Using the KernelCare plugin
You can use the KernelCare plugin to patch the Linux kernel on hosts without rebooting them. The plugin provides job templates to view and live-patch the Linux kernel on hosts and ensures hosts do not report to orcharhino Server that a reboot is required through tracer. For more information, see tuxcare.com/enterprise-live-patching-services and docs.tuxcare.com/live-patching-services.
|
The KernelCare plugin is a technical preview. ATIX AG does not recommend running this in your production environment. |
Installing the KernelCare plugin
Use the following procedure to install the KernelCare plugin.
-
Install the plugin on your orcharhino Server:
$ orcharhino-installer --enable-foreman-plugin-kernel-care
KernelCare client
After installing the KernelCare plugin, you must provide the KernelCare client to your hosts. You synchronize the required repositories depending on the operating system of your hosts and then ensure to make the content consumable to your hosts.
KernelCare client repositories
The following tables list KernelCare client repositories for supported client operating systems. Each table corresponds to a product name and each row corresponds to a repository name.
-
Import the GPG public into orcharhino.
-
For Yum content, import https://repo.cloudlinux.com/kernelcare/RPM-GPG-KEY-KernelCare.
-
For Deb content, import https://repo.cloudlinux.com/kernelcare/kernelcare.gpg.
-
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL | Releases/Distributions | Components | Architectures |
|---|---|---|---|---|
|
|
|
|
| Name | Upstream URL | Releases/Distributions | Components | Architectures |
|---|---|---|---|---|
|
|
|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL |
|---|---|
|
| Name | Upstream URL | Releases/Distributions | Components | Architectures |
|---|---|---|---|---|
|
|
|
|
| Name | Upstream URL | Releases/Distributions | Components | Architectures |
|---|---|---|---|---|
|
|
|
|
| Name | Upstream URL | Releases/Distributions | Components | Architectures |
|---|---|---|---|---|
|
|
|
|
Installing the KernelCare package on hosts
You can use kernelcare to patch the Linux kernel on hosts without rebooting them.
-
Your hosts have access to the KernelCare repository. For more information, see KernelCare Client.
-
In the orcharhino management UI, navigate to Monitor > Jobs and click Run job.
-
Select Katello as Job category and Install Package – Katello Script Default as Job template and click Next.
-
Select hosts on which you want to run the job. If you do not select any hosts, the job will run on all hosts you can see in the current context.
-
In the package field, enter
kernelcareand click Next. -
Optional: To configure advanced settings for the job, fill in the Advanced fields. To learn more about advanced settings, see Advanced settings in the job wizard.
-
Click Next.
-
Select Immediate execution to execute the job immediately and click Next.
-
Review job details. You have the option to return to any part of the job wizard and edit the information.
-
Click Run to install
kernelcareon your hosts.
Viewing patched kernel version
You can use a job template to view the patched kernel version on hosts.
-
Ensure the
kernelcarepackage is installed on your hosts. For more information, see Installing the KernelCare Package on Hosts.
-
In the orcharhino management UI, navigate to Monitor > Jobs and click Run job.
-
Select LivePatching – Script Default as Job category and LivePatching – Kernel version as Job template and click Next.
-
Select hosts on which you want to run the job. If you do not select any hosts, the job will run on all hosts you can see in the current context.
-
Click Next.
-
Optional: To configure advanced settings for the job, fill in the Advanced fields. To learn more about advanced settings, see Advanced settings in the job wizard.
-
Click Next.
-
Select Immediate execution to execute the job immediately and click Next.
-
Review job details. You have the option to return to any part of the job wizard and edit the information.
-
Click Run to view the running Kernel version on your hosts.
Live patching hosts using KernelCare plugin
You can use kcarectl provided by TuxCare to live-patch the Linux kernel on your hosts.
By default, kcarectl checks for updates every four hours.
If the automatic installation of patches is disabled or if you want to install patches manually at a certain time, you can start the process using a remote execution job.
-
Ensure your hosts have the
kernelcarepackage installed. -
Ensure your hosts have access to the internet to connect to cloudlinux.com.
If your host is in a disconnected environment, you can use ePortal by Tuxcare to provide Linux kernel patches. For more information, see docs.tuxcare.com/eportal.
-
In the orcharhino management UI, navigate to Monitor > Jobs and click Run job.
-
Select LivePatching – Script Default as Job category and LivePatching – Update kernel as Job template and click Next.
-
Select hosts on which you want to run the job. If you do not select any hosts, the job will run on all hosts you can see in the current context.
-
Click Next.
-
Optional: To configure advanced settings for the job, fill in the Advanced fields. To learn more about advanced settings, see Advanced settings in the job wizard.
-
Click Next.
-
Select Immediate execution to execute the job immediately and click Next.
-
Review job details. You have the option to return to any part of the job wizard and edit the information.
-
Click Run to update to the latest Linux kernel on your hosts.
|
The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution Share Alike 4.0 International ("CC BY-SA 4.0") license. This page also contains text from the official Foreman documentation which uses the same license ("CC BY-SA 4.0"). |