Re: Kernel Live Patching

On Thursday 28 June 2018 09:23:43 Aleksey Kravchenko wrote:

> Hi.
> Is there a free alternative to ksplce / livepatch / kernelcare for
> debian systems? We're interested in the complete solution when we
> install the agent on the server and the agent upgrades the system by
> itself. Thank you.

Given the history of ksplice, and my innate paranoia, I don't have a pole 
long enough to reach it. You shouldn't either.  I have a mental picture 
of the keys to whatever merchandising operation you may be involved in, 
hanging on a nail beside the front door.

If something is patched and a reboot is needed to make it 100% 
functional, and you can't stand the thought of 2 minutes downtime while 
its rebooting, its time to mirror your app to a second machine and 
configure an automatic failover. There are some OS's that can do that, 
QNX comes to mind, but they aren't free. Even the QNX microkernel has a 
dead time of 15 or 20 seconds for a full reload of everything else.

I think the applicable keyword here is TANSTAAFL. Its a universal law, 
and there are no shortcuts around it.  IOW, if you think the lunch is 
free, check the price of the beer.

Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>