Note:

• This tutorial is available in an Oracle-provided free lab environment.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Use Oracle Ksplice on Oracle Linux

Introduction

Oracle Ksplice provides a method of patching your Oracle Linux system that has the following advantages:

• Critical security patches for Linux kernels, hypervisors, and critical user-space libraries are applied immediately.
• Updates are non-intrusive because the process does not require reboots and system downtime.

Objectives

In this tutorial, you’ll learn how to:

• Run Oracle Ksplice commands
• Obtain information about updating your system from Unbreakable Linux Network (ULN).

Prerequisites

• Minimum of a single Oracle Linux system

• Each system should have Oracle Linux installed and configured with:

  • A non-root user account with sudo access
  • Set up as a standard or enhanced Oracle Ksplice client
  • Access to the internet

Clients can operate either online or offline. Online clients must be registered with the Unbreakable Linux Network. This tutorial assumes that you have a Ksplice client configured in online mode.

If your system is not yet configured as an Oracle Ksplice client, see https://docs.oracle.com/en/learn/oracle-linux-ksplice-enable.

Note: Oracle Ksplice is automatically installed and enabled on Oracle Linux instances running on Oracle Cloud Infrastructure (OCI). You do not need to register these instances with ULN to use Ksplice.

Deploy Oracle Linux

Note: If running in your own tenancy, read the linux-virt-labs GitHub project README.md and complete the prerequisites before deploying the lab environment.

1. Open a terminal on the Luna Desktop.

2. Clone the linux-virt-labs GitHub project.

   git clone https://github.com/oracle-devrel/linux-virt-labs.git
   

3. Change into the working directory.

   cd linux-virt-labs/ol
   

4. Install the required collections.

   ansible-galaxy collection install -r requirements.yml
   

5. Deploy the lab environment.

   ansible-playbook create_instance.yml -e localhost_python_interpreter="/usr/bin/python3.6"
   

   The free lab environment requires the extra variable local_python_interpreter, which sets ansible_python_interpreter for plays running on localhost. This variable is needed because the environment installs the RPM package for the Oracle Cloud Infrastructure SDK for Python, located under the python3.6 modules.

   Important: Wait for the playbook to run successfully and reach the pause task. At this stage of the playbook, the installation of Oracle Cloud Native Environment is complete, and the instances are ready. Take note of the previous play, which prints the public and private IP addresses of the nodes it deploys and any other deployment information needed while running the lab.

Useful Ksplice Commands for Administering Oracle Ksplice

These Ksplice commands describe handling the patching and updates on Oracle Linux systems running the Ksplice clients.

Note: Some information sources refer to Ksplice uptrack clients and the uptrack command for configuring such clients. The uptrack client, or the standard client, is a subset of the functionality of the enhanced client. Thus, you can use the ksplice command instead of the uptrack command to manage these clients’ updates and patches.

1. Open a terminal and connect via SSH to the ol-node-01 instance.

   ssh oracle@<ip_address_of_instance>
   

2. Refer to the man page for a comprehensive source of information about Ksplice.

   man ksplice
   

3. Use the --help option for a more summarized form of help information.

   ksplice --help
   

Listing Targets

1. List all of the running user space processes that the client can patch.

   sudo ksplice all list-targets
   

   Note: Ksplice commands can be filtered to limit the command action to specific subsystems that the ksplice tool manages. The previous example lists processes on all subsystems. Instead of all, you can specify kernel, user, or xen so that the command acts only on those subsystems.

   sudo ksplice user list-targets

Listing Applied Patches

1. Display the updates and patches currently applied to the system.

   sudo ksplice all show
   

   The output includes the effective kernel version. If you have not applied any patches, the kernel version will match the output of the uname -r command.

2. Use kernel to display the effective kernel version

   By including the subsystem name in the command, you can limit the output to display updates to specific subsystems only.

   sudo ksplice kernel show
   

3. Use user to display updates to user space processes

   sudo ksplice user show
   

4. Further filter the information by specifying a PID.

   sudo ksplice user show --pid=705
   

Listing Available Updates

The ksplice upgrade command lists or installs available updates that can be applied to the system.

1. Use the -n option to list available updates without installing.

   sudo ksplice -n all upgrade
   

   sudo ksplice -n kernel upgrade
   

   sudo ksplice -n user upgrade
   

   Note: An equivalent command for listing available updates is ksplice show --available.

   sudo ksplice kernel show --available

Applying Updates and Patches

To install available updates, use the ksplice upgrade command, but use the -y option. Note that installing patches or upgrades requires user confirmation before running the action.

As with previous ksplice commands, you can limit the upgrade only to specific subsystems by specifying the subsystem instead of all.

ksplice -y all|kernel|user|xen upgrade

1, Use the kernel subsystem to only apply kernel patches.

sudo ksplice -y kernel upgrade

Removing All Applied Patches

The ksplice remove command removes updates that Ksplice has applied. Removing patches or upgrades requires user confirmation before running the action.

1. Remove all user patches.

   sudo ksplice user remove --all
   

2. Remove a specific update by specifying the Ksplice identifier (KID).

   The KID for an applied patch is displayed inside square brackets if a ksplice show command generates output.

   sudo ksplice all show

   ... Ksplice kernel updates installed: Installed updates: [rfywob9d] Clear garbage data on the kernel stack when handling signals. [625ho5e2] Provide an interface to freeze tasks. ...

   sudo ksplice kernel remove 625ho5e2
   

   Note: The ksplice undo <KID> command performs the same action of removing an individual update.

Disabling Automatic Updates

1. Create a ‘disable’ file to prevent Ksplice from automatically applying updates when performing a system reboot.

   sudo touch /etc/uptrack/disable
   

2. Reenable automatic Ksplice updates, delete the disable file.

   sudo rm /etc/uptrack/disable
   

For more information

• Oracle Ksplice Documentation
• Oracle Linux Documentation
• Oracle Linux Training Station

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Use Oracle Ksplice on Oracle Linux

F47251-08

July 2024

Copyright ©2021,

Oracle and/or its affiliates.