最新要闻

广告

手机

光庭信息跌4.57% 2021上市超募11亿2022扣非降74% 时快讯

光庭信息跌4.57% 2021上市超募11亿2022扣非降74% 时快讯

 搜狐汽车全球快讯 | 大众汽车最新专利曝光:仪表支持拆卸 可用手机、平板替代-环球关注

搜狐汽车全球快讯 | 大众汽车最新专利曝光:仪表支持拆卸 可用手机、平板替代-环球关注

家电

  1. 首页
  2. 移动通信
  3. 内容

关于Linux-Kernel-Live-patching-的效果演示-kpatch auto-配置-今日聚焦

来源:博客园

本文为了演示出效果,准备了如下的环境

操作系统:Red Hat Enterprise Linux release 8.7 (Ootpa)

内核版本:4.18.0-372.9.1.el8.x86_64


(相关资料图)

1、关于操作系统版本、内核、内核相关的软件包版本,情况如下:

[root@qq-5201351 ~]# cat /etc/redhat-releaseRed Hat Enterprise Linux release 8.7 (Ootpa)[root@qq-5201351 ~]# uname -r4.18.0-372.9.1.el8.x86_64[root@qq-5201351 ~]# rpm -qa |grep kernelkernel-modules-4.18.0-372.9.1.el8.x86_64kernel-core-4.18.0-372.9.1.el8.x86_64kernel-4.18.0-372.9.1.el8.x86_64kernel-tools-4.18.0-372.9.1.el8.x86_64kernel-tools-libs-4.18.0-372.9.1.el8.x86_64[root@qq-5201351 ~]#

2、安装kpatch软件包,用于实现Kernel-Live-patching

[root@qq-5201351 ~]# dnf install kpatchUpdating Subscription Management repositories.Last metadata expiration check: 0:10:11 ago on Fri 30 Jun 2023 03:18:03 PM CST.Dependencies resolved.======================================================================================================================================== Package                    Architecture           Version                          Repository                                     Size========================================================================================================================================Installing: kpatch                     noarch                 0.9.7-2.el8                      rhel-8-for-x86_64-baseos-rpms                  18 kInstalling dependencies: binutils                   x86_64                 2.30-119.el8                     rhel-8-for-x86_64-baseos-rpms                 5.8 MInstalling weak dependencies: kpatch-dnf                 noarch                 0.9.7_0.4-2.el8                  rhel-8-for-x86_64-baseos-rpms                  19 kTransaction Summary========================================================================================================================================Install  3 PackagesTotal download size: 5.8 MInstalled size: 24 MIs this ok [y/N]: yDownloading Packages:(1/3): kpatch-0.9.7-2.el8.noarch.rpm                                                                    4.5 kB/s |  18 kB     00:03(2/3): kpatch-dnf-0.9.7_0.4-2.el8.noarch.rpm                                                            1.7 kB/s |  19 kB     00:11(3/3): binutils-2.30-119.el8.x86_64.rpm                                                                 410 kB/s | 5.8 MB     00:14----------------------------------------------------------------------------------------------------------------------------------------Total                                                                                                   412 kB/s | 5.8 MB     00:14Running transaction checkTransaction check succeeded.Running transaction testTransaction test succeeded.Running transaction  Preparing        :                                                                                                                1/1  Installing       : kpatch-dnf-0.9.7_0.4-2.el8.noarch                                                                              1/3  Running scriptlet: kpatch-dnf-0.9.7_0.4-2.el8.noarch                                                                              1/3To enable automatic kpatch-patch subscription, run:        $ dnf kpatch auto  Installing       : binutils-2.30-119.el8.x86_64                                                                                   2/3  Running scriptlet: binutils-2.30-119.el8.x86_64                                                                                   2/3  Installing       : kpatch-0.9.7-2.el8.noarch                                                                                      3/3  Running scriptlet: kpatch-0.9.7-2.el8.noarch                                                                                      3/3  Verifying        : binutils-2.30-119.el8.x86_64                                                                                   1/3  Verifying        : kpatch-dnf-0.9.7_0.4-2.el8.noarch                                                                              2/3  Verifying        : kpatch-0.9.7-2.el8.noarch                                                                                      3/3Installed products updated.Installed:  binutils-2.30-119.el8.x86_64                kpatch-0.9.7-2.el8.noarch                kpatch-dnf-0.9.7_0.4-2.el8.noarchComplete!

