This discussion is archived
4 Replies Latest reply: Mar 31, 2013 2:17 AM by Avi Miller RSS

How to use/select Ksplice patches for a specific Minor OL 5 release.

Roddy Rodstein Explorer
Currently Being Moderated
Greetings,

We are supporting dev, DR and production EBS environments on OL 5.5 (x64 RHEL kernel) virtual machines on oracle vm. We would like to use Ksplice to patch the OL 5.5 (x64 RHEL kernel) running kernels, although Ksplice' s default behavior is to use the latest repository patches, with no way to filter for only minor release patches, i.e. if we uptrack-upgrade -y a OL 5.5 host, uptrack-upgrade applies "all" of the 5.9 kernel updates.

Could you share your tips and tricks to be able to use Ksplice for minor OL/RHEL releases, i.e. 5.4, 5.5, 5.6, 6.1, 6.2, etc.....?

Thank you in advance for your support!

Respectfully,
Roddy
  • 1. Re: How to use/select Ksplice patches for a specific Minor OL 5 release.
    Dude! Guru
    Currently Being Moderated
    You can specify individual Ksplice updates: http://docs.oracle.com/cd/E37670_01/E37355/html/ol_ksplice_updates.html. From what I understand, Ksplice uses an Uptrack repository configuration and requires an ULN support subscription. I suggest to contact Oracle support to find out if there are any particular Ksplice release channels (repositories) you can use. However, Oracle provides ABI compatibility with the UEK kernel and you can use the same kernel release and patches under various base distributions, which I think is part of the idea.
  • 2. Re: How to use/select Ksplice patches for a specific Minor OL 5 release.
    Avi Miller Guru
    Currently Being Moderated
    Roddy Rodstein wrote:
    Could you share your tips and tricks to be able to use Ksplice for minor OL/RHEL releases, i.e. 5.4, 5.5, 5.6, 6.1, 6.2, etc.....?
    There isn't one. There aren't any Ksplice repositories and this completely defeats the purpose of Ksplice. The entire point is to patch the kernel for all security errata with zero downtime. You could chose to apply individual Ksplice updates, but that would be remarkably tedious, I suspect. Even the new offline Ksplice RPMs work by taking the original kernel and applying all available patches to it.

    Note as well that 5.5 is very old. You should just upgrade all your machines to 5.9.
  • 3. Re: How to use/select Ksplice patches for a specific Minor OL 5 release.
    Roddy Rodstein Explorer
    Currently Being Moderated
    Avi,

    Great to hear from you!

    Of course, from an OS support perspective upgrading to the latest release would be ideal. Although, as we all know, its all about the apps, not the OS.

    In this case, the app is EBS, and the customer invested over 24 months of consulting resources to stand up, customize, stabilize and role out EBS on OVM/OL 5.5 (DR, test and Prod). The EBS systems are 24/7/365, and are serviced by an in-house IT staff, on-shore and off-shore developers, and others. EBS downtime is measured in tens of thousands of dollars per minute.

    Oracle's Linux sales team suggested to "just" upgrade the OS's from 5.5 to 5.9. They provided a laundry list of reasons why the customer should upgrade from 5.5 to 5.9. The customer and the consulting team that supports EBS unanimously agreed that the risk to upgrade the OS was to high. I reckon they will stay on 5.5 until they are forced to upgrade EBS.

    I also opened an SR with the same content from this from post and received an interesting response. In short O support confirmed that its not an option to pick and choose ksplice updates for a minor release, and that the ksplice updates are cumulative and designed to update and fix all errata, without adding any new features. So in our case, when we uptrack-upgrade 5.5 hosts, the kernel is still a 5.5 kernel, but patched for all critical bugs that are fixed to date. We got a very different reply from the Linux/Ksplice team, essentially saying the being on 5.5 defeats the purpose for ksplice. We really like O supports response!

    The customer is keen to take advantage of ksplice to save tens of thousands of dollars that would be lost to reboot the hosts just to load kernel updates. To meet these needs, we have setup an OEM deployment procedure to apply & manage the ksplice patch jobs. Would you happen to know if using OEM deployment procedures for ksplice is bundled with oracle Linux support, or does the customer need to buy the application management pack to use deployment procedures for ksplice?

    Would you happen to know if ksplice is on Cloud Control's road map, i.e. will it be integrated into the Linux Host Patching feature?

    Thank you for your support!

    Respectfully,
    Roddy
  • 4. Re: How to use/select Ksplice patches for a specific Minor OL 5 release.
    Avi Miller Guru
    Currently Being Moderated
    Roddy Rodstein wrote:
    We really like O supports response!
    It's really the same response though: Ksplice patches the in memory kernel, but doesn't change the on-disk kernel. If the server were to reboot or restart for any reason, you'd need to re-Ksplice the kernel to get it back to where it was. Thus, we recommend doing both: using Ksplice to change the in-memory kernel, but also using yum to upgrade so that if for any reason you have to reboot, you still have all the fixes/patches that were previously Kspliced. They are complimentary processes, not conflicting ones.
    Would you happen to know if using OEM deployment procedures for ksplice is bundled with oracle Linux support, or does the customer need to buy the application management pack to use deployment procedures for ksplice?
    You don't need the AMP as far as I know to use Deployment Procedures to run a shell script. It's part of the EM base functionality that's included with Oracle Linux suport.
    Would you happen to know if ksplice is on Cloud Control's road map, i.e. will it be integrated into the Linux Host Patching feature?
    Of course it is. :) However, I have no idea when it'll be available.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points