Tips for Using Oracle Autonomous Linux on Oracle Cloud

April 15, 2020 | 4 minute read
Julie Wong
Product Management Director, Oracle Linux and Virtualization
Text Size 100%:

If you want a reliable and easy way to automate patching of your Linux instances in the cloud and to keep up to date with the latest security fixes, Oracle Autonomous Linux might be the solution for you.

Autonomous Linux is a self-patching operating system image based on Oracle Linux 7. It runs automatic patch updates without the need for human interactions, which improves security, availability, and IT productivity. It automatically applies patches daily and uses Oracle Ksplice technology to apply kernel and key user space updates without the need to reboot systems.

Autonomous Linux is available for use on Oracle Cloud Infrastructure, and subscribers receive support at no additional cost.

Deploying an Autonomous Linux Instance

Deploying Autonomous Linux on Oracle Cloud Infrastructure is a quick and simple task. Sign in to your Oracle Cloud Infrastructure account in the Console, and navigate to Compute and then Instances in the main menu. Create a Linux instance, selecting the Oracle Autonomous Linux image from the list of Oracle-provided Platform Images available for deployment, and specify the network and access configurations. Click Create Instance, and in minutes, the Autonomous Linux instance is up and running.

After the instance is deployed, you can let automated patching do its daily job, providing you with hands-off OS management. In some situations, you might want to configure Autonomous Linux to notify you when updates occur, or to control when automated updates should be run. Following are some tips to help you configure such tasks.

Configuring the Automatic Update Time Window

Autonomous Linux performs automatic updates daily, if updates are available. Patches are automatically updated at a regular random time generated by Autonomous Linux within a given update time window.

The default update time window is 4 hours, and it starts 2 hours from the first boot time of the Autonomous Linux instance. The update time window is defined by a 24-hour window specification (0-24). For example, if the instance boot time was 14:10 (2:10 p.m.) or 14:55 (2:55 p.m.), the default update window for both of these cases is 16–20 (4–8 p.m.). The daily update time is then randomly generated between 4 p.m. and 8 p.m. Automatic updates are then performed at the same generated time every day.

If you prefer that automatic updates occur during a specific time frame, to suit your business and minimize the impact on systems, the latest Autonomous Linux image now includes the al-config utility. The al-config utility lets you customize the time window in which an automatic update is performed.

You can use the al-config utility as follows:

al-config -w <start_hour>-<end_hour>

The -w option specifies the time window in which the daily automatic updates can occur. The 24-hour time format applies. The start and end hour must be an integer from 0 to 23. The minimum window is 2 hours, and the maximum window is 6 hours. When this option is used, Autonomous Linux generates a fixed daily automatic update time within the specified time range.

al-config -s

The -s option shows the current automatic update time window and update time.

Here are some examples:

Configure the update time window and update time:

Copied to Clipboard
Error: Could not Copy
Copied to Clipboard
Error: Could not Copy
$ sudo al-config -w 23-4
Configured daily auto update time window(24-hour): 23-4
Configured daily auto update time(24-hour): 02:18
Created cron job file /etc/cron.d/al-update.

Show the current update time window and update time:

Copied to Clipboard
Error: Could not Copy
Copied to Clipboard
Error: Could not Copy
$ sudo al-config -s
Current daily auto update time window(24-hour): 23-4
Current daily auto update time(24-hour): 02:18

You can use this command to show when an update is scheduled to occur each day. You can check the Autonomous Linux log at /var/log/al.log or set up notifications to let you know when an update has occurred.

Setting Up Notifications

You can configure the Oracle Cloud Infrastructure Notifications service to receive email, PagerDuty, or Slack status messages from your instance when Ksplice or yum updates have been applied, or when Ksplice detects certain known exploit attempts. We recommend that you configure notifications for Autonomous Linux before creating an instance.

Here are the steps to set up notifications on Oracle Cloud Infrastructure:

  1. In the Console's navigation menu, under Solutions and Platform, select Application Integration and then select Notifications.

    Screenshot that shows the main navigation menu in the Oracle Cloud Infrastructure Console, with the Application Integration and Notifications options highlighted.

  2. Create a topic. A topic is a communication channel for sending Oracle Cloud Infrastructure messages to its subscriptions. A topic can have zero, one, or multiple subscriptions that are notified whenever a message is published to a topic.

  3. After you create the topic is created, subscribe to it by creating a subscription. Choose from the various notification protocol options.

    Screenshot that shows the Create Subscription dialog box, with the Protocol menu options: Email, Function, HTTPS, PagerDuty, and Slack.

    For example, if you choose the Email option, the email addresses that you specify receive a confirmation email. Follow the instructions in the email to authorize the receipt of notifications for the email addresses.

  4. Configure your Autonomous Linux instances for notifications either by creating a dynamic group and having the instance added to the topic automatically, or by registering the instance manually after its creation. For instructions, see Getting Started: Deploying and Configuring Oracle Autonomous Linux on Oracle Cloud Infrastructure.

Exploring on the Oracle Cloud Always Free Tier

If you’re interested in learning more about Autonomous Linux, you can deploy it and try it for free by using Oracle Cloud Always Free Tier compute resources. Always Free Tier resources don’t have expiration dates, so they’re always there for you. All you need is an Oracle Cloud Infrastructure account.

Resources

Julie Wong

Product Management Director, Oracle Linux and Virtualization


Previous Post

Oracle Cloud Free Certifications FAQ

Rohit Rahi | 5 min read

Next Post


Announcing Per-Second Billing for Compute and Autonomous Database

Phil Newman | 3 min read