Results 1 to 3 of 3

Thread: Using Live Patching with SUSE Manager 3.x

Hybrid View

  1. #1

    Using Live Patching with SUSE Manager 3.x

    Anyone using Live Patching with SUSE Manager?
    I've noticed that if I add the LP repos, install the add-on, and patch the kernel, SUSE Manager will report "The system requires a reboot", although "zypper ps" shows no issues, and the "kgr" tool shows the patch(es) applied, and no problems. The latter two would make me think there is no need for a reboot. I'm wondering if SUSE Manager is just saying that a reboot is required, because those patches are flagged as patches that require a reboot (if not applied with KGraft).
    Does anyone know how it determines when it displays that message?
    I'm thinking the client system is just fine, and that SUSE Manager just thinks it needs a reboot, based on the fact that the patch would need a reboot if not applied with KGraft. However, I can't find confirmation of my theory. I would have thought by now that SUSE Manager would be able to detect Live Patching.
    It is my understanding from the documentation that Live patches shouldn't have a reboot icon. I notice that the only patches available do.
    (I added a new SLES 12 SP3 system, and I find four kernel patches - all have the reboot icon).
    Also, if it is relevant, I am still managing systems the RHN/Spacewalk way (they are not Salt minions).

    Ideas?
    Thanks.
    Allen B.

  2. #2

    Re: Using Live Patching with SUSE Manager 3.x

    On 27/10/17 05:44, linuxmoose wrote:

    > Anyone using Live Patching with SUSE Manager?
    > I've noticed that if I add the LP repos, install the add-on, and patch
    > the kernel, SUSE Manager will report "The system requires a reboot",
    > although "zypper ps" shows no issues, and the "kgr" tool shows the
    > patch(es) applied, and no problems. The latter two would make me think
    > there is no need for a reboot. I'm wondering if SUSE Manager is just
    > saying that a reboot is required, because those patches are flagged as
    > patches that require a reboot (if not applied with KGraft).
    > Does anyone know how it determines when it displays that message?
    > I'm thinking the client system is just fine, and that SUSE Manager just
    > thinks it needs a reboot, based on the fact that the patch would need a
    > reboot if not applied with KGraft. However, I can't find confirmation
    > of my theory. I would have thought by now that SUSE Manager would be
    > able to detect Live Patching.
    > It is my understanding from the documentation that Live patches
    > shouldn't have a reboot icon. I notice that the only patches available
    > do.


    That is my understanding too as per the first note in section 11.7 of
    the SUSE Manager 3.1 Best Practices at
    https://www.suse.com/documentation/s...ctices_31.html

    --begin--
    IMPORTANT: Reboot Icon

    Normal or non-live kernel patches always require a reboot. In SUSE
    Manager these are represented by a Reboot Required icon located next to
    the Security shield icon.
    ---end---

    > (I added a new SLES 12 SP3 system, and I find four kernel patches - all
    > have the reboot icon).
    > Also, if it is relevant, I am still managing systems the RHN/Spacewalk
    > way (they are not Salt minions).


    I wonder if this is the issue ... ? Section 11.3 of same docs suggest
    that a Salt highstate needs to be applied to enable live patching. In
    SUSE Manager does your SP3 system show live patching has been enabled?
    See System Info > Kernel field.

    > Ideas?


    Hopefully someone from SUSE will soon drop by and can clarify things.

    HTH.
    --
    Simon
    SUSE Knowledge Partner

    ------------------------------------------------------------------------
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.
    ------------------------------------------------------------------------

  3. #3

    Re: Using Live Patching with SUSE Manager 3.x

    So, yes it does show up under "installed products". I tried registering a freshly installed/unpatched SP2 system with Salt (I'm still doing the spacewalk/rhn method), applied the highstate, and get the same result.
    SUSE Manager all shows the kernel patches are requiring a reboot.
    "zypper lp" also shows a reboot required
    "you" seems to show things correctly. I see the kernel "live patch 1", 2, etc...as I would expect.

    Allen B.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •