X

A Bridge to the Cloud...

Oracle VM 3.4: using Oracle Ksplice on Oracle VM Server (dom0)

Simon Coter
Senior Manager, Oracle Linux and Virtualization Product Management

Oracle Ksplice is now available also for Oracle VM Server dom0.
 

This very interesting and cool utility, available on Oracle
Linux from years, is now ready and able to work also on Oracle VM Server dom0.

Thanks to Oracle Ksplice we can now install dom0 Kernel security
updates without any need to reboot and, so, without any kind of impact to the
VMs running on top; we perfectly know that on Oracle VM we can also
live-migrate VMs.....but, maybe, applying security updates without migrating
tens or hundreds of VMs is much faster.

On this blog-article you can see a brief overview on
how-to configure and use Ksplice for Oracle VM Server dom0.

 

To enable Ksplice on Oracle VM Server a “key access” is needed
and, the same, can be obtained on www.ksplice.com
website with your own account.

 

  • Download the install
    script on your Oracle VM Server (in case needed, export proxy environment
    variables to get access to ksplice.com website) 
#
wget -N https://www.ksplice.com/uptrack/install-uptrack

 

 

  • Run the install script downloaded with proper Ksplice key on
    Oracle VM Server dom0.
# sh install-uptrack <your_ksplice_key>

 

  • Once the “uptrack” utilities have been installed, the
    installation will show possible updates available for the running kernel, as
    you can see in the picture below:

 

 

  • By executing “uptrack-upgrade -y” we can install all the
    security updates (CVE and others)

# uptrack-upgrade -y

 

  • At the end of the installation you’ll see the
    effective kernel running on dom0

 

By executing commands like “uname” and “uptrack-uname” you can
check the installed kernel release and the effective kernel running

# uname -r

# uptrack-uname -r

Once we completed the installation of kernel security updates by
Ksplice, obviously, without rebooting the Oracle VM Server dom0, it’s also
always suggested to keep the system updated for possible future reboots of the
system

# yum-update -y

So, by “yum” we also keep a consistent
relation between the updated running Kernel, managed by Ksplice, and the possible kernel that will
be picked-up in case of reboots. It's important to know that Ksplice will apply security updates also while rebooting but if the number of updates is too high you should have to wait much more time than expected.

 

  • Further interesting option, granted by Ksplice, is the
    possibility to rollback each single security update whenever needed, by "uptrack-remove"

# uptrack-remove olkujtvy

# uptrack-remove irrigrao

And as you can see in the picture above, now
the effective kernel moved from .28 to .27

 

  • By the website interface available on www.ksplice.com you can always evaluate
    updated status of your systems by one unqiue interface

 

For further information on Ksplice and Oracle
VM:

 

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.