7.2. Updating Virtuozzo Hybrid Server Kernel with ReadyKernel¶
Virtuozzo ReadyKernel is a kpatch-based service shipped with Virtuozzo Hybrid Server 7 and available out-of-the-box on hardware nodes with active licenses. ReadyKernel offers a more convenient, rebootless alternative to updating the kernel the usual way and allows you not to wait for scheduled server downtime to apply critical security updates. ReadyKernel enables you to receive cumulative kernel patches that fix critical security issues and apply these patches without having to reboot the server. ReadyKernel updates are released for Virtuozzo Hybrid Server kernels younger than 18 months. When a kernel becomes older, it should be updated, e.g., to the latest one, so you can keep receiving ReadyKernel updates.
Upon installation, the patches are loaded into server RAM and immediately applied to the kernel. If the server reboots, these patches are reapplied to the kernel on boot.
If later you install a new kernel or major kernel update that requires a reboot, the downloaded patches will remain on the server but will not be applied.
At any time, you can check the details of the applied ReadyKernel patch with
ReadyKernel patches can be received and installed automatically or manually as described in the following sections.
7.2.1. Installing ReadyKernel Patches Automatically¶
If automatic updating was not disabled during the installation, ReadyKernel will check for new patches daily at 12:00 server time. If a patch is available, ReadyKernel will download, install, and load it for the current kernel.
If automatic updating is disabled, you can re-enable it with the following command:
# readykernel autoupdate enable <hour>
The service will check for patches daily at the specified
<hour> (set in 24-hour format, server time) by means of the
To disable automatic updating, run
# readykernel autoupdate disable
7.2.2. Managing ReadyKernel Patches Manually¶
126.96.36.199. Dowloading, Installing, and Loading ReadyKernel Patches¶
To download, install, and instantly load the latest ReadyKernel patch for the current kernel, do the following:
Check for new ReadyKernel patches:
# readykernel check-update
If a new patch is available, download, install, and instantly load it for the current kernel by running:
# readykernel update
You can also do this with
ReadyKernel patches are cumulative, i.e. the latest patch includes all the previous ones. To keep the kernel secure, you only need to install and load the latest patch.
188.8.131.52. Loading and Unloading ReadyKernel Patches¶
To manually load the latest installed ReadyKernel patch to the kernel, do one of the following:
If an older patch is already loaded, unload it first, then load the latest patch by running:# readykernel load-replace
If no older patches are loaded, load the latest patch by running:# readykernel load
To unload the patch from the current kernel, run
# readykernel unload
184.108.40.206. Installing and Removing ReadyKernel Patches for Specific Kernels¶
If multiple kernels are installed on the server, you can install a ReadyKernel patch for a specific kernel:
# yum install readykernel-patch-<kernel_version>
To remove a specific ReadyKernel patch from the server, run
# yum remove readykernel-patch-<kernel_version>
220.127.116.11. Downgrading ReadyKernel Patches¶
If you experience problems with the latest ReadyKernel patch, you can downgrade it to an older version if one is available.
To downgrade a patch for the current kernel to the previous version, run
# yum downgrade readykernel-patch-$(uname -r)
To downgrade a patch for a specific kernel to the previous version, run
# yum downgrade readykernel-patch-<kernel_version>
You can run these commands multiple times to downgrade to the patch version you need. Alternatively, you can downgrade a patch to a specific version by specifying the desired patch version. For example:
# yum downgrade readykernel-patch-12.7-0.4-17.vl7
7.2.3. Disabling Loading of ReadyKernel Patches on Boot¶
If for some reason you do not want ReadyKernel patches to be applied at boot time, run the following command:
# readykernel autoload disable
To re-enable automatic loading of ReadyKernel patches on boot, run
# readykernel autoload enable
7.2.4. Managing ReadyKernel Logs¶
ReadyKernel logs event information in
/var/log/kpatch.log. You can specify logging parameters for the latter in the configuration file
/etc/logrotate.d/kpatch. For more information on parameters you can use, see the
logrotate man page.