Understanding Oracle Linux Package Management
OS Management Hub provides tools to manage packages and modules on Oracle Linux instances and groups, including scheduling updates, installing or removing packages, and editing modules.
- Update Types Available for Oracle Linux
- Using Ksplice for Oracle Linux
- Understanding Modules for Oracle Linux
- Package Management Tasks
Update Types Available for Oracle Linux
For Oracle Linux instances, OS Management Hub applies updates based on the following types:
| OS Management Hub Category | Description |
|---|---|
| Security |
An update that addresses security vulnerabilities found during development, testing, or reported by users. Security fixes usually have one or more associated CVE (Common Vulnerabilities and Exposure) names to identify the vulnerabilities. |
| Ksplice |
An update used by Ksplice for installing zero-downtime security patches. The update job can include only Ksplice kernel updates, only Ksplice userspace updates, or both. See Using Ksplice for Oracle Linux for how to configure an instance to receive Ksplice updates. |
| Bug Fix | An update that fixes issues reported by users or discovered during development or testing. |
| Enhancement | An update that introduces new features, improved functionality, or enhanced performance in the package's software. |
| Other | An update that's not associated with any errata. |
Using Ksplice for Oracle Linux
For OS Management Hub to apply Ksplice updates, Oracle Linux instances must have access to the Ksplice software sources and the Ksplice client installed.
For general information about Ksplice in Oracle Linux, see Oracle Linux Ksplice User's Guide.
Ksplice doesn't apply to lifecycle environments. Instead, you manage content updates through versioned custom software sources and promotion. See Promoting a Versioned Custom Software Source to a Lifecycle Stage.
Adding the Ksplice software sources to the service
You must add the Ksplice software source to OS Management Hub. The availability of the software source can vary depending on instance type. For OCI instances, Ksplice is automatically available. For on-premises or third-party cloud instances, Ksplice is restricted. You must add the entitlements to make the software source available.
For on-premises or third-party cloud instances, ensure the management station's mirror storage has enough space for the Ksplice software source. Insufficient space can cause the mirror sync to fail and prevent the latest Ksplice updates from being applied. Ksplice software sources are large and can grow to several terabytes over the lifecycle of an Oracle Linux release. Allocate enough storage for each Oracle Linux version.
To check mirror volume capacity and sync status, see Viewing Management Station Details.
Attaching the Ksplice software sources to instances
After adding the software sources to the service, you must attach the software source to instances or groups. After attaching, verify that the individual instances have the appropriate Ksplice software sources. See Listing Software Sources Attached to an Instance.
Installing the Ksplice client on instances
Instances must have the Ksplice client installed to receive Ksplice updates from OS Management Hub. OCI instances use a different client than on-premises or third-party cloud instances.
- OCI instances
-
OCI instances use the
ksplicepackage for the Ksplice client.For instances using a platform image, the
ksplicepackage is installed by default. If using a custom image, you might need to install theksplicepackage.To verify the package is installed, see Listing Packages Installed on an Instance.
- On-premises or supported third-party cloud instances
-
On-premises or third-party cloud instances use the
ksplice-offlinepackage for the Ksplice client.-
Check if the conflicting
uptrackpackage is installed and remove it (uptrack-offlineis ok).See the following (search for
uptrack): -
Install the latest version of the
ksplice-offlinepackage.See the following (search for
ksplice-offline):
-
If the install job fails for the group, an individual instance in the group might have a conflicting Ksplice client installed. See Group manifest doesn't have uptrack, but ksplice-offline installation fails.
Verifying Ksplice Updates
Use the following methods to verify Ksplice updates are being applied.
Check the effective kernel
View the instance details and verify the effective kernel value has been updated. A blank value (-) indicates that no Ksplice kernel updates have been applied.
Check change history
View the change history report for the instance. Look for entries with a summary of "Update ksplice kernel" or "Update ksplice userspace". Click the entry's date to view job details.
If you don't see Ksplice entries in the change history, the update job might have failed. See Listing Jobs Associated with an Instance and examine the error messages in any failed jobs.
Understanding Modules for Oracle Linux
Oracle Linux 8 and later releases provide modules, module streams, and profiles to enable the management of different versions of software within a single OS release.
- Modules
-
Modules are a set of RPM packages that are grouped together and must be installed together. They can contain several streams that consist of multiple versions of applications that you can install. You enable a module stream to provide system access to the RPM packages that are contained in that module stream.
- Module Streams
- Module streams hold different versions of content contained within a module. Modules can have multiple streams, where each stream contains a different version of packages and their dependencies. Each stream receives updates independently.
- Profiles
- Profiles provide a list of certain packages that are installed at the same time for a particular use case. Profiles are also a recommendation by the application packagers and experts. Each module stream can have one or more profiles.
For more information about DNF modules, streams, and profiles, see Use DNF Modules and Application Streams in the Oracle Linux documentation.
For important guidelines, caveats, and warnings when performing package operations on modules and streams, see About Modular Dependencies and Stream Changes in the Oracle Linux documentation.
Module Status
The module stream can be in one of the following states:
- Enabled: Stream can provide packages to the instance.
- - (hyphen): Stream isn't enabled but can provide packages to the instance to satisfy package dependencies.
- Disabled: Stream can't provide packages to the instance until enabled.
Package Management Tasks
Use the following tasks to manage packages for Oracle Linux instances and groups.
Instances
- Package Management
- Module Management
-
- Editing a Module on an Instance
- Viewing Modules, Streams, and Profiles on an Instance
- Enabling a Module Stream on an Instance
- Installing Module Stream Profiles on an Instance
- Switching to Another Module Stream on an Instance
- Removing Module Stream Profiles from an Instance
- Disabling a Module Stream on an Instance
- Software Source Management
Groups
- Group Content Management