Generally, all Linux distributions needs a scheduled reboot once to stay up to date with important kernel security updates. RHN (or other distro vendors) provides Linux kernel security updates. You can apply kernel updates using yum command or apt-get command line options. After each upgrade you need to reboot the server. Ksplice service allows you to skip reboot step and apply hotfixes to kernel without rebooting the server. In this post I will cover a quick installation of Ksplice for RHEL 5.x and try to find out if service is worth every penny.
The technology and hack behind this looks pretty cool. This is useful if you've a small number of Linux based servers and/or you want avoid unscheduled reboot just to apply hotfix to Linux kernel.
How Do I Install Ksplice?
First, you need to register with Ksplice. Type the following command to install rpm repo under RHEL 5:# rpm -ivh https://www.ksplice.com/yum/uptrack/centos/ksplice-uptrack-release.noarch.rpm
To install Ksplice, enter:# yum install uptrack
Edit /etc/uptrack/uptrack.conf, enter:# vi /etc/uptrack/uptrack.conf
Update it as follows (input your access key):
[Auth]
accesskey = ADD-YOUR-ACCESS-KEY-HERE
[Network]
# Proxy to use when accessing the Uptrack server, of the form
# [protocol://]<host>[:port]
# The proxy must support making HTTPS connections. If this is unset,
# Uptrack will look for the https_proxy, HTTPS_PROXY, and http_proxy
# environment variables in that order, and then finally look for a
# proxy setting in the system-wide GConf database, if available.
https_proxy =
[Settings]
# Automatically install updates at boot time. If this is set, on
# reboot into the same kernel, Uptrack will re-install the same set of
# updates that were present before the reboot.
install_on_reboot = yes
# Options configuring the Uptrack cron job.
#
# GUI users will get all notices via the GUI and likely want to set
# the following cron options to "no".
# Cron job will install updates automatically
autoinstall = no
# Cron job will print a message when new updates are installed.
# This option is only relevant if autoinstall = yes
cron_output_install = no
# Cron job will print a message when new updates are available
cron_output_available = no
# Cron job will print a message when it encounters errors
cron_output_error = no</host>
Save and close the file.
How Do I Apply Rebootless Kernel Updates?
You need to first download and apply updates via RHN:# yum -y update
OR# yum update kernel kernel-headers kernel-devel
Don't reboot the box, simply type the following command to apply hotfix:# uptrack-upgrade
To see a list of updates that are currently installed, enter:# uptrack-show -y
Sample Email Notification
You will get an email as follows when updates are available:
Fig.01: Ksplice Update Notification
The web interface also provides information about your server and installed kernel updates:
Fig.02: Uptrack Web Interface
Conclusion
The pricing is as follows:
- Monthly price per system First 20 servers : $3.95
- Beyond 20 servers: $2.95
- Currently it is free for all Ubuntu users.
Ksplice is a pretty good and stable software. This is useful for Linux admin or business who can not accept downtime for patching. A few business comes in my mind:
- Small shop, say 8-12 Linux based servers.
- Pro-blogging or webmaster servers (a typical setup included one web server and one db server). Avoiding downtime means more ad revenue for webmasters.
- Hosting companies - again avoiding downtime means good customer satisfactions and less work for sys admins. If you run VM based hosting (OpenVZ or XEN based vps) you can avoid downtime too.
- Small cluster of Linux system, say 6 system - If cluster is using 80% of capacity and if one of node rebooted for kernel upgrade, load will up for rest of 5 systems. In such case, this service can help to keep load under control without rebooting the box. However, this is NOT very useful for very large Linux based cluster redundant load-balanced servers, routers, switches, firewalls etc. Since your cluster is so large that 4-5 servers failing makes no difference to the remaining nodes. In some cases it is possible to do geo load balancing too.
But I've HA Failover Solution In Place...
100% uptime depends upon lots of factors and and HA solution handles hardware or other failures very well. However, Ksplice service is not all about 100% uptime, it is about not rebooting your server for a Linux kernel upgrade. You can easily combine Ksplice with HA solution (such as keepalived+nginx reverse proxy) and try to get perfect five 9s. I highly recommend this service for small to medium size business or professional webmasters.
