One of Linode's competitors, VPS.net, has implemented Ksplice. Does Linode have any plans to let us patch our kernels, while only rebooting when the host machine goes belly up?

Although there are gotchas with Ksplice, this feature is, much like backups, something I'd be willing to pay for. I provide shell services on top of Linode's infrastructure. My users can accept the network issues Linode's data centers have from time to time, but multi-month uptimes is really a must. People don't want to loose their irssi screens all the time.

_________________
Home page | Twitter | Link blog

Is there any reason why you can't just load your own ksplice-compatible kernel with pvgrub?

Yes, laziness.

I don't want to roll my own kernels unless I really, really have to. If there is enough demand for something like this, Linode could probably fairly easily implement a point and drool interface that lets us boot from a tested ksplice kernel. I dunno about Ksplice, but there is sometimes money to earn by reselling commercial products as a hosting company.

I can think of many things that could be useful for a minority of Linode's customers, stuff that could be compiled into alternative Linode provided kernels. GRSec is one of these things, provided that it works with Xen nowadays.

That said, I totally understand why Linode wouldn't want to support lots of of different kernel setups.

_________________
Home page | Twitter | Link blog

Looks to me like you don't need to roll your own kernel:

http://www.ksplice.com/uptrack/download-ubuntu

If the Linode-provided kernel doesn't work with it, it looks to me like you can just use your distro's default kernel?

I just installed an Ubuntu kernel package, using pv-grub, to enable me to use Ksplice.

It seems to work with the Ubuntu 10.04 Lucid "linux-virtual" kernel package:

# uptrack-upgrade -y
Nothing to be done.
Your kernel is fully up to date.

Instructions are here:

http://www.linode.com/wiki/index.php/PV-GRUB
http://library.linode.com/advanced/pv-grub-howto

I guess I have to recommend the wiki link, because it has stuff I needed that the library link didn't (because I added it).


No more reboots for kernel upgrades!

It says it upgraded my kernel (automatically as I configured it). There are new kernel packages, installed, and my computers aren't nagging me for reboots.

# uptrack-show
Installed updates:
[63o47ris] Clear garbage data on the kernel stack when handling signals.
[8dowm7qf] Mitigate denial of service attacks with large argument lists.
[9q9ylj8o] CVE-2010-2943: Missing inode validation in XFS.
[p67q517e] CVE-2010-2962: Privilege escalation in i915 pread/pwrite ioctls.
[b8by5oeo] CVE-2010-3861: Kernel buffer overflow in ETHTOOL_GRXCLSRLALL ioctl.
[huho7pj7] CVE-2010-4072: Information leak in System V IPC
[0avpscpr] CVE-2010-4157: Memory corruption in Intel/ICP RAID driver.