本文为了演示出效果,准备了如下的环境
操作系统:Red Hat Enterprise Linux release 8.7 (Ootpa)
内核版本:4.18.0-372.9.1.el8.x86_64
1、关于操作系统版本、内核、内核相关的软件包版本,情况如下:
[root@qq-5201351 ~]# cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) [root@qq-5201351 ~]# uname -r 4.18.0-372.9.1.el8.x86_64 [root@qq-5201351 ~]# rpm -qa |grep kernel kernel-modules-4.18.0-372.9.1.el8.x86_64 kernel-core-4.18.0-372.9.1.el8.x86_64 kernel-4.18.0-372.9.1.el8.x86_64 kernel-tools-4.18.0-372.9.1.el8.x86_64 kernel-tools-libs-4.18.0-372.9.1.el8.x86_64 [root@qq-5201351 ~]#
2、安装kpatch软件包,用于实现Kernel-Live-patching
[root@qq-5201351 ~]# dnf install kpatch Updating Subscription Management repositories. Last metadata expiration check: 0:10:11 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: kpatch noarch 0.9.7-2.el8 rhel-8-for-x86_64-baseos-rpms 18 k Installing dependencies: binutils x86_64 2.30-119.el8 rhel-8-for-x86_64-baseos-rpms 5.8 M Installing weak dependencies: kpatch-dnf noarch 0.9.7_0.4-2.el8 rhel-8-for-x86_64-baseos-rpms 19 k Transaction Summary ======================================================================================================================================== Install 3 Packages Total download size: 5.8 M Installed size: 24 M Is this ok [y/N]: y Downloading Packages: (1/3): kpatch-0.9.7-2.el8.noarch.rpm 4.5 kB/s | 18 kB 00:03 (2/3): kpatch-dnf-0.9.7_0.4-2.el8.noarch.rpm 1.7 kB/s | 19 kB 00:11 (3/3): binutils-2.30-119.el8.x86_64.rpm 410 kB/s | 5.8 MB 00:14 ---------------------------------------------------------------------------------------------------------------------------------------- Total 412 kB/s | 5.8 MB 00:14 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : kpatch-dnf-0.9.7_0.4-2.el8.noarch 1/3 Running scriptlet: kpatch-dnf-0.9.7_0.4-2.el8.noarch 1/3 To enable automatic kpatch-patch subscription, run: $ dnf kpatch auto Installing : binutils-2.30-119.el8.x86_64 2/3 Running scriptlet: binutils-2.30-119.el8.x86_64 2/3 Installing : kpatch-0.9.7-2.el8.noarch 3/3 Running scriptlet: kpatch-0.9.7-2.el8.noarch 3/3 Verifying : binutils-2.30-119.el8.x86_64 1/3 Verifying : kpatch-dnf-0.9.7_0.4-2.el8.noarch 2/3 Verifying : kpatch-0.9.7-2.el8.noarch 3/3 Installed products updated. Installed: binutils-2.30-119.el8.x86_64 kpatch-0.9.7-2.el8.noarch kpatch-dnf-0.9.7_0.4-2.el8.noarch Complete!
3、此时我们通过 kpatch list 进行查看, 内容为空,如下:
[root@qq-5201351 ~]# kpatch list Loaded patch modules: Installed patch modules: [root@qq-5201351 ~]#
4、内容为空,是因为没有设置yum kpatch 为auto, 接下来进行设置,执行yum kpatch auto 命令即可
[root@qq-5201351 ~]# yum kpatch auto Updating Subscription Management repositories. Last metadata expiration check: 0:12:14 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: kpatch-patch-4_18_0-372_9_1 x86_64 1-3.el8 rhel-8-for-x86_64-baseos-rpms 19 k Transaction Summary ======================================================================================================================================== Install 1 Package Total download size: 19 k Installed size: 32 k Is this ok [y/N]: y Downloading Packages: kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64.rpm 8.9 kB/s | 19 kB 00:02 ---------------------------------------------------------------------------------------------------------------------------------------- Total 8.9 kB/s | 19 kB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 1/1 Running scriptlet: kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 1/1 installing /usr/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko (4.18.0-372.9.1.el8.x86_64) Created symlink /etc/systemd/system/multi-user.target.wants/kpatch.service → /usr/lib/systemd/system/kpatch.service. chcon: can't apply partial context to unlabeled file '/var/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko' loading patch module: /var/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko waiting (up to 15 seconds) for patch transition to complete... transition complete (1 seconds) Verifying : kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 1/1 Installed products updated. Installed: kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 Complete! [root@qq-5201351 ~]#