3、此时我们通过 kpatch list 进行查看, 内容为空,如下:

[root@qq-5201351 ~]# kpatch listLoaded patch modules:Installed patch modules:[root@qq-5201351 ~]#

4、内容为空,是因为没有设置yum kpatch 为auto, 接下来进行设置,执行yum kpatch auto 命令即可

[root@qq-5201351 ~]# yum kpatch autoUpdating Subscription Management repositories.Last metadata expiration check: 0:12:14 ago on Fri 30 Jun 2023 03:18:03 PM CST.Dependencies resolved.======================================================================================================================================== Package                                   Architecture         Version               Repository                                   Size========================================================================================================================================Installing: kpatch-patch-4_18_0-372_9_1               x86_64               1-3.el8               rhel-8-for-x86_64-baseos-rpms                19 kTransaction Summary========================================================================================================================================Install  1 PackageTotal download size: 19 kInstalled size: 32 kIs this ok [y/N]: yDownloading Packages:kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64.rpm                                                          8.9 kB/s |  19 kB     00:02----------------------------------------------------------------------------------------------------------------------------------------Total                                                                                                   8.9 kB/s |  19 kB     00:02Running transaction checkTransaction check succeeded.Running transaction testTransaction test succeeded.Running transaction  Preparing        :                                                                                                                1/1  Installing       : kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64                                                                     1/1  Running scriptlet: kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64                                                                     1/1installing /usr/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko (4.18.0-372.9.1.el8.x86_64)Created symlink /etc/systemd/system/multi-user.target.wants/kpatch.service → /usr/lib/systemd/system/kpatch.service.chcon: can"t apply partial context to unlabeled file "/var/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.ko"loading patch module: /var/lib/kpatch/4.18.0-372.9.1.el8.x86_64/kpatch-4_18_0-372_9_1-1-3.kowaiting (up to 15 seconds) for patch transition to complete...transition complete (1 seconds)  Verifying        : kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64                                                                     1/1Installed products updated.Installed:  kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64Complete![root@qq-5201351 ~]#

5、这时,我们再通过kpatch list 查看时就能看到关于当前运行内核的实时补丁了,因为上面在设置yum kpatch 为auto时,已经安装上了kpatch-patch-4_18_0-372_9_1-1-3.el8.x86_64

[root@qq-5201351 ~]# kpatch listLoaded patch modules:kpatch_4_18_0_372_9_1_1_3 [enabled]Installed patch modules:kpatch_4_18_0_372_9_1_1_3 (4.18.0-372.9.1.el8.x86_64)[root@qq-5201351 ~]#

其他测试、看一下效果,此时我们升级一下当前内核到当前内核版本的后面一个新版本:

[root@qq-5201351 ~]# yum update kernel-4.18.0-372.13.1.el8_6Updating Subscription Management repositories.Last metadata expiration check: 0:14:48 ago on Fri 30 Jun 2023 03:18:03 PM CST.Dependencies resolved.======================================================================================================================================== Package                                Architecture     Version                          Repository                               Size========================================================================================================================================Installing: kernel                                 x86_64           4.18.0-372.13.1.el8_6            rhel-8-for-x86_64-baseos-rpms           8.0 M kernel-core                            x86_64           4.18.0-372.13.1.el8_6            rhel-8-for-x86_64-baseos-rpms            39 M kernel-modules                         x86_64           4.18.0-372.13.1.el8_6            rhel-8-for-x86_64-baseos-rpms            32 M kpatch-patch-4_18_0-372_13_1           x86_64           1-2.el8_6                        rhel-8-for-x86_64-baseos-rpms            17 kTransaction Summary========================================================================================================================================Install  4 PackagesTotal download size: 79 MInstalled size: 92 MIs this ok [y/N]: yDownloading Packages:(1/4): kernel-4.18.0-372.13.1.el8_6.x86_64.rpm                                                          176 kB/s | 8.0 MB     00:46(2/4): kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64.rpm                                                 35 kB/s |  17 kB     00:00(3/4): kernel-core-4.18.0-372.13.1.el8_6.x86_64.rpm                                                     658 kB/s |  39 MB     01:01(4/4): kernel-modules-4.18.0-372.13.1.el8_6.x86_64.rpm                                                  417 kB/s |  32 MB     01:17----------------------------------------------------------------------------------------------------------------------------------------Total                                                                                                   1.0 MB/s |  79 MB     01:17Running transaction checkTransaction check succeeded.Running transaction testTransaction test succeeded.Running transaction  Preparing        :                                                                                                                1/1  Installing       : kernel-core-4.18.0-372.13.1.el8_6.x86_64                                                                       1/4  Running scriptlet: kernel-core-4.18.0-372.13.1.el8_6.x86_64                                                                       1/4  Installing       : kernel-modules-4.18.0-372.13.1.el8_6.x86_64                                                                    2/4  Running scriptlet: kernel-modules-4.18.0-372.13.1.el8_6.x86_64                                                                    2/4  Installing       : kernel-4.18.0-372.13.1.el8_6.x86_64                                                                            3/4  Installing       : kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64                                                                  4/4  Running scriptlet: kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64                                                                  4/4installing /usr/lib/kpatch/4.18.0-372.13.1.el8_6.x86_64/kpatch-4_18_0-372_13_1-1-2.ko (4.18.0-372.13.1.el8_6.x86_64)chcon: can"t apply partial context to unlabeled file "/var/lib/kpatch/4.18.0-372.13.1.el8_6.x86_64/kpatch-4_18_0-372_13_1-1-2.ko"  Running scriptlet: kernel-core-4.18.0-372.13.1.el8_6.x86_64                                                                       4/4/etc/dracut.conf.d/xen.conf:add_drivers+="xen_netfront xen_blkfront "dracut: WARNING: +="  ":  should have surrounding white spaces!dracut: WARNING: This will lead to unwanted side effects! Please fix the configuration file.  Running scriptlet: kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64                                                                  4/4  Verifying        : kernel-modules-4.18.0-372.13.1.el8_6.x86_64                                                                    1/4  Verifying        : kernel-4.18.0-372.13.1.el8_6.x86_64                                                                            2/4  Verifying        : kernel-core-4.18.0-372.13.1.el8_6.x86_64                                                                       3/4  Verifying        : kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64                                                                  4/4Installed products updated.Installed:  kernel-4.18.0-372.13.1.el8_6.x86_64            kernel-core-4.18.0-372.13.1.el8_6.x86_64  kernel-modules-4.18.0-372.13.1.el8_6.x86_64  kpatch-patch-4_18_0-372_13_1-1-2.el8_6.x86_64Complete![root@qq-5201351 ~]#

这时我们再查看kpatch list 还是只开启了当前内核的热补丁

[root@qq-5201351 ~]# kpatch listLoaded patch modules:kpatch_4_18_0_372_9_1_1_3 [enabled]Installed patch modules:kpatch_4_18_0_372_13_1_1_2 (4.18.0-372.13.1.el8_6.x86_64)kpatch_4_18_0_372_9_1_1_3 (4.18.0-372.9.1.el8.x86_64)[root@qq-5201351 ~]# yum kpatch autoUpdating Subscription Management repositories.Last metadata expiration check: 0:18:11 ago on Fri 30 Jun 2023 03:18:03 PM CST.Dependencies resolved.Nothing to do.Complete![root@qq-5201351 ~]#

这里可以看到当前 Loaded patch modules 里,还是当前运行内核版本的热补丁模块,但上面我们升级内核时,其实也已经安装了新版本内核的热补丁模块

但不会被Load, 因为只会加载开启当前运行内核的热补丁,笔者测试重启OS后,再通过kpatch list 查看就能看到新版本的内核热补丁就会出现在Loaded patch modules 当中了

当然只要不重启OS,当前的内核版本、始终都还是之前运行的内核版本

[root@qq-5201351 ~]# uname -r4.18.0-372.9.1.el8.x86_64[root@qq-5201351 ~]#

尊重别人的劳动成果 转载请务必注明出处:https://www.cnblogs.com/5201351/p/17519097.html

关键词: