Oracle Ksplice for Zero-Downtime Updates
Use Oracle Ksplice to apply critical security patches to Linux kernels on Oracle Cloud Infrastructure instances without requiring a reboot. On Oracle Linux, Ksplice also updates the glibc and OpenSSL user space libraries, applying critical security patches without disrupting workloads.
What does Ksplice update?
- The kernel with critical security patches
- glibc and OpenSSL user space libraries with critical security patches (Oracle Linux only)
Do I need to continue regular maintenance updates?
Yes, you should continue to apply updates to your entire system at regular intervals based on your organization's best practices.
Ksplice updates occur in-memory, effectively making the change immediate without a reboot. This is different than a traditional kernel update, which requires a reboot to update the system. Ksplice applies critical security patches, but there are other errata updates and bug fixes you should apply at regular intervals. See Maintaining the System for more information.
Using Oracle Ksplice
For complete documentation, see the Oracle Linux: Ksplice User's Guide.
Some information sources refer to Ksplice Uptrack clients and the
uptrack
command. You can use the ksplice
command in place of the uptrack
command to manage these clients’ updates and patches.Installing Ksplice
Do I need to install Ksplice?
Oracle Linux platform instances on Oracle Cloud Infrastructure have Ksplice already installed (unless created before August 25, 2017).
You only need to install Ksplice if using:
- Oracle Linux platform images created before August 25, 2017
- Your own Oracle Linux image (BYOI)
- Supported third party Linux distributions (CentOS/Ubuntu)
Do I need to register with ULN?
You do not need to register through ULN to use Ksplice on Oracle Cloud Infrastructure. Systems running on Oracle Cloud Infrastructure have automatic access to the Ksplice servers and all Ksplice updates.
How to install Ksplice:
- Verify your kernel version is supported. See Which Kernels are Actively Maintained with Ksplice?.
- Connect to your Linux instance using Secure Shell (SSH). See Accessing an Instance for more information.
-
Download the Ksplice installer for Oracle Cloud Infrastructure.
sudo wget -N https://www.ksplice.com/uptrack/install-uptrack-oc
-
After the script downloads, install Ksplice:
To enable the automatic installation of updates:
sudo sh install-uptrack-oc --autoinstall
If you do not want Ksplice to automatically install updates, run the script without the command-line switch:
sudo sh install-uptrack-oc
- To apply the latest Ksplice updates, see Running Ksplice.
Enabling Automatic Oracle Ksplice Updates
Oracle recommends configuring automatic Ksplice updates whenever possible.
For Oracle Autonomous Linux Instances
No additional configuration is required. Ksplice is already installed and configured by default to run automatic updates.
For Other Linux Instances
Set the value of autoinstall
to yes
in /etc/uptrack/uptrack.conf
.
Running Ksplice
To install available updates, use the ksplice upgrade
command with the -y
option. For example:
sudo ksplice -y all upgrade
If you have enabled automatic Ksplice updates, you don't need to run the upgrade command as this action is performed regularly and automatically for you. See Enabling Automatic Oracle Ksplice Updates for more information.
Getting Help with Ksplice
For comprehensive information about Ksplice, refer to the manual:
man ksplice
For more summarized help information, use:
ksplice --help
See Using Oracle Ksplice in Oracle Linux for a hands-on tutorial on using Ksplice.
Viewing Current Patch Information
To display the updates and patches that Ksplice has applied to the system:
sudo ksplice all show
The output includes the effective kernel version. If no patches had been applied, then the kernel version would match the output of the uname -r
command.
You can limit the output to display only the updates to specific subsystems. To display the effective kernel version:
sudo ksplice kernel show
Managing Ksplice Updates Using OS Management
OS Management offers the convenience of managing and configuring Ksplice updates for managed instances whether you’re running Oracle Autonomous Linux or Oracle Linux. For more information, see Managing Linux Packages.
Which Kernels are Actively Maintained with Ksplice?
Only specific kernels are actively maintained by Ksplice on Oracle Cloud Infrastructure.
For questions about supported kernels, send an email to ksplice-support_ww@oracle.com.
Actively Maintained Kernel Type |
Additional Information |
---|---|
UEK R4 starting with |
Must be version |
UEK R5 (x86_64) starting with |
|
UEK R5 (aarch64) starting with |
|
UEK R6 (x86_64) starting with |
|
UEK R6 (aarch64) starting with |
|
UEK R7 (x86_64) starting with |
|
UEK R7 (aarch64) starting with |
|
Oracle Linux 9 Red Hat Compatible Kernels (RHCK) starting with the official release. |
|
Oracle Linux 8 Red Hat Compatible Kernels (RHCK) starting with the official release. |
|
Oracle Linux 7 Red Hat Compatible Kernels (RHCK) starting with the official release. |
|
Oracle Linux 6 Red Hat Compatible Kernels (RHCK) starting with the official release. |
Must be version |
CentOS and RHEL 8 kernels starting with the official release. |
Support for CentOS Linux 8 kernels is available for online updates only. |
CentOS and RHEL 7 kernels starting with the official release. |
Support for CentOS Linux 7 kernels is available for online updates only. |
Ubuntu 20.04 Focal kernels starting with |
|
Ubuntu 18.04 Bionic kernels, starting with the official release. |
Support for Ubuntu 18.04 Bionic kernels expires April, 2023. |
Ubuntu kernels starting with |
|
Ubuntu 22.04 Jammy kernels, starting with the official release. |
More Information
- For complete Oracle Ksplice documentation, see the Oracle Linux: Ksplice User's Guide.
- You can also find more information at: