UNIX® machines run and run (and run). A desktop or portable system can be left on for weeks, even months, and server uptime can stretch to a year or more. Indeed, if you could preclude hardware failures and Mother Nature, a UNIX system might run perpetually. Alas, hardware is imperfect, Mother Nature has a mind of her own, and software suffers from bugs. The gear requires replacement. Thunderstorms can and do happen. And systems require patches and restarts. Much like death and taxes, downtime is a certainty.
However, unlike death and taxes, you can minimize downtime. Proactive and regular system maintenance and hot spares boost availability, as does a robust data center replete with backup power and redundant connections to the Internet. Thankfully, too, most applications and libraries can be updated seamlessly and on demand using tools such as rpm, Aptitude, and yum.
Unfortunately, kernel updates—modifications to address vulnerabilities and flaws in the core system software—aren’t so painless. A kernel update is very disruptive, requiring scheduled downtime to temporarily halt all services on each and every machine affected. Although such upkeep is necessary and vital, keeping pace with kernel updates can nonetheless make operations something akin to a yo-yo. To wit, the time lines in Figure 1 show the frequency of critical kernel updates for a number of popular operating systems between January 2009 and February 2010. Each cycle icon represents a mandatory restart (image courtesy of Ksplice, Inc.).
Figure 1. Frequency of kernel updates by operating system
But now, you can patch your kernel as it runs, eliminating the otherwise wholesale interruption caused by a restart. In other words, scheduled upgrades no longer require a schedule.
Ksplice is a set of tools to patch the kernel in situ, as it’s running—no reboot required. Given an existing kernel, its source code, and one or more unified diff files (a unified diff is the canonical form for kernel patches), Ksplice replaces existing, errant object code in the resident kernel with new object code. Ksplice can replace both program code and data structures. Better yet, a kernel splice interrupts normal system operation for a mere fraction of a millisecond, leaving daemons, processes, and connections intact.
Let’s look briefly at how Ksplice works and learn how to use its tools to keep a kernel up to date. There are three ways to use Ksplice:
- Graphical user interface (GUI)
- Equivalent, high-level command-line utilities
- Raw Ksplice tools (if you have the source to your kernel)
An Ubuntu version 9.04 or version 9.10 user, for example, can download and install a point-and-click application to choose and apply kernel modifications. All three variants of Ksplice are introduced here.