To update Oracle VM Server using Ksplice, you must use the Ksplice
Enhanced Client. It is capable of updating certain shared
libraries for user space processes – such as
glibc
, openssl
and
xen-tools
– in addition to the Xen hypervisor
and kernel updates.
The Ksplice Enhanced Client requires a direct connection to the Internet, so that it is able to connect to the Oracle Ksplice update server at https://updates-ksplice.oracle.com/ksplice/request. If your Oracle VM Servers are unable to connect directly to the Internet or your security policy restricts access, you can consider using an offline version of the client to apply updates from your locally configured ULN mirror. See Using the Ksplice Offline Enhanced Client for more information.
Since the Ksplice Enhanced Client package and its dependencies are only available on ULN and ULN registration is not possible on current versions of Oracle VM Server, the Oracle VM Servers on which you install the Ksplice Enhanced Client must have access to a host that is running a local ULN mirror, and to the ULN channels residing on that mirror. See Section 6.3, “Accessing ULN Channels” and Section 6.4, “Configuring Yum for Oracle Ksplice” for more information.
If you have configured a ULN Mirror and set up your yum
configuration within Oracle VM Manager according to the instructions
provided at Section 6.4, “Configuring Yum for Oracle Ksplice”, the Ksplice
Enhanced Client and Ksplice-aware user space packages for Oracle VM Server
are available in the ULN channel
uln_mirror_ovm34_x86_64_ksplice
.
To install the Ksplice Enhanced Client, proceed as follows:
Log in to the Oracle VM Server as root.
Revert all prelinked binaries and dependent libraries to their original state, then use the yum command to remove the
prelink
package.# prelink -au # yum remove -y prelink
Install the
ksplice
package.# yum install -y ksplice Setting up Install Process [...] Dependencies Resolved =============================================================================================================== Package Arch Version Repository Size =============================================================================================================== Installing: ksplice x86_64 1.0.32-1.el6 uln_mirror_ovm34_x86_64_ksplice 5.5 k Installing for dependencies: boost-filesystem x86_64 1.41.0-28.el6 uln_mirror_ovm34_x86_64_latest 46 k boost-python x86_64 1.41.0-28.el6 uln_mirror_ovm34_x86_64_latest 120 k boost-regex x86_64 1.41.0-28.el6 uln_mirror_ovm34_x86_64_latest 477 k ksplice-core0 x86_64 1.0.32-1.el6 uln_mirror_ovm34_x86_64_ksplice 254 k ksplice-tools x86_64 1.0.32-1.el6 uln_mirror_ovm34_x86_64_ksplice 102 k uptrack noarch 1.2.47-0.el6 uln_mirror_ovm34_x86_64_ksplice 501 k uptrack-PyYAML x86_64 3.08-4.el6 uln_mirror_ovm34_x86_64_ksplice 143 k uptrack-libyaml x86_64 0.1.3-1.el6 uln_mirror_ovm34_x86_64_ksplice 49 k Transaction Summary =============================================================================================================== Install 9 Package(s) Total download size: 1.7 M Installed size: 6.0 M Downloading Packages: [...] Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY Importing GPG key 0xEC551F03: Userid :
customer_user_id
<customer@example.com
> Package: ovs-release-3.4-7.773.23.el6.x86_64 (@anaconda-OracleVMServer-201805301600.x86_64/3.4.5) From : /etc/pki/rpm-gpg/RPM-GPG-KEY [...] Installed: ksplice.x86_64 0:1.0.32-1.el6 Dependency Installed: boost-filesystem.x86_64 0:1.41.0-28.el6 boost-python.x86_64 0:1.41.0-28.el6 boost-regex.x86_64 0:1.41.0-28.el6 ksplice-core0.x86_64 0:1.0.32-1.el6 ksplice-tools.x86_64 0:1.0.30-1.el6 uptrack.noarch 0:1.2.47-0.el6 uptrack-PyYAML.x86_64 0:3.08-4.el6 uptrack-libyaml.x86_64 0:0.1.3-1.el6 Complete!Edit
/etc/uptrack/uptrack.conf
to provide the client with the label of the local user space channel. If you followed the instructions in Section 6.4, “Configuring Yum for Oracle Ksplice” the channel should have the labeluln_mirror_ovm34_x86_64_ksplice
. Edit the file to include the lines:[User] yum_userspace_ksplice_repo_name = uln_mirror_ovm34_x86_64_ksplice
Also edit to add any other required configuration options. For example, to enable automatic installation updates, change the
autoinstall
option fromno
toyes
:autoinstall = yes
For more information on these options, see Configuring a Ksplice Client in the Oracle Linux Ksplice User's Guide at https://docs.oracle.com/cd/E37670_01/E39380/html/ol_ksplice_config.html.
Note that some options, such as
upgrade_on_reboot
may not apply to user space packages.Update the system to install the Ksplice-aware versions of user space libraries. For example:
# yum update
Reboot the system so that it uses the new user space libraries.
# reboot
If your Oracle VM environment resides in a highly secure
data center where it is not possible to maintain a permanent
Internet connection for the Oracle VM Servers that you wish to patch for
security updates, you can use the Ksplice Offline Enhanced
Client (ksplice-offline
) as an alternative.
Ksplice kernel, user space and Xen updates are bundled into RPM
packages, specific for a particular version, and are updated
within 48 hours after a new Ksplice patch becomes available.
These updates are made available on ULN.
At regular intervals, you download the latest Ksplice update packages for your systems, and update your local ULN mirror. Once the Ksplice Offline Enhanced Client is installed on your Oracle VM Servers, they can connect to the local ULN mirror to retrieve updates.
The disadvantages of using the offline client include the delay after a patch becomes available and the requirement to manage and refresh the ULN mirror. However, since the ULN mirror must be maintained to apply on-disk binary updates for the Ksplice packages and other patch updates, this may be the preferred approach. Although there is a delay in patching, this delay also offers some further assurance of stability and further testing.
For installation, configuration, and usage instructions, refer to Installing and Configuring the Ksplice Offline Enhanced Client in the Oracle Linux Ksplice User's Guide. Note that the instructions provided in the Oracle Linux Ksplice User's Guide are generic Oracle Linux instructions.
If you want to switch between the online and offline version of the Ksplice Enhanced Client, you must first remove the installed Ksplice client software, and then install the new Ksplice client version. For example, to switch from the online client to the offline client, run the following commands:
# yum remove ksplice # yum install ksplice-offline
To install and configure for Oracle VM Server:
Configure the ULN mirror as described in Section 6.3, “Accessing ULN Channels”
Configure the required yum repositories within Oracle VM Manager, as described in Section 6.4, “Configuring Yum for Oracle Ksplice”.
On each Oracle VM Server, revert prelinked binaries and remove prelink:
# prelink -au # yum remove prelink
On each Oracle VM Server, install the Ksplice Offline Enhanced Client:
# yum install ksplice-offline
On each Oracle VM Server, edit the
/etc/uptrack/uptrack.conf
file to provide the client with the label of the local user space channel. If you followed the instructions in Section 6.4, “Configuring Yum for Oracle Ksplice” the channel should have the labeluln_mirror_ovm34_x86_64_ksplice
. Edit the file to include the lines:[User] yum_userspace_ksplice_repo_name = uln_mirror_ovm34_x86_64_ksplice
Also edit to add any other required configuration options. For example, to enable automatic installation updates, change the
autoinstall
option fromno
toyes
:autoinstall = yes
For more information on these options, see Configuring a Ksplice Client in the Oracle Linux Ksplice User's Guide at https://docs.oracle.com/cd/E37670_01/E39380/html/ol_ksplice_config.html.
Note that some options, such as
upgrade_on_reboot
may not apply to user space packages.To install offline update packages, you must install the relevant packages for your system. When installing offline update packages you must specify the release in the command. For example, if you are installing the offline updates package for the Xen hypervisor, specify the release in the command as follows.
# yum install ksplice-updates-xen-
$RELEASE
where
$RELEASE
is the update package that corresponds to the version of the hypervisor that is currently running, as shown in this example:# yum install ksplice-updates-xen-4.4.4-196.0.10.el6
From this point, the Ksplice Offline Enhanced Client behaves similarly to the standard online version of the Ksplice Enhanced Client.