Using the KernelCare Plug-in
You can use the KernelCare plug-in to patch the Linux kernel on managed hosts without rebooting them. The plug-in provides job templates to view and live-patch the Linux kernel on managed hosts and ensures managed hosts do not report to orcharhino Server that a reboot is required through tracer. For more information, see tuxcare.com/live-patching-services and docs.tuxcare.com/live-patching-services.
The KernelCare plug-in is a technical preview. ATIX AG does not recommend running this in your production environment. |
Installing the KernelCare Plug-in
Use the following procedure to install the KernelCare plug-in.
-
On your orcharhino Server, install the plug-in package:
# dnf install rubygem-foreman_kernel_care
-
Rerun orcharhino-installer:
# orcharhino-installer
KernelCare Client
You need to provide the KernelCare client to your managed hosts. Synchronize the required repositories depending on the operating system of your managed hosts.
After synchronization, ensure to make the content consumable to your managed hosts.
Creating KernelCare Repositories for Red Hat Enterprise Linux 9
You need to provide the KernelCare client on managed hosts to live-patch their Linux kernel.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
KernelCare Red Hat Enterprise Linux
. For more information, see Creating a Product in Managing Content. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
Name:
KernelCare Red Hat Enterprise Linux 9
-
Upstream URL:
https://repo.cloudlinux.com/kernelcare/9/x86_64/
-
Optional: Add the KernelCare GPG pub key as content credential:
https://repo.cloudlinux.com/kernelcare/RPM-GPG-KEY-KernelCare
.
For more information, see Adding RPM Repositories in Managing Content.
-
Creating KernelCare Repositories for Red Hat Enterprise Linux 8
You need to provide the KernelCare client on managed hosts to live-patch their Linux kernel.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
KernelCare Red Hat Enterprise Linux
. For more information, see Creating a Product in Managing Content. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
Name:
KernelCare Red Hat Enterprise Linux 8
-
Upstream URL:
https://repo.cloudlinux.com/kernelcare/8/x86_64/
-
Optional: Add the KernelCare GPG pub key as content credential:
https://repo.cloudlinux.com/kernelcare/RPM-GPG-KEY-KernelCare
.
For more information, see Adding RPM Repositories in Managing Content.
-
Creating KernelCare Repositories for Red Hat Enterprise Linux 7
You need to provide the KernelCare client on managed hosts to live-patch their Linux kernel.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
KernelCare Red Hat Enterprise Linux
. For more information, see Creating a Product in Managing Content. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
Name:
KernelCare Red Hat Enterprise Linux 7
-
Upstream URL:
https://repo.cloudlinux.com/kernelcare/7/x86_64/
-
Optional: Add the KernelCare GPG pub key as content credential:
https://repo.cloudlinux.com/kernelcare/RPM-GPG-KEY-KernelCare
.
For more information, see Adding RPM Repositories in Managing Content.
-
Installing the KernelCare Package on Managed Hosts
You can use kernelcare
to patch the Linux kernel on managed hosts without rebooting them.
-
Your managed hosts have access to the KernelCare repository.
-
In the orcharhino management UI, navigate to Hosts > All Hosts and select one or multiple hosts.
-
From the Select Action menu, select Schedule Remote Job.
-
In the Job category field, select
Katello via Ansible
. -
In the Job template field, select
Install Package - Katello Ansible Default
. -
In the Package field, enter
kernelcare
. -
Click Submit to install the package on your managed hosts.
Viewing Patched Kernel Version
You can use a job template to view the patched Kernel version on managed hosts.
-
Ensure the
kernelcare
package is installed on your managed hosts. For more information, see Installing the KernelCare Package on Managed Hosts.
-
In the orcharhino management UI, navigate to Hosts > All Hosts.
-
Select one or multiple hosts and under Select Action, click Schedule Remote Job.
-
In the Job category field, select
Commands
. -
In the Job template field, select
Kernel version
. -
Click Submit to view the running Linux kernel version on your hosts.
Live Patching Hosts Using KernelCare Plug-In
You can use kcarectl
provided by TuxCare to live-patch the Linux kernel on managed hosts.
By default, kcarectl
checks for updates every four hours.
If the automatic installation of patches is disabled or if you want to install patches manually at a certain time, you can start the process using a remote execution job.
-
Ensure your hosts have the
kernelcare
package installed. -
Ensure your hosts run Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, or Red Hat Enterprise Linux 9.
-
Ensure your hosts have access to the internet to connect to cloudlinux.com.
If your host is in a disconnected environment, you can use ePortal by Tuxcare to provide Linux kernel patches. For more information, see docs.tuxcare.com/eportal.
-
In the orcharhino management UI, navigate to Hosts > All Hosts.
-
Select one or multiple hosts and under Select Action, click * Schedule Remote Job*.
-
In the Job category field, select
Commands
. -
In the Job template field, select
Run Command - SSH Default
. -
In the command field, enter
/usr/bin/kcarectl --update
. -
Click Submit to update to the latest Linux kernel on your hosts.
-
For more information on live-patching managed hosts, see docs.tuxcare.com/live-patching-services.
The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution–Share Alike 3.0 Unported ("CC-BY-SA") license. This page also contains text from the official Foreman documentation which uses the same license ("CC-BY-SA"). |