SUSE gets live patching

Using SUSE Linux means never having to say 'reboot'.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

I have a SUSE Linux box in my server room. It's been running non-stop since 2012.

SUSE Linux Enterprise Live Patching's kGraft uses a variety of techniques, including read-copy update (RCU), to enable a server to have a critical patch made without stopping it.

That's Linux. It doesn't tend to break down, and you usually don't need to reboot it when you patch it. Usually.

Sometimes — not often, but sometimes — critical patches do require a reboot. But Linux developers have been working on fixing that, too. Today, Oracle Linux uses Ksplice to avoid rebooting. However, Ksplice code, while open-source software, hasn't been updated since 2011. It's also covered by some Oracle patents. In practice, Oracle Linux is the only major distribution using Ksplice at this time.

SUSE, however, with its announcement of SUSE Linux Enterprise Live Patching, uses open-source kGraft to make critical patches while the system continues to run. KGraft is licensed under the GPLv2. With it, you'll be able to make one critical package update after another without rebooting or even a system interruption.

KGraft uses a variety of techniques to enable the Linux kernel to continue running while changes are made. The project is being pushed upstream into the Linux kernel, so eventually, it will be present in all Linux distributions.

Red Hat is working on a purely open-source project, kpatch, which will also make it possible to patch Linux without rebooting.

"In addition to increasing service availability by updating critical kernel patches without rebooting, and reducing the need for planned downtime by patching frequently, SUSE Linux Enterprise Live Patching preserves security and stability by applying up-to-date patches," said Matthias Eckermann, SUSE Linux's senior product manager, in a statement. "It's a fully open-source solution that features zero-interruption interaction with the system and a familiar deployment method. It's ideal for mission-critical systems, in-memory databases, extended simulations, or quick fixes in a large server farm."

For now, the only commercial release supporting kGraft is the x86_64 version of SUSE Linux Enterprise Server (SLES) 12. It will be coming to other versions soon. To deploy and use it today, SUSE customers must have a corresponding SLES 12 Priority Support subscription and Primary or Designated Support Engineer service from SUSE.

If your servers are built on SLES, this is a no-brainer. Get it now. It will save your bacon when you most need it. Because, as all sysadmins know, even the most stable of systems always choose the worst possible times to go casters up.

Related stories:

Editorial standards