Re: Kernel Live Patching
- Date: Thu, 28 Jun 2018 10:53:58 -0400
- From: Gene Heskett <gheskett@xxxxxxxxxxx>
- Subject: Re: Kernel Live Patching
On Thursday 28 June 2018 09:23:43 Aleksey Kravchenko wrote:
> Is there a free alternative to ksplce / livepatch / kernelcare for
> debian systems? We're interested in the complete solution when we
> install the agent on the server and the agent upgrades the system by
> itself. Thank you.
Given the history of ksplice, and my innate paranoia, I don't have a pole
long enough to reach it. You shouldn't either. I have a mental picture
of the keys to whatever merchandising operation you may be involved in,
hanging on a nail beside the front door.
If something is patched and a reboot is needed to make it 100%
functional, and you can't stand the thought of 2 minutes downtime while
its rebooting, its time to mirror your app to a second machine and
configure an automatic failover. There are some OS's that can do that,
QNX comes to mind, but they aren't free. Even the QNX microkernel has a
dead time of 15 or 20 seconds for a full reload of everything else.
I think the applicable keyword here is TANSTAAFL. Its a universal law,
and there are no shortcuts around it. IOW, if you think the lunch is
free, check the price of the beer.
Cheers, Gene Heskett
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>