Web lists-archives.com

Re: Kernel Live Patching




On Thursday 28 June 2018 09:23:43 Aleksey Kravchenko wrote:

> Hi.
> Is there a free alternative to ksplce / livepatch / kernelcare for
> debian systems? We're interested in the complete solution when we
> install the agent on the server and the agent upgrades the system by
> itself. Thank you.

Given the history of ksplice, and my innate paranoia, I don't have a pole 
long enough to reach it. You shouldn't either.  I have a mental picture 
of the keys to whatever merchandising operation you may be involved in, 
hanging on a nail beside the front door.

If something is patched and a reboot is needed to make it 100% 
functional, and you can't stand the thought of 2 minutes downtime while 
its rebooting, its time to mirror your app to a second machine and 
configure an automatic failover. There are some OS's that can do that, 
QNX comes to mind, but they aren't free. Even the QNX microkernel has a 
dead time of 15 or 20 seconds for a full reload of everything else.

I think the applicable keyword here is TANSTAAFL. Its a universal law, 
and there are no shortcuts around it.  IOW, if you think the lunch is 
free, check the price of the beer.

-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>