From Fedora Project Wiki
(This looks obsolete, bump it back to incomplete. (This got missed because there was a typo in the category name.))
 
(20 intermediate revisions by one other user not shown)
Line 12: Line 12:
<!-- A sentence or two summarizing what this feature is and what it will do.  This information is used for the overall feature summary page for each release. -->
<!-- A sentence or two summarizing what this feature is and what it will do.  This information is used for the overall feature summary page for each release. -->


Keep Fedora's kernel up-to-date without rebooting. This uses the Ksplice Uptrack service to safely update the running kernel in memory, making it more convenient to stay on top of security and other important kernel updates.
Keep Fedora's kernel up-to-date without rebooting. This uses the Ksplice Uptrack service to update the running kernel in memory, boosting security, availability and convenience by making it possible to stay on top of important kernel updates without the disruption of a reboot.


== Owner ==
== Owner ==
Line 23: Line 23:
== Current status ==
== Current status ==
* Targeted release: [[Releases/14 | Fedora 14 ]]  
* Targeted release: [[Releases/14 | Fedora 14 ]]  
* Last updated: July 19, 2010
* Last updated: July 20, 2010
* Percentage of completion: 100%
* Percentage of completion: 100%


Line 29: Line 29:


== Detailed Description ==
== Detailed Description ==
Ksplice Uptrack allows system administrators to update the running Linux kernel "rebootlessly," using technology first developed at the Massachusetts Institute of Technology. Fedora and other major Linux distributions generally ask their users to reboot roughly once a month to install a new kernel to fix security and reliability issues. Empirically, users rarely install such updates -- Ksplice has measured real-world compliance at about 20% -- and until a system can be updated, it remains vulnerable to security flaws. By allowing IT administrators to install kernel updates without downtime, Uptrack dramatically reduces the cost of system administration and boosts adherence to security updates to greater than 95%.
Ksplice Uptrack allows system administrators to update the running Linux kernel "rebootlessly," using technology first developed at the Massachusetts Institute of Technology. Fedora and other major Linux distributions generally ask their users to reboot roughly once a month to install a new kernel to fix security and reliability issues. Empirically, users rarely install such updates -- Ksplice has measured real-world compliance at about 20% -- and until a system can be updated, it remains vulnerable to security flaws. By allowing IT administrators to install kernel updates without downtime, Uptrack dramatically reduces the cost of system administration and, in practice, boosts adherence to security updates to greater than 95%.


Ksplice Inc. will supply Fedora's own kernel updates in rebootless form to users of the Ksplice Uptrack client software. The service will be free of charge. The client software is licensed under the GNU General Public License, version 2.
Ksplice Inc. will supply rebootless versions of the kernel updates Fedora distributes. The service will be free of charge. The client software is licensed under the GNU General Public License, version 2.


== Benefit to Fedora ==
== Benefit to Fedora ==
Line 37: Line 37:


== Scope ==
== Scope ==
<!-- What work do the developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
A package of client software conforming to the Fedora Packaging Guidelines has been submitted for review (https://bugzilla.redhat.com/show_bug.cgi?id=616251).
 
The service is already operational in a preview for Fedora 13, and will begin supplying Fedora 14's kernel updates as soon as the kernel stabilizes.


== How To Test ==
== How To Test ==
The Uptrack service is currently available for testing on Fedora 13. To test, please install the ksplice-uptrack RPM on a Fedora 13 system running an old version of the kernel. The client software will alert the user that there are rebootless updates available and will prompt the user to install them. After installation, the "uptrack-show" command will show the patched CVEs, and exploits written against vulnerabilities patched by the updates will no longer work. There should be no visible disruption of the machine while updates are being installed.  To keep compatibility with kernel modules and applications, the output of the uname() system call is not altered.
In addition to the Fedora Packaging Guidelines-compliant SRPM uploaded for review, an earlier binary package available for immediate installation and testing on Fedora 13 is available here: https://www.ksplice.com/uptrack/download-fedora
<!-- This does not need to be a full-fledged document.  Describe the dimensions of tests that this feature is expected to pass when it is done.  If it needs to be tested with different hardware or software configurations, indicate them.  The more specific you can be, the better the community testing can be.  
<!-- This does not need to be a full-fledged document.  Describe the dimensions of tests that this feature is expected to pass when it is done.  If it needs to be tested with different hardware or software configurations, indicate them.  The more specific you can be, the better the community testing can be.  


Line 55: Line 61:


== User Experience ==
== User Experience ==
The client software installs a panel widget to alert the user of the availability of rebootless kernel updates, prompting them to install updates as soon as they are available. The Ksplice software suppresses Fedora's notification instructing the user to reboot after the on-disk kernel has been updated. Users will continue to update their kernels on-disk using the package manager, and will boot into the new kernel after a reboot.
<!-- If this feature is noticeable by its target audience, how will their experiences change as a result?  Describe what they will see or notice. -->
<!-- If this feature is noticeable by its target audience, how will their experiences change as a result?  Describe what they will see or notice. -->


== Dependencies ==
== Dependencies ==
No other packages depend on this package.
<!-- What other packages (RPMs) depend on this package?  Are there changes outside the developers' control on which completion of this feature depends?  In other words, completion of another feature owned by someone else and might cause you to not be able to finish on time or that you would need to coordinate?  Other upstream projects like the kernel (if this is not a kernel feature)? -->
<!-- What other packages (RPMs) depend on this package?  Are there changes outside the developers' control on which completion of this feature depends?  In other words, completion of another feature owned by someone else and might cause you to not be able to finish on time or that you would need to coordinate?  Other upstream projects like the kernel (if this is not a kernel feature)? -->


== Contingency Plan ==
== Contingency Plan ==
None necessary, revert to previous release behavior. Ksplice Uptrack is already available as a preview for Fedora 13.
<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "None necessary, revert to previous release behaviour."  Or it might not.  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "None necessary, revert to previous release behaviour."  Or it might not.  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->


== Documentation ==
== Documentation ==
Upstream documentation is here: http://www.ksplice.com/uptrack/using
<!-- Is there upstream documentation on this feature, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
<!-- Is there upstream documentation on this feature, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
*
*


== Release Notes ==
== Release Notes ==
Rebootless kernel updates
Fedora 14 includes Ksplice Uptrack, a service for updating the Linux kernel without the disruption of a reboot. By installing "rebootless" kernel updates, Fedora users can keep up-to-date with security and reliability patches without shutting down their computers or compromising the availability of servers.
<!-- The Fedora Release Notes inform end-users about what is new in the release.  Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ -->
<!-- The Fedora Release Notes inform end-users about what is new in the release.  Examples of past release notes are here: http://docs.fedoraproject.org/release-notes/ -->
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns.  If there are any such changes involved in this feature, indicate them here.  You can also link to upstream documentation if it satisfies this need.  This information forms the basis of the release notes edited by the documentation team and shipped with the release. -->
<!-- The release notes also help users know how to deal with platform changes such as ABIs/APIs, configuration or data file formats, or upgrade concerns.  If there are any such changes involved in this feature, indicate them here.  You can also link to upstream documentation if it satisfies this need.  This information forms the basis of the release notes edited by the documentation team and shipped with the release. -->

Latest revision as of 17:55, 3 July 2011


Feature Name

Ksplice Uptrack rebootless kernel updates

Summary

Keep Fedora's kernel up-to-date without rebooting. This uses the Ksplice Uptrack service to update the running kernel in memory, boosting security, availability and convenience by making it possible to stay on top of important kernel updates without the disruption of a reboot.

Owner

  • Email: keithw@ksplice.com

Current status

  • Targeted release: Fedora 14
  • Last updated: July 20, 2010
  • Percentage of completion: 100%


Detailed Description

Ksplice Uptrack allows system administrators to update the running Linux kernel "rebootlessly," using technology first developed at the Massachusetts Institute of Technology. Fedora and other major Linux distributions generally ask their users to reboot roughly once a month to install a new kernel to fix security and reliability issues. Empirically, users rarely install such updates -- Ksplice has measured real-world compliance at about 20% -- and until a system can be updated, it remains vulnerable to security flaws. By allowing IT administrators to install kernel updates without downtime, Uptrack dramatically reduces the cost of system administration and, in practice, boosts adherence to security updates to greater than 95%.

Ksplice Inc. will supply rebootless versions of the kernel updates Fedora distributes. The service will be free of charge. The client software is licensed under the GNU General Public License, version 2.

Benefit to Fedora

Fedora will gain the capability to apply important kernel updates without the disruption and downtime of a reboot. This will boost the security and reliability of systems that choose to install such rebootless updates. Fedora will become the first Linux distribution to integrate rebootless updates into the distribution.

Scope

A package of client software conforming to the Fedora Packaging Guidelines has been submitted for review (https://bugzilla.redhat.com/show_bug.cgi?id=616251).

The service is already operational in a preview for Fedora 13, and will begin supplying Fedora 14's kernel updates as soon as the kernel stabilizes.

How To Test

The Uptrack service is currently available for testing on Fedora 13. To test, please install the ksplice-uptrack RPM on a Fedora 13 system running an old version of the kernel. The client software will alert the user that there are rebootless updates available and will prompt the user to install them. After installation, the "uptrack-show" command will show the patched CVEs, and exploits written against vulnerabilities patched by the updates will no longer work. There should be no visible disruption of the machine while updates are being installed. To keep compatibility with kernel modules and applications, the output of the uname() system call is not altered.

In addition to the Fedora Packaging Guidelines-compliant SRPM uploaded for review, an earlier binary package available for immediate installation and testing on Fedora 13 is available here: https://www.ksplice.com/uptrack/download-fedora


User Experience

The client software installs a panel widget to alert the user of the availability of rebootless kernel updates, prompting them to install updates as soon as they are available. The Ksplice software suppresses Fedora's notification instructing the user to reboot after the on-disk kernel has been updated. Users will continue to update their kernels on-disk using the package manager, and will boot into the new kernel after a reboot.


Dependencies

No other packages depend on this package.

Contingency Plan

None necessary, revert to previous release behavior. Ksplice Uptrack is already available as a preview for Fedora 13.

Documentation

Upstream documentation is here: http://www.ksplice.com/uptrack/using

Release Notes

Rebootless kernel updates

Fedora 14 includes Ksplice Uptrack, a service for updating the Linux kernel without the disruption of a reboot. By installing "rebootless" kernel updates, Fedora users can keep up-to-date with security and reliability patches without shutting down their computers or compromising the availability of servers.

Comments and Discussion