[GTALUG] server questions - - help needed

Jamon Camisso jamon.camisso at utoronto.ca
Mon Jun 4 07:53:39 EDT 2018


On 03/06/18 20:05, Clifford Ilkay via talk wrote:
> By the way, I don't understand why long up times are considered to be some
> sort of badge of honour. If you're doing regular updates even with very
> conservative distributions, like CentOS or Debian stable, you're going to
> have to reboot your server due to kernel updates at least every few months.

There are a few kernel hot fix tools out there to address this.

Canonical offer canonical-livepatch: https://www.ubuntu.com/server/livepatch

SuSE has kGraft: https://www.suse.com/products/live-patching/

RedHat develops kpatch: https://access.redhat.com/articles/2475321 - I'm
not sure how they distribute patches.

Oracle bought ksplice: http://ksplice.oracle.com/

Shameless self-promotion - I think ours is the easiest to setup - snap
install, livepatch enable and you're all set. That and you get 3 tokens
free whereas all the other offerings seem to require paid subscriptions.

You can get a $0 ksplice license for a single desktop system I think,
but other than that, Oracle seem to only support their own Linux with it
now.

None of these helped with spectre/meltdown but for any other patches
that I've seen, patches just happen. These tools give more flexibility
in terms of planning infrastructure reboots while keeping systems stable
and secure. I highly recommend running one!

Cheers, Jamon


More information about the talk mailing list