3.5 Installing and Configuring the Offline Enhanced Ksplice Client

An offline version of the enhanced Ksplice client is also available, removing the requirement for a server on your intranet to have a direct connection to the Oracle Uptrack server or to ULN. All available Ksplice updates for each supported kernel version or userspace package are bundled into an RPM that is specific to that version, and this package is updated every time that a new Ksplice patch becomes available for the kernel. In this way you may create a local ULN mirror that acts as a mirror of the Ksplice for Oracle Linux channels on ULN. At regular intervals,you download the latest Ksplice update packages to this server. After installing the offline enhanced Ksplice client on your local systems, they can connect to the local ULN mirror to receive updates. See Section 1.9.2, “Configuring a Local ULN Mirror to Act as a Ksplice Mirror” for more information on configuring your local ULN Mirror.

Once you have set up a local ULN mirror that can act as a Ksplice mirror, you can configure your other systems to receive yum and Ksplice updates.

To configure a system as an offline enhanced Ksplice client:

  1. Import the GPG key:

    # rpm --import /usr/share/rhn/RPM-GPG-KEY
  2. In the /etc/yum.repos.d directory, edit the existing repository file, such as public-yum-ol6.repo or ULN-base.repo, and disable all entries by setting enabled=0.

  3. In the /etc/yum.repos.d directory, create the file local-yum.repo, which contains entries such as the following for an Oracle Linux 6 yum client:

    [local_ol6_x86_64_ksplice]
    name=Ksplice for Oracle Linux $releasever - $basearch
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/ksplice/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_x86_64_ksplice_userspace]
    name=Ksplice aware userspace packages for Oracle Linux $releasever - $basearch
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/userspace/ksplice/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_latest]
    name=Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_UEKR3_latest]
    name=Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/UEKR3/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_addons]
    name=Oracle Linux $releasever - $basearch - addons
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/addons/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1

    Replace local_uln_mirror with the IP address or resolvable host name of the local ULN mirror.

    To distinguish the local repositories from the ULN repositories, optionally prefix the labels for each entry with a string such as local_. Note that if you do this, you must edit the uptrack configuration as described in step 7.

    The example configuration enables the local_ol6_x86_64_ksplice, local_ol6_x86_64_ksplice_userspace, local_ol6_latest, local_ol6_UEKR3_latest, and local_ol6_addons channels.

  4. To test the configuration:

    1. Clear the yum metadata cache:

      # yum clean metadata
    2. Use yum repolist to verify the configuration, for example:

      # yum repolist
       Loaded plugins: rhnplugin, security
       This system is receiving updates from ULN. 
      0 packages excluded due to repository protections
      repo id                         repo name                                    status
      local_ol6_addons                Oracle Linux 6 - x86_64 - latest             112
      local_ol6_x86_64_ksplice        Ksplice for Oracle Linux 6 - x86_64          961
      ol6_x86_64_userspace_ksplice    Ksplice aware userspace packages for 
                                      Oracle Linux 6 - x86_64                      42
      local_ol6_x86_64_latest         Oracle Linux 6 - x86_64 - latest             17,976
      local_ol6_x86_64_UEKR3_latest   Unbreakable Enterprise Kernel Release 3 
                                      for Oracle Linux 6 - x86_64 - latest         41

      If yum cannot connect to the local ULN mirror, check that the firewall settings on the local ULN mirror server allow incoming TCP connections to the HTTP port (usually, port 80).

  5. If prelink is installed, revert all prelinked binaries and dependent libraries to their original state and use yum to remove the prelink package.

    # prelink -au
    # yum remove prelink
    Note

    prelink is installed and enabled by default on Oracle Linux 6 but not on Oracle Linux 7.

  6. Install the offline version of the enhanced Ksplice client package:

    # yum install ksplice-offline
  7. Insert a configuration directive into /etc/uptrack/uptrack.conf to provide the enhanced client with the label of the local user-space channel in your local Yum repo configuration. You do not need to do this if you did not use the local_ prefix for the channel label and this label matches the label used on ULN exactly. If you used the local_ prefix or labeled this channel differently, add the following lines and replace local_ol6_x86_64_ksplice_userspace with whatever you used to label the Ksplice user-space channel:

    [User]
    yum_userspace_ksplice_repo_name = local_ol6_x86_64_ksplice_userspace
  8. To install offline update packages, you must install the relevant packages for your system. For example, you may install:

    # yum install ksplice-updates-glibc ksplice-updates-openssl

    Once these packages have been installed, the offline version of the enhanced Ksplice client behaves exactly the same as the online version.

  9. Update the system to install the Ksplice-aware versions of the user-space libraries:

    # yum update

    To install only the libraries and not update any other packages, limit the update to the ol6_x86_64_userspace_ksplice or ol7_x86_64_userspace_ksplice channel as appropriate, for example:

    # yum --disablerepo=* --enablerepo=ol7_x86_64_userspace_ksplice update

    Alternatively, use the following command:

    # yum update *glibc *openssl*

    You may also use this client to perform kernel updates, in the same way that you are able to use the standard uptrack client:

    # yum install uptrack-updates-`uname -r`
  10. To enable the automatic installation of updates, change the following entry in /etc/uptrack/uptrack.conf:

    autoinstall = no

    so that it reads:

    autoinstall = yes
  11. Reboot the system so that the system uses the new libraries.

    On Oracle Linux 6, enter:

    # reboot

    On Oracle Linux 7, enter:

    # systemctl reboot