Note:
- This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Enable Ksplice in Oracle Linux
Introduction
Oracle Ksplice provides a method of patching your Oracle Linux system that has the following advantages:
- Critical security patches for Linux kernels, hypervisors and critical user space libraries are applied immediately.
- Updates are non-intrusive because the process does not require reboots and system downtime.
Two modes are available for setting up an Oracle Ksplice client: the online mode and the offline mode. Moreover, you can set up either a standard client, where only the kernel is updated, or an enhanced client where support for userspace and xen as well as the addition of known exploit detection is available.
Some information sources refer to the Ksplice uptrack client. The uptrack client is a subset of the functionality of the enhanced client. In uptrack clients, only the kernel is patched. In other words, when describing the standard client, this tutorial is referring to the uptrack client.
Note: Oracle Ksplice is automatically installed and enabled on Oracle Linux instances that are running on Oracle Cloud Infrastructure (OCI). You do not need to register these instances with ULN to be able to work with Oracle Ksplice.
Objectives
This tutorial specifically addresses setting up an enhanced client through an online connection with linux.oracle.com
. It teaches you how to set up Oracle Ksplice on your system by registering with Unbreakable Linux Network (ULN) and installing the necessary Oracle Ksplice packages.
Prerequisites
- An Oracle Linux system that has internet access.
- A Customer Support Identifier (CSI) that is obtained by creating an account with ULN.
Add your CSI to ULN
- On your browser, go to https://linux.oracle.com.
- Do one of the following steps:
- If you do not have an account with ULN yet, click Register and follow the instructions to create an account and obtain a CSI. Then sign in to ULN.
- If you already have an account, click Sign In and use your single signon credentials to log in.
- After logging in, click Profile.
- If your CSI is not listed on the table that is displayed, click Add Row and type the CSI in the appropriate field.
Register the system with ULN
-
Verify that you have the
rhn-setup
package installed on the system.sudo dnf info rhn-setup
If the package is not listed as installed, run the following command:
sudo dnf install -y rhn-setup
-
Register the system with ULN.
uln_register
The command opens a text user interface (TUI).
-
Use the Tab, Spacebar, and Enter keys to navigate through the different buttons and screens of the TUI to provide the information as prompted.
Unless you have specific preferences, accepting default values of the screen prompts is sufficient.
The profile that you created is uploaded to ULN, at the end of which you are returned to the system prompt.
Subscribe the system to Oracle Ksplice channels
-
Return to the browser’s ULN home page, and if necessary, refresh the page.
The Recently Registered Systems table would include the system that you just registered.
-
Click the newly registered system’s name to display its details in the System tab.
-
On the system’s details page, click Manage Subscriptions.
-
From the Available Channels panel on the left, double click
Ksplice aware user packages for Oracle Linux <version>
. Select the<version>
matching that of your Oracle Linux installation.This package is needed to set up an enhanced Oracle Ksplice client. Double clicking moves the item to the Subscribed Channels panel on the right.
Note: The
Ksplice for Oracle Linux <version>
package should already be listed under the Subscribed Channels panel. If not, then search for this item on the Available Channels on the left panel and double click the name to move it to the Subscribed Channels panel. -
Click Save Subscriptions.
Install the Oracle Ksplice packages
On a terminal window, do the following steps:
Note: For Oracle Linux instances running in OCI, ensure you enable the Oracle Ksplice repositories.
sudo dnf config-manager --enable ol8_ksplice,ol8_x86_64_userspace_ksplice
-
Verify the Oracle Ksplice repositories are enabled.
sudo dnf repolist
You’ll see the
Ksplice for Oracle Linux 8 (x86_64)
andKsplice aware userspace packages for Oracle Linux 8 (x86_64)
in the list. -
Install the
uptrack
packages.sudo dnf install ksplice uptrack -y
-
Install the enhanced Oracle Ksplice client and userspace packages.
sudo dnf update -y
-
Verify the Oracle Ksplice userspace packages installed.
rpm -q glibc openssl
Notice the
.ksplice
as part of the version string.
Perform additional configuration
To further configure how Oracle Ksplice applies updates to the system, edit the /etc/uptrack/uptrack.conf
file as follows:
-
To configure Oracle Ksplice to install all available updates at system boot, uncomment the
upgrade_on_reboot = yes
line. -
To apply updates through a scheduled cron job, change the value of
autoinstall
fromno
toyes
.
After making changes to the configuration file, reboot the system.
sudo systemctl reboot
For more information
See other related resources:
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.