1.9 About Ksplice Offline Client

1.9.1 Configuring an Oracle Linux 5 System to Use yum with ULN
1.9.2 Configuring a Local ULN Mirror to Act as a Ksplice Mirror
1.9.3 Configuring Ksplice Offline Clients
1.9.4 Updating to a Specific Effective Kernel Version

Ksplice Offline Client removes the requirement for a server on your intranet to have a direct connection to the Oracle Uptrack server. All available Ksplice updates for each supported kernel version are bundled into an RPM that is specific to that version, and this package is updated every time that a new Ksplice patch becomes available for the kernel.

A Ksplice offline client does not require a network connection to be able to apply the update package to the kernel. For example, you could use rpm to install the update package from a memory stick. However, a more usual arrangement would be to create a local ULN mirror that acts as a mirror of the Ksplice for Oracle Linux channels on ULN. At regular intervals, you download the latest Ksplice update packages to this server. Only the local ULN mirror requires access the Oracle Uptrack server. After installing Ksplice Offline Client on your other systems, they need only to be able to connect to the local ULN mirror.

Note

You cannot use the web interface or the Ksplice Uptrack API to monitor systems that are running Ksplice Offline Client as such systems are not registered with https://uptrack.ksplice.com.

1.9.1 Configuring an Oracle Linux 5 System to Use yum with ULN

If your Oracle Linux 5 system is registered with ULN, you can use yum instead of up2date to download and install packages. If you have installed a full update since Oracle Linux 5.6 was released on January 20, 2010, your system should already be able to use yum with ULN.

To enable yum support, install yum-rhn-plugin.

# up2date --install yum-rhn-plugin 

With the plugin installed, you can immediately start to use yum instead of up2date.

1.9.2 Configuring a Local ULN Mirror to Act as a Ksplice Mirror

For information about how to set up a Local ULN Mirror, see Creating and Using a Local ULN Mirror in the Oracle Linux Unbreakable Linux Network User's Guide.

To configure a Local ULN Mirror to act as a Ksplice mirror:

  1. Using a browser, log in at http://linux.oracle.com with the ULN user name and password that you used to register the system.

  2. On the Systems tab, click the link named for your system in the list of registered machines.

  3. On the System Details page, click Edit.

  4. On the Edit System Properties page, select the Yum Server check box and click Apply Changes.

  5. On the System Details page, click Manage Subscriptions.

  6. On the System Summary page, select channels from the list of available or subscribed channels and click the arrows to move the channels between the lists.

    Modify the list of subscribed channels to include the Ksplice for Oracle Linux channels that you want to make available to local Ksplice offline clients.

    The following table shows the channels that are available for Ksplice on Oracle Linux.

    Channel Name

    Channel Label

    Description

    Ksplice for Oracle Linux 5 (i386)

    ol5_i386_ksplice

    Oracle Ksplice clients, updates, and dependencies for Oracle Linux 5 on i386 systems.

    Ksplice for Oracle Linux 5 (x86_64)

    ol5_x86_64_ksplice

    Oracle Ksplice clients, updates, and dependencies for Oracle Linux 5 on x86-64 systems.

    Ksplice for Oracle Linux 6 (i386)

    ol6_i386_ksplice

    Oracle Ksplice clients, updates, and dependencies for Oracle Linux 6 on i386 systems.

    Ksplice for Oracle Linux 6 (x86_64)

    ol6_x86_64_ksplice

    Oracle Ksplice clients, updates, and dependencies for Oracle Linux 6 on x86-64 systems.

    Ksplice for Oracle Linux 7 (x86_64)

    ol7_x86_64_ksplice

    Oracle Ksplice clients, updates, and dependencies for Oracle Linux 7 on x86_64 systems.

  7. When you have finished selecting channels, click Save Subscriptions and log out of ULN.

1.9.3 Configuring Ksplice Offline Clients

Once you have set up a local ULN mirror that can act as a Ksplice mirror, you can configure your other systems to receive yum and Ksplice updates.

To configure a system as a Ksplice offline client:

  1. Import the GPG key:

    # rpm --import /usr/share/rhn/RPM-GPG_KEY
  2. In the /etc/yum.repos.d directory, edit the existing repository file, such as public-yum-ol6.repo or ULN-base.repo, and disable all entries by setting enabled=0.

  3. In the /etc/yum.repos.d directory, create the file local-yum.repo, which contains entries such as the following for an Oracle Linux 6 yum client:

    [local_ol6_x86_64_ksplice]
    name=Ksplice for Oracle Linux $releasever - $basearch
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/ksplice/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_latest]
    name=Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_UEKR3_latest]
    name=Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/UEKR3/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_addons]
    name=Oracle Linux $releasever - $basearch - addons
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/addons/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1

    To distinguish the local repositories from the ULN repositories, prefix the names of their entries with a string such as local_.

    Replace local_uln_mirror with the IP address or resolvable host name of the local ULN mirror.

    The example configuration enables the local_ol6_x86_64_ksplice, local_ol6_latest, local_ol6_UEKR3_latest, and local_ol6_addons channels.

  4. Install the Ksplice offline client package:

    # yum install uptrack-offline
  5. To test the configuration:

    1. Clear the yum metadata cache:

      # yum clean metadata
    2. Use yum repolist to verify the configuration, for example:

      # yum repolist
       Loaded plugins: rhnplugin, security
       This system is receiving updates from ULN. 
      0 packages excluded due to repository protections
      repo id                         repo name                                    status
      local_ol6_addons                Oracle Linux 6 - x86_64 - latest             112
      local_ol6_x86_64_ksplice        Ksplice for Oracle Linux 6 - x86_64          961
      local_ol6_x86_64_latest         Oracle Linux 6 - x86_64 - latest             17,976
      local_ol6_x86_64_UEKR3_latest   Unbreakable Enterprise Kernel Release 3 
                                      for Oracle Linux 6 - x86_64 - latest         41

      If yum cannot connect to the local ULN mirror, check that the firewall settings on the local ULN mirror server allow incoming TCP connections to the HTTP port (usually, port 80).

  6. Install the Ksplice updates that are available for the kernel.

    For an Oracle Linux 5 client, use this command:

    # yum install uptrack-updates-`uname -r`.`uname -m`

    For an Oracle Linux 6 or Oracle Linux 7 client, use this command:

    # yum install uptrack-updates-`uname -r`

    As new Ksplice updates are made available, you can use this command to pick up these updates and apply them. It is recommended that you set up an anacron script to perform this task. For example, the following script named uptrack-updates in /etc/cron.daily on an Oracle Linux 6 system would run once every day:

    #!/bin/sh
    yum install uptrack-updates-`uname -r`
    exit 0
    Note

    The script must be executable and be owned by root.

To display information about Ksplice updates, use the rpm -qa | grep uptrack-updates and uptrack-show commands.

1.9.4 Updating to a Specific Effective Kernel Version

Under some circumstances, you might want to limit the set of updates that uptrack-upgrade installs. For example, the security policy at your site might require a senior administrator to approve Ksplice updates before you can install them on production systems. In such cases, you can direct uptrack-upgrade to upgrade to a specific effective kernel version instead of the latest available version.

To update a system to a specific effective kernel version:

  1. Install the uptrack-updates package for the current kernel.

    For an Oracle Linux 5 client, use this command:

    # yum install uptrack-updates-`uname -r`.`uname -m`

    For an Oracle Linux 6 or Oracle Linux 7 client, use this command:

    # yum install uptrack-updates-`uname -r`
  2. Use uptrack-uname -r to display the current effective kernel version:

    # uptrack-uname -r
    3.8.13-55.1.1.el6uek.x86_64
  3. List all effective kernel versions that are available, specify the --list-effective option to uptrack-upgrade:

    # uptrack-upgrade --list-effective
    Available effective kernel versions:
    
    3.8.13-44.1.1.el6uek.x86_64/#2 SMP Wed Sep 10 06:10:25 PDT 2014
    3.8.13-44.1.3.el6uek.x86_64/#2 SMP Wed Oct 15 19:53:10 PDT 2014
    3.8.13-44.1.4.el6uek.x86_64/#2 SMP Wed Oct 29 23:58:06 PDT 2014
    3.8.13-44.1.5.el6uek.x86_64/#2 SMP Wed Nov 12 14:23:31 PST 2014
    3.8.13-55.el6uek.x86_64/#2 SMP Mon Dec 1 11:32:40 PST 2014
    3.8.13-55.1.1.el6uek.x86_64/#2 SMP Thu Dec 11 00:20:49 PST 2014
  4. Remove the installed updates to revert the effective kernel version to the earliest that is available (in this example, 44.1.1):

    # uptrack-remove --all
    ...
    # uptrack-uname -r
    3.8.13-44.1.1.el6uek.x86_64
  5. You can set the effective kernel version that you want the system to use in either of the following ways:

    • Specify the --effective option to uptrack-upgrade. For example, if you want to update from 44.1.1 to 44.1.5 instead of to the latest 55.1.1, use the --effective option to upgrade to 44.1.5:

      # uptrack-upgrade --effective="3.8.13-44.1.5.el6uek.x86_64/#2 SMP Wed Nov 12 14:23:31 PST 2014"
      ...
      Effective kernel version is 3.8.13-44.1.5.el6uek
      # uptrack-uname -r
      3.8.13-44.1.5.el6uek.x86_64

      This method is suitable for setting the effective kernel version on individual systems.

    • Use the effective_version option in /etc/uptrack/uptrack.conf to set an effective kernel version for uptrack-upgrade as though you had specified --effective on the command line. As uptrack-upgrade runs automatically whenever you update the uptrack-updates package on a system, the following example entry would limit the effective kernel version to 44.1.5:

      effective_version = "3.8.13-44.1.5.el6uek.x86_64/#2 SMP Wed Nov 12 14:23:31 PST 2014"

      This method is convenient for setting the effective kernel version on multiple production systems, where the content of /etc/uptrack/uptrack.conf could be obtained from a centrally maintained master copy.