If you want a reliable and easy way to automate patching of your Linux instances in the cloud and to keep up to date with the latest security fixes, Oracle Autonomous Linux might be the solution for you.
Autonomous Linux is a self-patching operating system image based on Oracle Linux 7. It runs automatic patch updates without the need for human interactions, which improves security, availability, and IT productivity. It automatically applies patches daily and uses Oracle Ksplice technology to apply kernel and key user space updates without the need to reboot systems.
Autonomous Linux is available for use on Oracle Cloud Infrastructure, and subscribers receive support at no additional cost.
Deploying Autonomous Linux on Oracle Cloud Infrastructure is a quick and simple task. Sign in to your Oracle Cloud Infrastructure account in the Console, and navigate to Compute and then Instances in the main menu. Create a Linux instance, selecting the Oracle Autonomous Linux image from the list of Oracle-provided Platform Images available for deployment, and specify the network and access configurations. Click Create Instance, and in minutes, the Autonomous Linux instance is up and running.
After the instance is deployed, you can let automated patching do its daily job, providing you with hands-off OS management. In some situations, you might want to configure Autonomous Linux to notify you when updates occur, or to control when automated updates should be run. Following are some tips to help you configure such tasks.
Autonomous Linux performs automatic updates daily, if updates are available. Patches are automatically updated at a regular random time generated by Autonomous Linux within a given update time window.
The default update time window is 4 hours, and it starts 2 hours from the first boot time of the Autonomous Linux instance. The update time window is defined by a 24-hour window specification (0-24). For example, if the instance boot time was 14:10 (2:10 p.m.) or 14:55 (2:55 p.m.), the default update window for both of these cases is 16–20 (4–8 p.m.). The daily update time is then randomly generated between 4 p.m. and 8 p.m. Automatic updates are then performed at the same generated time every day.
If you prefer that automatic updates occur during a specific time frame, to suit your business and minimize the impact on systems, the latest Autonomous Linux image now includes the al-config utility. The al-config utility lets you customize the time window in which an automatic update is performed.
You can use the al-config utility as follows:
al-config -w <start_hour>-<end_hour>
The -w option specifies the time window in which the daily automatic updates can occur. The 24-hour time format applies. The start and end hour must be an integer from 0 to 23. The minimum window is 2 hours, and the maximum window is 6 hours. When this option is used, Autonomous Linux generates a fixed daily automatic update time within the specified time range.
al-config -s
The -s option shows the current automatic update time window and update time.
Here are some examples:
Configure the update time window and update time:
$ sudo al-config -w 23-4
Configured daily auto update time window(24-hour): 23-4
Configured daily auto update time(24-hour): 02:18
Created cron job file /etc/cron.d/al-update.
Show the current update time window and update time:
$ sudo al-config -s
Current daily auto update time window(24-hour): 23-4
Current daily auto update time(24-hour): 02:18
You can use this command to show when an update is scheduled to occur each day. You can check the Autonomous Linux log at /var/log/al.log or set up notifications to let you know when an update has occurred.
You can configure the Oracle Cloud Infrastructure Notifications service to receive email, PagerDuty, or Slack status messages from your instance when Ksplice or yum updates have been applied, or when Ksplice detects certain known exploit attempts. We recommend that you configure notifications for Autonomous Linux before creating an instance.
Here are the steps to set up notifications on Oracle Cloud Infrastructure:
In the Console's navigation menu, under Solutions and Platform, select Application Integration and then select Notifications.
Create a topic. A topic is a communication channel for sending Oracle Cloud Infrastructure messages to its subscriptions. A topic can have zero, one, or multiple subscriptions that are notified whenever a message is published to a topic.
After you create the topic is created, subscribe to it by creating a subscription. Choose from the various notification protocol options.
For example, if you choose the Email option, the email addresses that you specify receive a confirmation email. Follow the instructions in the email to authorize the receipt of notifications for the email addresses.
Configure your Autonomous Linux instances for notifications either by creating a dynamic group and having the instance added to the topic automatically, or by registering the instance manually after its creation. For instructions, see Getting Started: Deploying and Configuring Oracle Autonomous Linux on Oracle Cloud Infrastructure.
If you’re interested in learning more about Autonomous Linux, you can deploy it and try it for free by using Oracle Cloud Always Free Tier compute resources. Always Free Tier resources don’t have expiration dates, so they’re always there for you. All you need is an Oracle Cloud Infrastructure account.
Next Post