Note:
- This tutorial is available in an Oracle-provided free lab environment.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Use Ksplice on Oracle Linux
Introduction
Oracle Ksplice provides a method of patching your Oracle Linux system that has the following advantages:
- Critical security patches for Linux kernels, hypervisors and critical user space libraries are applied immediately.
- Updates are non-intrusive because the process does not require reboots and system downtime.
Objectives
This tutorial describes useful Oracle Ksplice commands for obtaining information related to updating systems with the latest packages from Unbreakable Linux Network (ULN).
Prerequisites
-
An Oracle Linux system that has been set up as an Oracle Ksplice client, either as a standard or an enhanced client. The system must also have access to the Internet.
-
If the Ksplice client is configured in online mode, it must be registered with the Unbreakable Linux Network.
Clients can operate either in online or offline mode. This tutorial assumes that you have a Ksplice client that is configured in online mode.
If your system is not yet configured as an Oracle Ksplice client, see https://docs.oracle.com/en/learn/oracle-linux-ksplice-enable.
Note: Oracle Ksplice is automatically installed and enabled on Oracle Linux instances that are running on Oracle Cloud Infrastructure (OCI). You do not need to register these instances with ULN to be able to work with Ksplice.
Useful Ksplice commands for administering Oracle Ksplice
Note: When using the free lab environment, see Oracle Linux Lab Basics for connection and other usage instructions.
This section describes certain Ksplice commands for managing patching and updates on Oracle Ksplice clients.
Note: Some information sources refer to Ksplice uptrack clients and the
uptrackcommand for configuring such clients. The uptrack client, or the standard client, is a subset of the functionality of the enhanced client. Thus, theksplicecommand can also be used in place of theuptrackcommand to manage these clients’ updates and patches.
For a comprehensive source of information about Ksplice, refer to the man page by typing:
man ksplice
For a more summarized form of help information, you can also type:
ksplice --help
Listing targets
The following command lists all of the running user space processes that can be patched by the client:
sudo ksplice all list-targets
Note: Ksplice commands can be filtered so that the command action is limited to specific subsystems that the ksplice tool manages. The previous example lists processes on all subsystems. Instead of
all, you can specifykernel,user, orxenso that the command acts only on those subsystems, for example:
sudo ksplice user list-targets
Listing patches that have been applied
The following command displays the updates and patches that have been applied to the system:
sudo ksplice all show
The output includes the effective kernel version. If no patches had been applied, then the kernel version would match the output of the uname -r command.
You can limit the output to display only the updates to specific subsystems, as shown in the following examples:
-
To display the effective kernel version, type:
sudo ksplice kernel show -
To display updates to user space processes, type:
sudo ksplice user showYou can further filter the information by specifying a PID, for example:
sudo ksplice user show --pid=705
Listing available updates
The ksplice upgrade command lists or installs available updates that can be applied to the system. Use the -n option to list available updates without installing.
sudo ksplice -n all upgrade
sudo ksplice -n kernel upgrade
sudo ksplice -n user upgrade
Note: An equivalent command for listing available updates is
ksplice show --available, for example:
sudo ksplice kernel show --available
Applying updates and patches
To install available updates, use the ksplice upgrade command, but use the -y option. Note that installing patches or upgrades requires user confirmation before the action is executed.
As with previous ksplice commands, you can limit the upgrade only to specific subsystems by specifying the subsystem instead of all, as shown in the following syntax:
ksplice -y all|kernel|user|xen upgrade
For example, the following command applies only kernel patches:
sudo ksplice -y kernel upgrade
Removing all applied patches
The ksplice remove command removes updates that have been applied by Ksplice. Note that removing patches or upgrades requires user confirmation before the action is executed.
sudo ksplice user remove --all
You can remove a specific update by specifying the Ksplice identifier (KID). The KID for an applied patch is displayed inside square brackets if a ksplice show command generates output, for example:
sudo ksplice all show
...Ksplice kernel updates installed:Installed updates:[rfywob9d] Clear garbage data on the kernel stack when handling signals.[625ho5e2] Provide an interface to freeze tasks....
Thus, you can type:
sudo ksplice kernel remove 625ho5e2
Note: The
ksplice undo <KID>command performs the same action of removing an individual update.
Disabling automatic updates
To prevent Ksplice from applying updates automatically when you perform a system reboot, create a disable file, as follows:
sudo touch /etc/uptrack/disable
To reenable automatic Ksplice updates, delete the disable file.
sudo rm /etc/uptrack/disable
Video Demonstration
The video tutorial Running Oracle Ksplice commands (online mode) on Oracle Linux demonstrates the use of these commands on your Oracle Linux system.
For more information
See other related resources:
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.