8.1. Updating Kernel with ReadyKernel¶
ReadyKernel is a kpatch-based service shipped with Virtuozzo Infrastructure Platform and available out-of-the-box on physical servers with active licenses. ReadyKernel offers a more convenient, rebootless alternative to updating the kernel the usual way and allows you not to wait for scheduled server downtime to apply critical security updates. ReadyKernel enables you to receive cumulative kernel patches that fix critical security issues and apply these patches without having to reboot the server. ReadyKernel updates are released for kernels younger than 18 months. When a kernel becomes older that 18 months, you need to switch to a newer kernel to keep receiving ReadyKernel updates.
Upon installation, the patches are loaded into server RAM and immediately applied to the kernel. If the server reboots, these patches are reapplied to the kernel on boot. You can check the details of the applied ReadyKernel patch at any time with
If later you install a new kernel or a major kernel update that requires a reboot, the downloaded patches will remain on the server but will not be applied.
In Virtuozzo Infrastructure Platform, ReadyKernel is set to automatically download and apply updates. Checks for new patches are added to each
yum transaction that takes place on any node in the infrastructure.
Even though ReadyKernel requires no user interaction by default, you can read the following subsections to understand how this tool works and manage it if needed.
8.1.1. Installing ReadyKernel Patches Automatically¶
ReadyKernel is enabled by default and checks for new patches daily at 12:00 server time by means of a
cron.d script. If a patch is available, ReadyKernel will download, install, and load it for the current kernel.
To disable automatic updating, run
# readykernel autoupdate disable
You can re-enable automatic updating later with the following command:
# readykernel autoupdate enable <hour>
The service will check for patches daily at the specified
<hour> (set in 24-hour format, server time).
8.1.2. Managing ReadyKernel Patches Manually¶
22.214.171.124. Downloading, Installing, and Loading ReadyKernel Patches¶
To download, install, and instantly load the latest ReadyKernel patch for the current kernel, do the following:
Check for new ReadyKernel patches:
# readykernel check-update
If a new patch is available, download, install, and instantly load it for the current kernel by running:
# readykernel update
You can also do this with
ReadyKernel patches are cumulative, i.e. the latest patch includes all the previous ones. To keep the kernel secure, you only need to install and load the latest patch.
126.96.36.199. Loading and Unloading ReadyKernel Patches¶
To manually load the latest installed ReadyKernel patch to the kernel, do one of the following:
If an older patch is already loaded, unload it first, then load the latest patch by running:# readykernel load-replace
If no older patches are loaded, load the latest patch by running:# readykernel load
To unload the patch from the current kernel, run
# readykernel unload
188.8.131.52. Installing and Removing ReadyKernel Patches for Specific Kernels¶
If multiple kernels are installed on the server, you can install a ReadyKernel patch for a specific kernel:
# yum install readykernel-patch-<kernel_version>
To remove a specific ReadyKernel patch from the server, run
# yum remove readykernel-patch-<kernel_version>
184.108.40.206. Downgrading ReadyKernel Patches¶
If you experience problems with the latest ReadyKernel patch, you can downgrade it to an older version if one is available.
To downgrade a patch for the current kernel to the previous version, run
# yum downgrade readykernel-patch-$(uname -r)
To downgrade a patch for a specific kernel to the previous version, run
# yum downgrade readykernel-patch-<kernel_version>
You can run these commands multiple times to downgrade to the patch version you need. Alternatively, you can downgrade a patch to a specific version by specifying the desired patch version. For example:
# yum downgrade readykernel-patch-12.7-0.4-17.vl7
220.127.116.11. Disabling Loading of ReadyKernel Patches on Boot¶
If for some reason you do not want ReadyKernel patches to be applied at boot time, run the following command:
# readykernel autoload disable
To re-enable automatic loading of ReadyKernel patches on boot, run
# readykernel autoload enable
18.104.22.168. Managing ReadyKernel Logs¶
ReadyKernel logs event information in
/var/log/kpatch.log. You can specify logging parameters for the latter in the configuration file
/etc/logrotate.d/kpatch. For more information on parameters you can use, see the
logrotate man page.