2.5 Installing and Configuring the Ksplice Offline Enhanced Client

The offline version of the Ksplice Enhanced client removes the requirement that a server on your intranet have a direct connection to the Oracle Uptrack server or to ULN. All available Ksplice updates for each supported kernel version or user space package are bundled into an RPM that is specific to that version. This package is updated every time a new Ksplice patch becomes available for the kernel. In this way, you can create a local ULN mirror that acts as a mirror for the Ksplice aware channels for Oracle Linux on ULN.

At regular intervals, you can download the latest Ksplice update packages to this server. After installing the offline Ksplice Enhanced client on your local systems, they can then connect to the local ULN mirror to receive updates. See Section 3.10.2, “Configuring a Local ULN Mirror to Act as a Ksplice Mirror” for more information about configuring a local ULN mirror.

When you have set up a local ULN mirror to act as a Ksplice mirror, you can then configure your other systems to receive yum updates, as well as Ksplice updates.

Configure a system as an offline Ksplice Enhanced client as follows:

  1. Import the GPG key:

    # rpm --import /usr/share/rhn/RPM-GPG-KEY
  2. In the /etc/yum.repos.d directory, edit the existing repository file, such as public-yum-ol6.repo or ULN-base.repo, and disable all entries by setting enabled=0.

  3. In the /etc/yum.repos.d directory, create the file local-yum.repo, which contains entries such as the following for an Oracle Linux 6 yum client:

    [local_ol6_x86_64_ksplice]
    name=Ksplice for Oracle Linux $releasever - $basearch
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/ksplice/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_x86_64_ksplice_userspace]
    name=Ksplice aware userspace packages for Oracle Linux $releasever - $basearch
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/userspace/ksplice/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_latest]
    name=Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_UEKR3_latest]
    name=Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever - $basearch - latest
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/UEKR3/latest/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1
    
    [local_ol6_addons]
    name=Oracle Linux $releasever - $basearch - addons
    baseurl=http://local_uln_mirror/yum/OracleLinux/OL6/addons/$basearch/
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1
    enabled=1

    Replace local_uln_mirror with the IP address or resolvable host name of the local ULN mirror.

    To distinguish the local repositories from the ULN repositories, optionally prefix the labels for each entry with a string such as local_. Note that if you do this, you must edit the uptrack configuration as described in step 7.

    The example configuration enables the local_ol6_x86_64_ksplice, local_ol6_x86_64_ksplice_userspace, local_ol6_latest, local_ol6_UEKR3_latest, and local_ol6_addons channels.

  4. Test the configuration as follows:

    1. Clear the yum metadata cache:

      # yum clean metadata
    2. Use the yum repolist command to verify the configuration:

      # yum repolist
       Loaded plugins: rhnplugin, security
       This system is receiving updates from ULN. 
      0 packages excluded due to repository protections
      repo id                         repo name                                    status
      local_ol6_addons                Oracle Linux 6 - x86_64 - latest             112
      local_ol6_x86_64_ksplice        Ksplice for Oracle Linux 6 - x86_64          961
      ol6_x86_64_userspace_ksplice    Ksplice aware userspace packages for 
                                      Oracle Linux 6 - x86_64                      42
      local_ol6_x86_64_latest         Oracle Linux 6 - x86_64 - latest             17,976
      local_ol6_x86_64_UEKR3_latest   Unbreakable Enterprise Kernel Release 3 
                                      for Oracle Linux 6 - x86_64 - latest         41

      If the yum command cannot connect to the local ULN mirror, check that the firewall settings on the local ULN mirror server allow incoming TCP connections to the HTTP port (usually, port 80).

  5. If prelink is installed, revert all prelinked binaries and dependent libraries to their original state and use the yum command to remove the prelink package.

    # prelink -au
    # yum remove prelink
    Note

    prelink is installed and enabled by default on Oracle Linux 6 but not on Oracle Linux 7.

  6. Install the offline version of the enhanced client package.

    # yum install ksplice-offline
  7. Insert a configuration directive into /etc/uptrack/uptrack.conf to provide the enhanced client with the label of the local, user-space channel in your local yum repository configuration.

    Note

    You can skip this step if you did not use the local_ prefix for the channel label, and this label is an exact match of the label that is used on ULN. If you used the local_ prefix or labeled this channel differently, add the following lines and replace local_ol6_x86_64_ksplice_userspace with the same label you used for the Ksplice user space channel:

    [User]
    yum_userspace_ksplice_repo_name = local_ol6_x86_64_ksplice_userspace
  8. To install offline update packages, install the relevant packages, for example:

    # yum install ksplice-updates-glibc ksplice-updates-openssl

    If you are installing the offline updates package for the Xen hypervisor, specify the release in the command, for example:

    # yum install ksplice-updates-xen-$RELEASE

    where $RELEASE is the update package that corresponds to the version of the hypervisor that is currently running, as shown in this example:

    # yum install ksplice-updates-xen-4.4.4-153.el6

    After you have installed these packages, the offline version of the enhanced client behaves exactly the same as the online version.

  9. Update the system to install the Ksplice aware versions of the user-space libraries:

    # yum update

    To install just the libraries and not any other packages, limit the update to the ol6_x86_64_userspace_ksplice channel or the ol7_x86_64_userspace_ksplice channel, for example:

    # yum --disablerepo=* --enablerepo=ol6_x86_64_userspace_ksplice update

    Alternatively, you can use the following command:

    # yum update *glibc *openssl*

    You might also use this client to perform kernel updates in the same way that you are able to use the standard uptrack client:

    # yum install uptrack-updates-`uname -r`
  10. To enable the automatic installation of updates, change the entry in /etc/uptrack/uptrack.conf from no to yes, as shown in the following example:

    autoinstall = yes
  11. Reboot the system so that the system uses the new libraries.

    On Oracle Linux 6:

    # reboot
    Note

    If you installed updates for the Xen hypervisor, no special configuration is required, and you do not need to reboot the system for the updates to be applied.

    On Oracle Linux 7:

    # systemctl reboot