5、这时,我们再通过 kpatch list 查看时就能看到关于当前运行内核的实时补丁了,因为上面在设置yum kpatch 为auto时,已经安装上了 kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64
[root@qq-5201351 ~]# kpatch list Loaded patch modules: kpatch_4_18_0_372_9_1_1_3 [enabled] Installed patch modules: kpatch_4_18_0_372_9_1_1_3 (4.18.0-372.9.1.el8.x86_64) [root@qq-5201351 ~]#
其他测试、看一下效果,此时我们升级一下当前内核到当前内核版本的后面一个新版本:
[root@qq-5201351 ~]# yum update kernel-4.18.0-372.13.1.el8_6 Updating Subscription Management repositories. Last metadata expiration check: 0:14:48 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: kernel x86_64 4.18.0-372.13.1.el8_6 rhel-8-for-x86_64-baseos-rpms 8.0 M kernel-core x86_64 4.18.0-372.13.1.el8_6 rhel-8-for-x86_64-baseos-rpms 39 M kernel-modules x86_64 4.18.0-372.13.1.el8_6 rhel-8-for-x86_64-baseos-rpms 32 M kpatch-patch-4_18_0-372_13_1 x86_64 1-2.el8_6 rhel-8-for-x86_64-baseos-rpms 17 k Transaction Summary ======================================================================================================================================== Install 4 Packages Total download size: 79 M Installed size: 92 M Is this ok [y/N]: y Downloading Packages: (1/4): kernel-4.18.0-372.13.1.el8_6.x86_64.rpm 176 kB/s | 8.0 MB 00:46 (2/4): kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64.rpm 35 kB/s | 17 kB 00:00 (3/4): kernel-core-4.18.0-372.13.1.el8_6.x86_64.rpm 658 kB/s | 39 MB 01:01 (4/4): kernel-modules-4.18.0-372.13.1.el8_6.x86_64.rpm 417 kB/s | 32 MB 01:17 ---------------------------------------------------------------------------------------------------------------------------------------- Total 1.0 MB/s | 79 MB 01:17 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : kernel-core-4.18.0-372.13.1.el8_6.x86_64 1/4 Running scriptlet: kernel-core-4.18.0-372.13.1.el8_6.x86_64 1/4 Installing : kernel-modules-4.18.0-372.13.1.el8_6.x86_64 2/4 Running scriptlet: kernel-modules-4.18.0-372.13.1.el8_6.x86_64 2/4 Installing : kernel-4.18.0-372.13.1.el8_6.x86_64 3/4 Installing : kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 Running scriptlet: kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 installing /usr/lib/kpatch/4.18.0-372.13.1.el8_6.x86_64/kpatch-4_18_0-372_13_1-1-2.ko (4.18.0-372.13.1.el8_6.x86_64) chcon: can't apply partial context to unlabeled file '/var/lib/kpatch/4.18.0-372.13.1.el8_6.x86_64/kpatch-4_18_0-372_13_1-1-2.ko' Running scriptlet: kernel-core-4.18.0-372.13.1.el8_6.x86_64 4/4 /etc/dracut.conf.d/xen.conf:add_drivers+="xen_netfront xen_blkfront " dracut: WARNING: <key>+=" <values> ": <values> should have surrounding white spaces! dracut: WARNING: This will lead to unwanted side effects! Please fix the configuration file. Running scriptlet: kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 Verifying : kernel-modules-4.18.0-372.13.1.el8_6.x86_64 1/4 Verifying : kernel-4.18.0-372.13.1.el8_6.x86_64 2/4 Verifying : kernel-core-4.18.0-372.13.1.el8_6.x86_64 3/4 Verifying : kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 Installed products updated. Installed: kernel-4.18.0-372.13.1.el8_6.x86_64 kernel-core-4.18.0-372.13.1.el8_6.x86_64 kernel-modules-4.18.0-372.13.1.el8_6.x86_64 kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 Complete! [root@qq-5201351 ~]#
这时我们再查看kpatch list 还是只开启了当前内核的热补丁
[root@qq-5201351 ~]# kpatch list Loaded patch modules: kpatch_4_18_0_372_9_1_1_3 [enabled] Installed patch modules: kpatch_4_18_0_372_13_1_1_2 (4.18.0-372.13.1.el8_6.x86_64) kpatch_4_18_0_372_9_1_1_3 (4.18.0-372.9.1.el8.x86_64) [root@qq-5201351 ~]# yum kpatch auto Updating Subscription Management repositories. Last metadata expiration check: 0:18:11 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. Nothing to do. Complete! [root@qq-5201351 ~]#
当然只要不重启OS,当前的内核版本、始终都还是之前运行的内核版本
[root@qq-5201351 ~]# uname -r 4.18.0-372.9.1.el8.x86_64 [root@qq-5201351 ~]#
尊重别人的劳动成果 转载请务必注明出处:https://www.cnblogs.com/5201351/p/17519097.html