6.5 Installing the Ksplice Enhanced Client

To update Oracle VM Server using Ksplice, you must use the Ksplice Enhanced Client. It is capable of updating certain shared libraries for user space processes – such as glibc, openssl and xen-tools – in addition to the Xen hypervisor and kernel updates.

The Ksplice Enhanced Client requires a direct connection to the Internet, so that it is able to connect to the Oracle Ksplice update server at https://updates-ksplice.oracle.com/ksplice/request. If your Oracle VM Servers are unable to connect directly to the Internet or your security policy restricts access, you can consider using an offline version of the client to apply updates from your locally configured ULN mirror. See Using the Ksplice Offline Enhanced Client for more information.

Since the Ksplice Enhanced Client package and its dependencies are only available on ULN and ULN registration is not possible on current versions of Oracle VM Server, the Oracle VM Servers on which you install the Ksplice Enhanced Client must have access to a host that is running a local ULN mirror, and to the ULN channels residing on that mirror. See Section 6.3, “Accessing ULN Channels” and Section 6.4, “Configuring Yum for Oracle Ksplice” for more information.

If you have configured a ULN Mirror and set up your yum configuration within Oracle VM Manager according to the instructions provided at Section 6.4, “Configuring Yum for Oracle Ksplice”, the Ksplice Enhanced Client and Ksplice-aware user space packages for Oracle VM Server are available in the ULN channel uln_mirror_ovm34_x86_64_ksplice.

To install the Ksplice Enhanced Client, proceed as follows:

  1. Log in to the Oracle VM Server as root.

  2. Revert all prelinked binaries and dependent libraries to their original state, then use the yum command to remove the prelink package. 

    # prelink -au
# yum remove -y prelink

  3. Install the ksplice package. 

    # yum install -y ksplice
Setting up Install Process
[...]
Dependencies Resolved
 
===============================================================================================================
 Package                       Arch        Version               Repository                               Size
===============================================================================================================
Installing:
 ksplice                       x86_64      1.0.32-1.el6          uln_mirror_ovm34_x86_64_ksplice         5.5 k
Installing for dependencies:
 boost-filesystem              x86_64      1.41.0-28.el6         uln_mirror_ovm34_x86_64_latest           46 k
 boost-python                  x86_64      1.41.0-28.el6         uln_mirror_ovm34_x86_64_latest          120 k
 boost-regex                   x86_64      1.41.0-28.el6         uln_mirror_ovm34_x86_64_latest          477 k
 ksplice-core0                 x86_64      1.0.32-1.el6          uln_mirror_ovm34_x86_64_ksplice         254 k
 ksplice-tools                 x86_64      1.0.32-1.el6          uln_mirror_ovm34_x86_64_ksplice         102 k
 uptrack                       noarch      1.2.47-0.el6          uln_mirror_ovm34_x86_64_ksplice         501 k
 uptrack-PyYAML                x86_64      3.08-4.el6            uln_mirror_ovm34_x86_64_ksplice         143 k
 uptrack-libyaml               x86_64      0.1.3-1.el6           uln_mirror_ovm34_x86_64_ksplice          49 k
 
Transaction Summary
===============================================================================================================
Install       9 Package(s)

Total download size: 1.7 M
Installed size: 6.0 M
Downloading Packages:
[...]
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY
Importing GPG key 0xEC551F03:
 Userid : customer_user_id <customer@example.com>
 Package: ovs-release-3.4-7.773.23.el6.x86_64 (@anaconda-OracleVMServer-201805301600.x86_64/3.4.5)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY
[...]
Installed:
  ksplice.x86_64 0:1.0.32-1.el6                                                                               
 
Dependency Installed:
  boost-filesystem.x86_64 0:1.41.0-28.el6       boost-python.x86_64 0:1.41.0-28.el6             
  boost-regex.x86_64 0:1.41.0-28.el6            ksplice-core0.x86_64 0:1.0.32-1.el6 
  ksplice-tools.x86_64 0:1.0.30-1.el6           uptrack.noarch 0:1.2.47-0.el6          
  uptrack-PyYAML.x86_64 0:3.08-4.el6            uptrack-libyaml.x86_64 0:0.1.3-1.el6     
 
Complete!

