In my network I have some Rocky Linux and Ubuntu servers, Ubuntu servers have Livepatch, by livepatch you do need reboot servers after some upgrade like kernel.
I need something like that for my Rocky Linux servers
dnf install kpatch
Yes, but when you do reboot months later, how do you know it will still work?
There are more than just kernel, whose updates may require reboot. See Identify packages that will require a system reboot after an update - Red Hat Customer Portal
The kpatch is only for kernel, isn’t it?
IMHO, an uninterruptible service should be on HA-platform that allows reboot and even reinstall of its legs. (Disclaimer: I don’t have such services or platforms, so my opinion is academic.)
1 Like
According to Ubuntu, livepatch is also just for the kernel, so the equivalent in EL world would be kpatch. He hasn’t posted what else he’s trying to achieve other than the same as livepatch. And @jlehtone is correct, there are other services that require restarting/reboot of the server it’s not just related to the kernel. Sure, you can manually restart a load of them yourself, but there are some that may not behave properly until a full reboot has been made. I personally haven’t experienced problems with this, I just update and then reboot when it’s convenient when I know the server isn’t being used or not used much (eg: in the evening).
Totally agree with this. If you need something to be active all the time, then you should be running in HA. That way, whilst you reboot one machine, the app is still active on the other node(s). You can then in turn reboot each node once the previous node has started. Thus, no downtime would be experienced.
That adds dnf-kpatch as well to manually or automatically install patch-packages. Manual installation is through “dnf kpatch install”. But it doesn’t find (?) a patch-package for a recent kernel-upgrade. Are they located in an additional repo that needs to be enabled? Or are no patch-packages generated for rocky-kernels maybe?
By installing kpatch, it also installs kpatch-dnf. There is no command like you suggest, so no idea where you got that from. See below:
Files included in both those packages:
root@kvm:~# rpm -ql kpatch
/usr/lib/systemd/system/kpatch.service
/usr/sbin/kpatch
/usr/share/man/man1/kpatch.1.gz
/var/lib/kpatch
root@kvm:~# rpm -ql kpatch-dnf
/etc/dnf/plugins/kpatch.conf
/usr/lib/python3.9/site-packages/dnf-plugins/__pycache__
/usr/lib/python3.9/site-packages/dnf-plugins/__pycache__/kpatch.cpython-39.opt-1.pyc
/usr/lib/python3.9/site-packages/dnf-plugins/__pycache__/kpatch.cpython-39.pyc
/usr/lib/python3.9/site-packages/dnf-plugins/kpatch.py
/usr/share/man/man8/dnf.kpatch.8.gz
As we can see, a systemd script exists in the first package, so it means that service takes care of everything, so now let’s enable and start that service:
root@kvm:~# systemctl enable kpatch
Created symlink /etc/systemd/system/multi-user.target.wants/kpatch.service → /usr/lib/systemd/system/kpatch.service.
root@kvm:~# systemctl start kpatch
Let’s check the status of it:
root@kvm:~# systemctl status kpatch
â—Ź kpatch.service - "Apply kpatch kernel patches"
Loaded: loaded (/usr/lib/systemd/system/kpatch.service; enabled; preset: disabled)
Active: active (exited) since Wed 2025-02-19 17:14:03 CET; 3s ago
Process: 322146 ExecStart=/usr/sbin/kpatch load --all (code=exited, status=0/SUCCESS)
Main PID: 322146 (code=exited, status=0/SUCCESS)
CPU: 18ms
Feb 19 17:14:03 kvm systemd[1]: Starting "Apply kpatch kernel patches"...
Feb 19 17:14:03 kvm systemd[1]: Finished "Apply kpatch kernel patches".
and that’s all you need to do.