Live Patching And SUSE Lifecycle Manager On SLES For SAP On-Demand In The Public Cloud

Starting earlier this month (August 2020) Live Patching is now included with SUSE Linux Enterprise Server For SAP Applications (SLES For SAP) on-demand offerings in Amazon Web Services EC2, Google Compute Engine, and Microsoft Azure for 12 SP3 and later instances and images.

What is live patching?

Live patching allows you to patch a running kernel to apply fixes and have them take effect immediately without having to reboot the system. Given that security fixes have the pesky habit of being announced outside of maintenance windows using live patching allows the application of kernel fixes without having to incur unplanned downtime. For details see the live patching documentation.

What is SUSE Lifecycle Manager?

SUSE Lifecycle Manager is a client that works in conjunction with SUSE Manager to modernize patch and configuration management of your Linux Servers. When paired with SUSE Manager, the Lifecycle Management agent can support SLES, RHEL, Oracle, and CentOS, to provide a heterogeneous Linux management framework.

How do I get it?

Instances created from images with a date stamp of 20200827 or later in the image name will automatically setup the Live Patching repository upon instance creation just like the repositories you are already used to. Therefore no action is needed and you can skip the rest of this blog.

For those interested in adding live patching to the running instances it is reasonably straight forward. Look up the “version” and “modname” from the tables below, assign the values, and execute the code below.

Instance based on         version value
    12 SP3                    12.3
    12 SP4                    12.4
    12 SP5                    12.5
    15                        15
    15 SP1                    15.1
    15 SP2                    15.2

You can verify the version of your running instance by using

grep VERSION /etc/os-release

Instance based on         modname value
    12 SP3                  sle-live-patching
    12 SP4                  sle-live-patching
    12 SP5                  sle-live-patching
    15                      sle-module-live-patching
    15 SP1                  sle-module-live-patching
    15 SP2                  sle-module-live-patching

In a root shell assign the values from the above tables as follows:

version=VALUE_FROM_VERSION_TABLE
modname=VALUE_FROM_MODNAME_TABLE

After the assignment cut and paste the following into your root shell:

tmpfile=$(mktemp /tmp/inst-metadata.XXXXXX)
metadata(){
cut -d "=" /etc/regionserverclnt.cfg -f 2 | grep metadata
}
$(metadata) >& "$tmpfile"
SUSEConnect -p "$modname"/"$version"/x86_64 --instance-data "$tmpfile"
rm "$tmpfile"

For example, on a SLES 12 SP3 For SAP instance this looks as follows:

# version=12.3
# modname=sle-live-patching
# tmpfile=$(mktemp /tmp/inst-metadata.XXXXXX)
# metadata(){
> cut -d "=" /etc/regionserverclnt.cfg -f 2 | grep metadata
> }
# $(metadata) >& "$tmpfile"
# SUSEConnect -p "$modname"/"$version"/x86_64 --instance-data "$tmpfile"
Registering system to registration proxy https://smt-gce.susecloud.net

Updating system details on https://smt-gce.susecloud.net ...

Activating sle-live-patching 12.3 x86_64 ...
-> Adding service to system ...
-> Installing release package ...

Successfully registered system

# rm "$tmpfile"

The life-cycle management part is delivered by SUSE Manager once you connect your system to a SUSE Manager Server instance. The SUSE Manager Server instance can run in your data center or in the Public CLoud Framework of your choice, BYOS images are available in AWS EC2, Azure, and Google Compute Engine.

And that’s it. The Live Patching repository is now registered and you can use rebootless kernel updates.