  4. Edit /etc/uptrack/uptrack.conf to provide the client with the label of the local user space channel. If you followed the instructions in Section 6.4, “Configuring Yum for Oracle Ksplice” the channel should have the label uln_mirror_ovm34_x86_64_ksplice. Edit the file to include the lines: 

    [User]
yum_userspace_ksplice_repo_name = uln_mirror_ovm34_x86_64_ksplice

    Also edit to add any other required configuration options. For example, to enable automatic installation updates, change the autoinstall option from no to yes: 

    autoinstall = yes

    For more information on these options, see Configuring a Ksplice Client in the Oracle Linux Ksplice User's Guide at https://docs.oracle.com/cd/E37670_01/E39380/html/ol_ksplice_config.html.

    Note that some options, such as upgrade_on_reboot may not apply to user space packages.

  5. Update the system to install the Ksplice-aware versions of user space libraries. For example: 

    # yum update

  6. Reboot the system so that it uses the new user space libraries. 

    # reboot

Using the Ksplice Offline Enhanced Client

If your Oracle VM environment resides in a highly secure data center where it is not possible to maintain a permanent Internet connection for the Oracle VM Servers that you wish to patch for security updates, you can use the Ksplice Offline Enhanced Client (ksplice-offline) as an alternative. Ksplice kernel, user space and Xen updates are bundled into RPM packages, specific for a particular version, and are updated within 48 hours after a new Ksplice patch becomes available. These updates are made available on ULN.

At regular intervals, you download the latest Ksplice update packages for your systems, and update your local ULN mirror. Once the Ksplice Offline Enhanced Client is installed on your Oracle VM Servers, they can connect to the local ULN mirror to retrieve updates.

The disadvantages of using the offline client include the delay after a patch becomes available and the requirement to manage and refresh the ULN mirror. However, since the ULN mirror must be maintained to apply on-disk binary updates for the Ksplice packages and other patch updates, this may be the preferred approach. Although there is a delay in patching, this delay also offers some further assurance of stability and further testing.

For installation, configuration, and usage instructions, refer to Installing and Configuring the Ksplice Offline Enhanced Client in the Oracle Linux Ksplice User's Guide. Note that the instructions provided in the Oracle Linux Ksplice User's Guide are generic Oracle Linux instructions.

Caution

If you want to switch between the online and offline version of the Ksplice Enhanced Client, you must first remove the installed Ksplice client software, and then install the new Ksplice client version. For example, to switch from the online client to the offline client, run the following commands: 

# yum remove ksplice
# yum install ksplice-offline

To install and configure for Oracle VM Server:

  1. Configure the ULN mirror as described in Section 6.3, “Accessing ULN Channels”

  2. Configure the required yum repositories within Oracle VM Manager, as described in Section 6.4, “Configuring Yum for Oracle Ksplice”.

  3. On each Oracle VM Server, revert prelinked binaries and remove prelink: 

    # prelink -au
# yum remove prelink

  4. On each Oracle VM Server, install the Ksplice Offline Enhanced Client: 

    #  yum install ksplice-offline

  5. On each Oracle VM Server, edit the /etc/uptrack/uptrack.conf file to provide the client with the label of the local user space channel. If you followed the instructions in Section 6.4, “Configuring Yum for Oracle Ksplice” the channel should have the label uln_mirror_ovm34_x86_64_ksplice. Edit the file to include the lines: 

    [User]
yum_userspace_ksplice_repo_name = uln_mirror_ovm34_x86_64_ksplice

    Also edit to add any other required configuration options. For example, to enable automatic installation updates, change the autoinstall option from no to yes: 

    autoinstall = yes

    For more information on these options, see Configuring a Ksplice Client in the Oracle Linux Ksplice User's Guide at https://docs.oracle.com/cd/E37670_01/E39380/html/ol_ksplice_config.html.

    Note that some options, such as upgrade_on_reboot may not apply to user space packages.

  6. To install offline update packages, you must install the relevant packages for your system. When installing offline update packages you must specify the release in the command. For example, if you are installing the offline updates package for the Xen hypervisor, specify the release in the command as follows. 

    # yum install ksplice-updates-xen-$RELEASE

    where $RELEASE is the update package that corresponds to the version of the hypervisor that is currently running, as shown in this example: 

    # yum install ksplice-updates-xen-4.4.4-196.0.10.el6

  7. From this point, the Ksplice Offline Enhanced Client behaves similarly to the standard online version of the Ksplice Enhanced Client.

Copyright © 2014, 2019 Oracle and/or its affiliates. All rights reserved. Legal Notices