Patching on the Fly with AIX and Linux
Both operating systems offer ways to do limited patching without having to reboot the system.
By Rob McNelly03/10/2020
From the AIX site:
"Starting with AIX Version 7.2, the AIX operating system provides the AIX Live Update function that eliminates the workload downtime that is associated with AIX system restart that is required by previous AIX releases when fixes to the AIX kernel are deployed. The workloads on the system are not stopped in a Live Update operation, yet the workloads can use the interim fixes after the Live Update operation.
"IBM delivers kernel fixes in the form of interim fixes to resolve issues that are reported by customers. If a fix changes the AIX kernel or loaded kernel extensions that cannot be unloaded, the host logical partition (LPAR) must be restarted. To address this issue, AIX Version 7.1, and earlier, provided concurrent update-enabled interim fixes that allow deployment of some limited kernel fixes to a running LPAR. All fixes cannot be delivered as concurrent update-enabled interim fixes. Starting with AIX Version 7.2, you can use the Live Update function to eliminate downtime that is associated with the AIX kernel update operation. This solution is not constrained by the same limitations as in the case of concurrent update enabled interim fixes."
This is from Red Hat:
“RHEL 8.1 marks the first release of RHEL 8 that will receive live kernel patches for critical and selected important CVEs, and no premium subscription is required. They will be delivered via the regular content stream and can be consumed via Yum updates. (Previously, these were on request for premium subscription customers and "hand
delivered.") The goal of the program is to minimize the need to reboot systems in order to get the latest critical security updates.”
For more, check out this Red Hat video and this discussion of AIX Live Update methodology. Chris Gibson has a best practices guide and presentation slides, and on March 25 you can take in his Power VUG session on Live Update best practices.
Rob McNelly is a senior AIX solutions architect doing pre-sales and post-sales support for IBM Premier Business Partner Meridian IT Inc.More →