Fancy having critical Linux kernel patches automatically applied to your Ubuntu system—without having to reboot your computer? We describe how to use Canonical’s Livepatch Service to do just that.
What Is Livepatch and How Does It Work?
As Canonical’s Dustin Kirkland explained several years ago, Canonical Livepatch uses the Kernel Live Patching technology built into the standard Linux kernel. Canonical’s Livepatch website notes that massive corporations like AT&T, Cisco, and Walmart use it.
It’s free for personal use on up to three computers—according to Kirkland, these can be “desktops, servers, virtual machines, or cloud instances.” Organizations can use it on more systems with a paid Ubuntu Advantage subscription.
Kernel Patches Are Necessary But Inconvenient
Linux kernel patches are a fact of life. Keeping your system secure and patched up to date is vital in the inter-connected world we live in. But having to reboot your computer to apply kernel patches can be a pain. Especially if the computer is providing some sort of service to users and you have to co-ordinate or negotiate with them to take the service off-line. And there’s a multiplier. If you maintain several Ubuntu machines, at some point you have to bite the bullet and do each one in turn.
The Canonical Livepatch Service removes all of the aggravation of keeping your Ubuntu systems up to date with critical kernel patches. It’s easy to set up—either graphically or from the command line—and it takes one more chore off your shoulders.
Anything that reduces maintenance efforts, boosts security, and reduces downtime has to be an attractive proposition, right? Yes, but there are some caveats.
- You must be using a Long Term Support (LTS) release of Ubuntu such as 16.04 or 18.04. The most recent LTS version is 18.04, so that’s the version we’re going to use here.
- It must be a 64-bit version.
- You must be running Linux Kernel 4.4 or higher
- You need to have an Ubuntu One account. Remember them? If you don’t have an Ubuntu One account, you can sign up for a free account.
- You can use the Canonical Livepatch Service at no cost, but you’re limited to three computers per Ubuntu One account. If you have to maintain more than three computers, you’ll need additional Ubuntu One accounts.
- If you have physical, virtual, or cloud-hosted servers to look after, you’ll need to become an Ubuntu Advantage customer.
Getting an Ubuntu One Account
Whether you’re going to set up the Livepatch Service through the graphical user interface (GUI) or via the command-line interface (CLI), you must have an Ubuntu One account. This is required because the operation of the Livepatch Service depends on a private key that is issued to you, and tied to your Ubuntu One account.
- If you set up the Livepatch Service using the GUI, you won’t see your key. It is still required and used, but it is all handled in the background for you.
- If you set up your Livepatch Service via the terminal, you’ll need to copy and paste your key from your browser to the command line.
If you don’t have an Ubuntu One account, you can create one at no cost.
Enabling the Canonical Livepatch Service Graphically
Read the remaining 55 paragraphs
from How-To Geek https://ift.tt/32mtOez
No comments:
Post a Comment