Set up Channels for Live Patching
A reboot is required every time you update the full kernel package. Therefore, it is important that clients using Live Patching do not have newer kernels available in the channels they are assigned to. Clients using live patching have updates for the running kernel in the live patching channels.
There are two ways to manage channels for live patching:
Use content lifecycle management to clone the product tree and remove kernel versions newer than the running one. This procedure is explained in the content-lifecycle-examples.adoc#enhance-project-with-livepatching. This is the recommended solution.
Alternatively, use the
spacewalk-manage-channel-lifecycle tool. This procedure is more manual and requires command line tools as well as the Web UI. This procedure is explained in this section for SLES 15 SP1, but it also works for SLE 12 SP4 or later.
Cloned vendor channels should be prefixed by
dev for development,
prod for production. In this procedure, you create a
dev cloned channel and then promote the channel to
At the command prompt on the client, as root, obtain the current package channel tree:
# spacewalk-manage-channel-lifecycle --list-channels Spacewalk Username: admin Spacewalk Password: Channel tree: 1. sles15-sp3-pool-x86_64 \__ sle-live-patching15-pool-x86_64-sp3 \__ sle-live-patching15-updates-x86_64-sp3 \__ sle-manager-tools15-pool-x86_64-sp3 \__ sle-manager-tools15-updates-x86_64-sp3 \__ sles15-sp3-updates-x86_64
spacewalk-manage-channelcommand with the
initargument to automatically create a new development clone of the original vendor channel:
spacewalk-manage-channel-lifecycle --init -c sles15-sp3-pool-x86_64
dev-sles15-sp3-updates-x86_64is available in your channel list.
dev cloned channel you created, and remove any kernel updates that require a reboot.
Check the current kernel version by selecting the client from, and taking note of the version displayed in the
In the SUSE Manager Web UI, select the client from, navigate to the tab, and select
dev-sles15-sp3-updates-x86_64. Navigate to the
Patchestab, and click List/Remove Patches.
In the search bar, type
kerneland identify the kernel version that matches the kernel currently used by your client.
Remove all kernel versions that are newer than the currently installed kernel.
Your channel is now set up for live patching, and can be promoted to
testing. In this procedure, you also add the live patching child channels to your client, ready to be applied.
At the command prompt on the client, as
root, promote and clone the
dev-sles15-sp3-pool-x86_64channel to a new
# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-sp3-pool-x86_64
In the SUSE Manager Web UI, select the client from, and navigate to the tab.
Check the new
test-sles15-sp3-pool-x86_64custom channel to change the base channel, and check both corresponding live patching child channels.
Click Next, confirm that the details are correct, and click Confirm to save the changes.
You can now select and view available CVE patches, and apply these important kernel updates with Live Patching.