use when accessing the Uptrack server, of the form
# [protocol://][:port]

# The proxy must support making HTTPS connections. If this is unset,
# Uptrack will look for the https_proxy, HTTPS_PROXY, and http_proxy
# environment variables in that order, and then finally look for a
# proxy setting in the system-wide GConf database, if available.
https_proxy =

[Settings]
# Automatically install updates at boot time. If this is set, on
# reboot into the same kernel, Uptrack will re-install the same set of
# updates that were present before the reboot.
install_on_reboot = yes

# Options configuring the Uptrack cron job.
#
# GUI users will get all notices via the GUI and likely want to set
# the following cron options to “no”.

# Cron job will install updates automatically
autoinstall = no

# Cron job will print a message when new updates are installed.
# This option is only relevant if autoinstall = yes
cron_output_install = no

# Cron job will print a message when new updates are available
cron_output_available = no

# Cron job will print a message when it encounters errors
cron_output_error = no

Apply the Updates:

Now you don’t need to do much to update your system, simply running this command will do all the magic for you

# uptrack-upgrade -y

If you would like to see the updates which are currently installed, then use this

# uptrack-show -y

Usage:

Well, once installed, it’s pretty much easy to use. Some of the commands which you can use are

uptrack-upgrade – Bring your system up to date by installing the latest available updates.

uptrack-remove idRemoves the update with ID id. If invoked with --all, removes all installed updates.

uptrack-install idInstalls the update with ID id.

uptrack-show – Show a list of the updates that are currently installed.

Web status interface:

One of the very good things which i liked about this tool is that you have a web interface which you could use to monitor all your systems registered with this application.

ksplice web interface
Web interface to monitor all your system using this service

The image above shows that you can monitor all of your system with one single web interface.

ksplice web interface
Web interface to see the status of updates for specific system

In the above interface you can see all the status updates for your specific system. Will show you all the information about the updates installed and currently in the queue.

FAQ’s:

1. Do I still need to use my linux flavor update manager to install updates ?

Ans. Yes, Ksplice will only provide the kernel and security updates which forces your system to reboot. So, to keep your system up-to-date, you still need to run the update manager provided with your flavor.

2. Can I install my own customized kernel while Ksplice is installed ?

Ans. Yes, you can install your own kernel package and reboot your system. This will make your kernel active at the next reboot. but you won’t be able to use the Ksplice reboot-less feature with this.

3. Can I configure Ksplice Uptrack to install updates automatically?

Ans. Yes, you can enable the autoinstall option in /etc/uptrack/uptrack.conf.

4. How long will Ksplice Uptrack for Ubuntu Desktop be freely supported?

Ans. Ksplice Uptrack for Ubuntu Desktop will be freely supported for the newest version of Ubuntu. That means Ubuntu Lucid (10.04) will be freely supported unless a new version of Ubuntu (10.10 Meerkat) is launched and after the launch of new version, that will be freely supported and support for Lucid will be revoked.

5. Will Ksplice work in Virtualized infrastructure ?

Ans. Yes, Ksplice works very well with VMware, Xen, Virtuozzo or any other virtualized environment.

6. What kinds of information do you collect from my computer ?

Ans. To ensure that you get the latest updates that are right for your system, the Ksplice Uptrack software contacts our server system with limited information about your computer’s kernel, including the version number of the Linux kernel that you are running. Ksplice Uptrack also reports to us any errors encountered in the operating system kernel, to alert us in case one of our updates causes problems. Lastly, so that the Ksplice Uptrack web interface can display to you which of your systems need updates, hostname and IP address information is reported to our server system.

7. I have a HA (High Availability) Failover solution, do i still need Ksplice ?

Ans. HA is a lot different from Ksplice. HA means 100% uptime for your application, not for your server. Ksplice is designed to give 100% uptime to your machines. Though you can easily combine these two technologies.

8. Who all should be using Ksplice ?

Ans. I would highly recommend this to the people having small architecture of machines and can’t afford the downtime to their services.

References:

  1. http://www.ksplice.com/uptrack/using
  2. http://www.ksplice.com/uptrack/faq
  3. http://www.ksplice.com/
If you enjoyed this post, make sure you subscribe to my RSS feed!!!!