Wondering how to set up automatic kernel updates on Linux?
The kernel is the core part of a computer operating system. It controls all the hardware resources to facilitate the interaction between hardware and software. It also optimizes the usage of other resources such as the CPU, cache, and memory. In other terms, it is the bridge between the computer applications and the control unit of a computer.
Computers can’t function without an operating system. This makes kernels the absolute integral part of computers. As in the case of other operating systems, Linux also has kernels at its core on every available distro.
These kernels do get updated from time to time. The updates are usually new security patches that need installing. Updating a kernel of a single computer is pretty simple. However, let’s say an organization has hundreds of Linux computers, then things get trickier.
The main problem associated with updating kernels is that the computer needs to be rebooted for these updates to settle in. So, for hundreds of computers, updating each one is very time-consuming. Thus, management of the whole system becomes arduous in such situations.
However, there is a way that this can be tackled. Live patching updates the kernels in the background while the system keeps on running. This is much more secure and time-efficient compared to manual patching. There are two types of live patching, temporary and persistent.
In temporary live patching, package management software delivers the new security patches to the repositories. From there, these packages are installed according to the update timings set by the user. You need no to reboot the system straightaway, but due to security patches getting piled up on each other, the system tends to get slow, and the escape lies in rebooting only.
In persistent live patching, the computer stores the patch. These patches are called monolithic as they contain previous patches as well. The software keeps on checking for potential updates. When an update is installed, the software does that itself, and the kernel gets updated.
If you are fed up with Linux kernels getting updated continuously (which does happen) and want to avail live patching, this article should get you to your goal. There are different methods available on how to set up automatic kernel updates on Linux, and we will tell you about them in this article.
So, let’s get going!
1. Canonical Livepatch Service.
Canonical live patching is one of the ways you can set up automatic live updates on Linux. It allows you to install kernel updates without having to reboot your computer. This service can be used for free on 3 Ubuntu computers. For more, you need to subscribe to the Ubuntu advantage program.
Before installing Canonical Livepatch Service for a single computer, you need to get a livepatch token from here. After receiving a token you are on your way.
Follow these steps to set Canonical Livepatch Service:
- Open the Terminal.
- Type the following command to install the service.
$ sudo snap install canonical-livepatch
- Once you have installed the service, use this command to activate it.
$ sudo canonical-livepatch enable <token/key number>
- To check and install the new update run this command on your Terminal.
$ sudo apt-get upgrade
- You can also deactivate the service using this command:
$ sudo canonical-livepatch disable <token/key number>
You now know one of the ways how to set up automatic kernel updates on Linux. No need to reboot the system, just run the command and update your kernel, simple.
KernelCare is another way you can set up automatic kernel updates on Linux. This service is available for multiple Linux distros such as Debian, Fedora, Ubuntu, etc. The service checks for kernel updates every 4 hours, and in case there is one available, it installs it without any complication.
KernelCare also allows you to go back to the previous kernel version. This can be useful for such users whose drivers get messed up after a kernel update. As was the case with the Canonical Livepatch service, you need a key to avail KernelCare on your computer. You can get the key from this site.
After receiving the key, the next step is to install the service. For that, follow these steps:
- Open the Terminal.
- Once open, type the following command.
$ wget -qq -0 - https://kernelcare.com/installer | bash
- Once the installation is complete, you need to activate the service using the key that you got.
$ /usr/bin/kcaret1 --register <key number>
- You can also choose to install an update manually through this command.
$ /usr/bin/kcaret1 --update
With this, you have now subscribed to KernelCare and its live patching service.
3. Red Hat Kpatch.
Red Hat Kpatch is another service through which you can avail of persistent live patching. It also provides service to various Linux distros, and the installation process is relatively easier. To get the idea of subscriptions, go here.
Follow these steps to install Red Hat Kpatch Service:
- Open the Terminal.
- Once open, run this command.
$ sudo apt-get update -y
- This command gets the information of the latest packages and adds them to the repository.
- After this, you only need to run this command to install the patch.
$ sudo apt-get install -y patch
These are the methods you can use for availing live patching for your Linux systems.
Although live patching is not necessary, it is still a hassle-free method you can get used to quickly. The only drawback of live patching is that the companies providing this service demand a good chunk of cash. This is why live patching is usually subscribed to by large organizations running hundreds of Linux computers.
However, if you are a Linux user and are looking to learn about ZFS file compression, this is the article to learn from.
We hope that we covered everything and explained what kernels are and how their updates can be a problem. In addition, we hope that you understood the concept of live patching and the services you need to subscribe to.
If you liked this article, please share it. 🙂