Anyone using Live Patching with SUSE Manager?
I’ve noticed that if I add the LP repos, install the add-on, and patch the kernel, SUSE Manager will report “The system requires a reboot”, although “zypper ps” shows no issues, and the “kgr” tool shows the patch(es) applied, and no problems. The latter two would make me think there is no need for a reboot. I’m wondering if SUSE Manager is just saying that a reboot is required, because those patches are flagged as patches that require a reboot (if not applied with KGraft).
Does anyone know how it determines when it displays that message?
I’m thinking the client system is just fine, and that SUSE Manager just thinks it needs a reboot, based on the fact that the patch would need a reboot if not applied with KGraft. However, I can’t find confirmation of my theory. I would have thought by now that SUSE Manager would be able to detect Live Patching.
It is my understanding from the documentation that Live patches shouldn’t have a reboot icon. I notice that the only patches available do.
(I added a new SLES 12 SP3 system, and I find four kernel patches - all have the reboot icon).
Also, if it is relevant, I am still managing systems the RHN/Spacewalk way (they are not Salt minions).
Ideas?
Thanks.
Allen B.
On 27/10/17 05:44, linuxmoose wrote:
[color=blue]
Anyone using Live Patching with SUSE Manager?
I’ve noticed that if I add the LP repos, install the add-on, and patch
the kernel, SUSE Manager will report “The system requires a reboot”,
although “zypper ps” shows no issues, and the “kgr” tool shows the
patch(es) applied, and no problems. The latter two would make me think
there is no need for a reboot. I’m wondering if SUSE Manager is just
saying that a reboot is required, because those patches are flagged as
patches that require a reboot (if not applied with KGraft).
Does anyone know how it determines when it displays that message?
I’m thinking the client system is just fine, and that SUSE Manager just
thinks it needs a reboot, based on the fact that the patch would need a
reboot if not applied with KGraft. However, I can’t find confirmation
of my theory. I would have thought by now that SUSE Manager would be
able to detect Live Patching.
It is my understanding from the documentation that Live patches
shouldn’t have a reboot icon. I notice that the only patches available
do.[/color]
That is my understanding too as per the first note in section 11.7 of
the SUSE Manager 3.1 Best Practices at
https://www.suse.com/documentation/suse-manager-3/book_suma_best_practices_31/data/sect1_24_chapter_book_suma_best_practices_31.html
–begin–
IMPORTANT: Reboot Icon
Normal or non-live kernel patches always require a reboot. In SUSE
Manager these are represented by a Reboot Required icon located next to
the Security shield icon.
—end—
[color=blue]
(I added a new SLES 12 SP3 system, and I find four kernel patches - all
have the reboot icon).
Also, if it is relevant, I am still managing systems the RHN/Spacewalk
way (they are not Salt minions).[/color]
I wonder if this is the issue … ? Section 11.3 of same docs suggest
that a Salt highstate needs to be applied to enable live patching. In
SUSE Manager does your SP3 system show live patching has been enabled?
See System Info > Kernel field.
[color=blue]
Ideas?[/color]
Hopefully someone from SUSE will soon drop by and can clarify things.
HTH.
Simon
SUSE Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
So, yes it does show up under “installed products”. I tried registering a freshly installed/unpatched SP2 system with Salt (I’m still doing the spacewalk/rhn method), applied the highstate, and get the same result.
SUSE Manager all shows the kernel patches are requiring a reboot.
“zypper lp” also shows a reboot required
“you” seems to show things correctly. I see the kernel “live patch 1”, 2, etc…as I would expect.
Allen B.