3.5 Installing and Configuring the Ksplice Offline Enhanced Client

An offline version of the enhanced Ksplice client is also available, removing the requirement for a server on your intranet to have a direct connection to the Oracle Uptrack server or to ULN. All available Ksplice updates for each supported kernel version or user space package are bundled into an RPM that is specific to that version, and this package is updated every time that a new Ksplice patch becomes available for the kernel. In this way you can create a local ULN mirror that acts as a mirror of the Ksplice for Oracle Linux channels on ULN.

At regular intervals, you download the latest Ksplice update packages to this server. After installing the offline enhanced Ksplice client on your local systems, they can connect to the local ULN mirror to receive updates. See Section 1.10.2, “Configuring a Local ULN Mirror to Act as a Ksplice Mirror” for more information about configuring your local ULN mirror.

When you have set up a local ULN mirror that can act as a Ksplice mirror, you can configure your other systems to receive yum and Ksplice updates.

Configure a system as an offline enhanced Ksplice client as follows:

  1. Import the GPG key:

    # rpm --import /usr/share/rhn/RPM-GPG-KEY
  2. In the /etc/yum.repos.d directory, edit the existing repository file, such as public-yum-ol6.repo or ULN-base.repo, and disable all entries by setting enabled=0.

  3. In the /etc/yum.repos.d directory, create the file local-yum.repo, which contains entries such as the following for an Oracle Linux 6 yum client:

    [local_ol6_x86_64_ksplice]
    name=Ksplice for Oracle Linux $releasever - $basearch
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/ksplice/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_x86_64_ksplice_userspace]
    name=Ksplice aware userspace packages for Oracle Linux $releasever - $basearch
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/userspace/ksplice/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_latest]
    name=Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_UEKR3_latest]
    name=Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/UEKR3/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_addons]
    name=Oracle Linux $releasever - $basearch - addons
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/addons/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1

    Replace local_uln_mirror with the IP address or resolvable host name of the local ULN mirror.

    To distinguish the local repositories from the ULN repositories, optionally prefix the labels for each entry with a string such as local_. Note that if you do this, you must edit the uptrack configuration as described in step 7.

    The example configuration enables the local_ol6_x86_64_ksplice, local_ol6_x86_64_ksplice_userspace, local_ol6_latest, local_ol6_UEKR3_latest, and local_ol6_addons channels.

  4. Test the configuration as follows:

    1. Clear the yum metadata cache:

      # yum clean metadata
    2. Use the yum repolist command to verify the configuration:

      # yum repolist
       Loaded plugins: rhnplugin, security
       This system is receiving updates from ULN. 
      0 packages excluded due to repository protections
      repo id                         repo name                                    status
      local_ol6_addons                Oracle Linux 6 - x86_64 - latest             112
      local_ol6_x86_64_ksplice        Ksplice for Oracle Linux 6 - x86_64          961
      ol6_x86_64_userspace_ksplice    Ksplice aware userspace packages for 
                                      Oracle Linux 6 - x86_64                      42
      local_ol6_x86_64_latest         Oracle Linux 6 - x86_64 - latest             17,976
      local_ol6_x86_64_UEKR3_latest   Unbreakable Enterprise Kernel Release 3 
                                      for Oracle Linux 6 - x86_64 - latest         41

      If the yum command cannot connect to the local ULN mirror, check that the firewall settings on the local ULN mirror server allow incoming TCP connections to the HTTP port (usually, port 80).

  5. If prelink is installed, revert all prelinked binaries and dependent libraries to their original state and use the yum command to remove the prelink package.

    # prelink -au
    # yum remove prelink
    Note

    prelink is installed and enabled by default on Oracle Linux 6 but not on Oracle Linux 7.

  6. Install the offline version of the enhanced Ksplice client package:

    # yum install ksplice-offline
  7. Insert a configuration directive into /etc/uptrack/uptrack.conf to provide the enhanced client with the label of the local user space channel in your local Yum repository configuration. You can skip this step if you did not use the local_ prefix for the channel label, and this label is an exact match of the label that is used on ULN. If you used the local_ prefix or labeled this channel differently, add the following lines and replace local_ol6_x86_64_ksplice_userspace with the same label you used for the Ksplice user space channel:

    [User]
    yum_userspace_ksplice_repo_name = local_ol6_x86_64_ksplice_userspace
  8. To install offline update packages, you must install the relevant packages for your system, as shown in the following example:

    # yum install ksplice-updates-glibc ksplice-updates-openssl

    After you have installed these packages, the offline version of the enhanced Ksplice client behaves exactly the same as the online version.

  9. Update the system to install the Ksplice-aware versions of the user space libraries:

    # yum update

    To install only the libraries and not update any other packages, limit the update to the ol6_x86_64_userspace_ksplice channel or the ol7_x86_64_userspace_ksplice channel, as appropriate:

    # yum --disablerepo=* --enablerepo=ol7_x86_64_userspace_ksplice update

    Alternatively, you can use the following command:

    # yum update *glibc *openssl*

    You might also use this client to perform kernel updates in the same way that you are able to use the standard uptrack client:

    # yum install uptrack-updates-`uname -r`
  10. To enable the automatic installation of updates, change the entry in /etc/uptrack/uptrack.conf from no to yes, as shown in the following example:

    autoinstall = yes
  11. Reboot the system so that the system uses the new libraries.

    On Oracle Linux 6:

    # reboot

    On Oracle Linux 7:

    # systemctl reboot