Set up Channels for Live Patching

A reboot is required every time you update the full kernel package. Therefore, it is important that clients using Live Patching do not have newer kernels available in the channels they are assigned to. Clients using live patching have updates for the running kernel in the live patching channels.

There are two ways to manage channels for live patching:

Use content lifecycle management to clone the product tree and remove kernel versions newer than the running one. This procedure is explained in the administration:content-lifecycle-examples.adoc#enhance-project-with-livepatching. This is the recommended solution.

Alternatively, use the spacewalk-manage-channel-lifecycle tool. This procedure is more manual and requires command line tools as well as the Web UI. This procedure is explained in this section for SLES 15 SP5, but it also works for SLE 12 SP4 or later.

1. Use spacewalk-manage-channel-lifecycle for Live Patching

Cloned vendor channels should be prefixed by dev for development, testing, or prod for production. In this procedure, you create a dev cloned channel and then promote the channel to testing.

Procedure: Cloning Live Patching Channels

  1. At the command prompt on the client, as root, obtain the current package channel tree:

    # spacewalk-manage-channel-lifecycle --list-channels
Spacewalk Username: admin
Spacewalk Password:
Channel tree:

 1. sles15-sp5-pool-x86_64
      \__ sle-live-patching15-pool-x86_64-sp5
      \__ sle-live-patching15-updates-x86_64-sp5
      \__ sle-manager-tools15-pool-x86_64-sp5
      \__ sle-manager-tools15-updates-x86_64-sp5
      \__ sles15-sp5-updates-x86_64

  2. Use the spacewalk-manage-channel command with the init argument to automatically create a new development clone of the original vendor channel:

    spacewalk-manage-channel-lifecycle --init -c sles15-sp5-pool-x86_64

  3. Check that dev-sles15-sp5-updates-x86_64 is available in your channel list.

Check the dev cloned channel you created, and remove any kernel updates that require a reboot.

Procedure: Removing Non-Live Kernel Patches from Cloned Channels

  1. Check the current kernel version by selecting the client from Systems  System List, and taking note of the version displayed in the Kernel field.

  2. In the SUSE Manager Web UI, select the client from Systems  Overview, navigate to the Software  Manage  Channels tab, and select dev-sles15-sp5-updates-x86_64. Navigate to the Patches tab, and click List/Remove Patches.

  3. In the search bar, type kernel and identify the kernel version that matches the kernel currently used by your client.

  4. Remove all kernel versions that are newer than the currently installed kernel.

Your channel is now set up for live patching, and can be promoted to testing. In this procedure, you also add the live patching child channels to your client, ready to be applied.

Procedure: Promoting Live Patching Channels

  1. At the command prompt on the client, as root, promote and clone the dev-sles15-sp5-pool-x86_64 channel to a new testing channel:

    # spacewalk-manage-channel-lifecycle --promote -c dev-sles15-sp5-pool-x86_64

  2. In the SUSE Manager Web UI, select the client from Systems  Overview, and navigate to the Software  Software Channels tab.

  3. Check the new test-sles15-sp5-pool-x86_64 custom channel to change the base channel, and check both corresponding live patching child channels.

  4. Click Next, confirm that the details are correct, and click Confirm to save the changes.

You can now select and view available CVE patches, and apply these important kernel updates with Live Patching.