关于Linux-Kernel-Live-patching-的操作效果演示-kpatch auto-配置
Posted on 2023-07-01 12:01 520_1351 阅读(282) 评论(0) 编辑 收藏 举报本文为了演示出效果,准备了如下的环境
操作系统:Red Hat Enterprise Linux release 8.7 (Ootpa)
内核版本:4.18.0-372.9.1.el8.x86_64
1、关于操作系统版本、内核、内核相关的软件包版本,情况如下:
[root@qq-5201351 ~]# cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) [root@qq-5201351 ~]# uname -r 4.18.0-372.9.1.el8.x86_64 [root@qq-5201351 ~]# rpm -qa |grep kernel kernel-modules-4.18.0-372.9.1.el8.x86_64 kernel-core-4.18.0-372.9.1.el8.x86_64 kernel-4.18.0-372.9.1.el8.x86_64 kernel-tools-4.18.0-372.9.1.el8.x86_64 kernel-tools-libs-4.18.0-372.9.1.el8.x86_64 [root@qq-5201351 ~]#
2、安装kpatch软件包,用于实现Kernel-Live-patching
[root@qq-5201351 ~]# dnf install kpatch Updating Subscription Management repositories. Last metadata expiration check: 0:10:11 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: kpatch noarch 0.9.7-2.el8 rhel-8-for-x86_64-baseos-rpms 18 k Installing dependencies: binutils x86_64 2.30-119.el8 rhel-8-for-x86_64-baseos-rpms 5.8 M Installing weak dependencies: kpatch-dnf noarch 0.9.7_0.4-2.el8 rhel-8-for-x86_64-baseos-rpms 19 k Transaction Summary ======================================================================================================================================== Install 3 Packages Total download size: 5.8 M Installed size: 24 M Is this ok [y/N]: y Downloading Packages: (1/3): kpatch-0.9.7-2.el8.noarch.rpm 4.5 kB/s | 18 kB 00:03 (2/3): kpatch-dnf-0.9.7_0.4-2.el8.noarch.rpm 1.7 kB/s | 19 kB 00:11 (3/3): binutils-2.30-119.el8.x86_64.rpm 410 kB/s | 5.8 MB 00:14 ---------------------------------------------------------------------------------------------------------------------------------------- Total 412 kB/s | 5.8 MB 00:14 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : kpatch-dnf-0.9.7_0.4-2.el8.noarch 1/3 Running scriptlet: kpatch-dnf-0.9.7_0.4-2.el8.noarch 1/3 To enable automatic kpatch-patch subscription, run: $ dnf kpatch auto Installing : binutils-2.30-119.el8.x86_64 2/3 Running scriptlet: binutils-2.30-119.el8.x86_64 2/3 Installing : kpatch-0.9.7-2.el8.noarch 3/3 Running scriptlet: kpatch-0.9.7-2.el8.noarch 3/3 Verifying : binutils-2.30-119.el8.x86_64 1/3 Verifying : kpatch-dnf-0.9.7_0.4-2.el8.noarch 2/3 Verifying : kpatch-0.9.7-2.el8.noarch 3/3 Installed products updated. Installed: binutils-2.30-119.el8.x86_64 kpatch-0.9.7-2.el8.noarch kpatch-dnf-0.9.7_0.4-2.el8.noarch Complete!
3、此时我们通过 kpatch list 进行查看, 内容为空,如下:
[root@qq-5201351 ~]# kpatch list Loaded patch modules: Installed patch modules: [root@qq-5201351 ~]#
4、内容为空,是因为没有设置yum kpatch 为auto, 接下来进行设置,执行yum kpatch auto 命令即可
[root@qq-5201351 ~]# yum kpatch auto Updating Subscription Management repositories. Last metadata expiration check: 0:12:14 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: kpatch-patch-4_18_0-372_9_1 x86_64 1-3.el8 rhel-8-for-x86_64-baseos-rpms 19 k Transaction Summary ======================================================================================================================================== Install 1 Package Total download size: 19 k Installed size: 32 k Is this ok [y/N]: y Downloading Packages: kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64.rpm 8.9 kB/s | 19 kB 00:02 ---------------------------------------------------------------------------------------------------------------------------------------- Total 8.9 kB/s | 19 kB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 1/1 Running scriptlet: kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 1/1 installing /usr/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko (4.18.0-372.9.1.el8.x86_64) Created symlink /etc/systemd/system/multi-user.target.wants/kpatch.service → /usr/lib/systemd/system/kpatch.service. chcon: can't apply partial context to unlabeled file '/var/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko' loading patch module: /var/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko waiting (up to 15 seconds) for patch transition to complete... transition complete (1 seconds) Verifying : kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 1/1 Installed products updated. Installed: kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64 Complete! [root@qq-5201351 ~]#
5、这时,我们再通过 kpatch list 查看时就能看到关于当前运行内核的实时补丁了,因为上面在设置yum kpatch 为auto时,已经安装上了 kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64
[root@qq-5201351 ~]# kpatch list Loaded patch modules: kpatch_4_18_0_372_9_1_1_3 [enabled] Installed patch modules: kpatch_4_18_0_372_9_1_1_3 (4.18.0-372.9.1.el8.x86_64) [root@qq-5201351 ~]#
其他测试、看一下效果,此时我们升级一下当前内核到当前内核版本的后面一个新版本:
[root@qq-5201351 ~]# yum update kernel-4.18.0-372.13.1.el8_6 Updating Subscription Management repositories. Last metadata expiration check: 0:14:48 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. ======================================================================================================================================== Package Architecture Version Repository Size ======================================================================================================================================== Installing: kernel x86_64 4.18.0-372.13.1.el8_6 rhel-8-for-x86_64-baseos-rpms 8.0 M kernel-core x86_64 4.18.0-372.13.1.el8_6 rhel-8-for-x86_64-baseos-rpms 39 M kernel-modules x86_64 4.18.0-372.13.1.el8_6 rhel-8-for-x86_64-baseos-rpms 32 M kpatch-patch-4_18_0-372_13_1 x86_64 1-2.el8_6 rhel-8-for-x86_64-baseos-rpms 17 k Transaction Summary ======================================================================================================================================== Install 4 Packages Total download size: 79 M Installed size: 92 M Is this ok [y/N]: y Downloading Packages: (1/4): kernel-4.18.0-372.13.1.el8_6.x86_64.rpm 176 kB/s | 8.0 MB 00:46 (2/4): kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64.rpm 35 kB/s | 17 kB 00:00 (3/4): kernel-core-4.18.0-372.13.1.el8_6.x86_64.rpm 658 kB/s | 39 MB 01:01 (4/4): kernel-modules-4.18.0-372.13.1.el8_6.x86_64.rpm 417 kB/s | 32 MB 01:17 ---------------------------------------------------------------------------------------------------------------------------------------- Total 1.0 MB/s | 79 MB 01:17 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : kernel-core-4.18.0-372.13.1.el8_6.x86_64 1/4 Running scriptlet: kernel-core-4.18.0-372.13.1.el8_6.x86_64 1/4 Installing : kernel-modules-4.18.0-372.13.1.el8_6.x86_64 2/4 Running scriptlet: kernel-modules-4.18.0-372.13.1.el8_6.x86_64 2/4 Installing : kernel-4.18.0-372.13.1.el8_6.x86_64 3/4 Installing : kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 Running scriptlet: kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 installing /usr/lib/kpatch/4.18.0-372.13.1.el8_6.x86_64/kpatch-4_18_0-372_13_1-1-2.ko (4.18.0-372.13.1.el8_6.x86_64) chcon: can't apply partial context to unlabeled file '/var/lib/kpatch/4.18.0-372.13.1.el8_6.x86_64/kpatch-4_18_0-372_13_1-1-2.ko' Running scriptlet: kernel-core-4.18.0-372.13.1.el8_6.x86_64 4/4 /etc/dracut.conf.d/xen.conf:add_drivers+="xen_netfront xen_blkfront " dracut: WARNING: <key>+=" <values> ": <values> should have surrounding white spaces! dracut: WARNING: This will lead to unwanted side effects! Please fix the configuration file. Running scriptlet: kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 Verifying : kernel-modules-4.18.0-372.13.1.el8_6.x86_64 1/4 Verifying : kernel-4.18.0-372.13.1.el8_6.x86_64 2/4 Verifying : kernel-core-4.18.0-372.13.1.el8_6.x86_64 3/4 Verifying : kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 4/4 Installed products updated. Installed: kernel-4.18.0-372.13.1.el8_6.x86_64 kernel-core-4.18.0-372.13.1.el8_6.x86_64 kernel-modules-4.18.0-372.13.1.el8_6.x86_64 kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64 Complete! [root@qq-5201351 ~]#
这时我们再查看kpatch list 还是只开启了当前内核的热补丁
[root@qq-5201351 ~]# kpatch list Loaded patch modules: kpatch_4_18_0_372_9_1_1_3 [enabled] Installed patch modules: kpatch_4_18_0_372_13_1_1_2 (4.18.0-372.13.1.el8_6.x86_64) kpatch_4_18_0_372_9_1_1_3 (4.18.0-372.9.1.el8.x86_64) [root@qq-5201351 ~]# yum kpatch auto Updating Subscription Management repositories. Last metadata expiration check: 0:18:11 ago on Fri 30 Jun 2023 03:18:03 PM CST. Dependencies resolved. Nothing to do. Complete! [root@qq-5201351 ~]#
这里可以看到当前 Loaded patch modules 里,还是当前运行内核版本的热补丁模块,但上面我们升级内核时,其实也已经安装了新版本内核的热补丁模块
但不会被Load, 因为只会加载开启当前运行内核的热补丁,笔者测试重启OS后,再通过kpatch list 查看就能看到新版本的内核热补丁就会出现在Loaded patch modules 当中了
当然只要不重启OS,当前的内核版本、始终都还是之前运行的内核版本
[root@qq-5201351 ~]# uname -r 4.18.0-372.9.1.el8.x86_64 [root@qq-5201351 ~]#
最后也附上关于 4.18.0-372 版本的内核Kernel 与 kpatch-patch 的版本情况,先是内核版本
kernel.x86_64 4.18.0-372.9.1.el8 rhel-8-for-x86_64-baseos-rpms kernel.x86_64 4.18.0-372.13.1.el8_6 rhel-8-for-x86_64-baseos-rpms kernel.x86_64 4.18.0-372.16.1.el8_6 rhel-8-for-x86_64-baseos-rpms kernel.x86_64 4.18.0-372.19.1.el8_6 rhel-8-for-x86_64-baseos-rpms kernel.x86_64 4.18.0-372.26.1.el8_6 rhel-8-for-x86_64-baseos-rpms kernel.x86_64 4.18.0-372.32.1.el8_6 rhel-8-for-x86_64-baseos-rpms
然后也附上4.18.0-372 版本的 kpatch-patch的小版本
kpatch-patch-4_18_0-372_9_1.x86_64 1-3.el8 rhel-8-for-x86_64-baseos-rpms kpatch-patch-4_18_0-372_13_1.x86_64 1-2.el8_6 rhel-8-for-x86_64-baseos-rpms kpatch-patch-4_18_0-372_16_1.x86_64 1-2.el8_6 rhel-8-for-x86_64-baseos-rpms kpatch-patch-4_18_0-372_19_1.x86_64 1-1.el8_6 rhel-8-for-x86_64-baseos-rpms kpatch-patch-4_18_0-372_26_1.x86_64 1-1.el8_6 rhel-8-for-x86_64-baseos-rpms kpatch-patch-4_18_0-372_32_1.x86_64 0-0.el8_6 rhel-8-for-x86_64-baseos-rpms
说明:其中关于kpatch-patch 最后是0-0的、是代表当前包是空的,没有热补丁模块,笔者查看了一下当前版本的内核,也是一样,空的,(contains no files) ~
尊重别人的劳动成果 转载请务必注明出处:https://www.cnblogs.com/5201351/p/17519097.html
作者:一名卑微的IT民工
出处:https://www.cnblogs.com/5201351
本博客所有文章仅用于学习、研究和交流目的,欢迎非商业性质转载。
由于博主的水平不高,文章没有高度、深度和广度,只是凑字数,不足和错误之处在所难免,希望大家能够批评指出。
博主是利用读书、参考、引用、复制和粘贴等多种方式打造成自己的文章,请原谅博主成为一个卑微的IT民工!
