Edit: Have you been patching without rebooting?
Originally posted March 10, 2020 on AIXchange
Both operating systems offer ways to do limited patching without having to reboot the system.
AIX admins often manage Linux servers as well. If this fits your job description, you should know that each operating system has an option that allows limited patching to be done without a reboot. The AIX version is called Live Update; the Red Hat version is called Live Patching.
From the AIX site:
“Starting with AIX Version 7.2, the AIX operating system provides the AIX Live Update function that eliminates the workload downtime that is associated with AIX system restart that is required by previous AIX releases when fixes to the AIX kernel are deployed. The workloads on the system are not stopped in a Live Update operation, yet the workloads can use the interim fixes after the Live Update operation.
“IBM delivers kernel fixes in the form of interim fixes to resolve issues that are reported by customers. If a fix changes the AIX kernel or loaded kernel extensions that cannot be unloaded, the host logical partition (LPAR) must be restarted. To address this issue, AIX Version 7.1, and earlier, provided concurrent update-enabled interim fixes that allow deployment of some limited kernel fixes to a running LPAR. All fixes cannot be delivered as concurrent update-enabled interim fixes. Starting with AIX Version 7.2, you can use the Live Update function to eliminate downtime that is associated with the AIX kernel update operation. This solution is not constrained by the same limitations as in the case of concurrent update enabled interim fixes.”
This is from Red Hat:
“RHEL 8.1 marks the first release of RHEL 8 that will receive live kernel patches for critical and selected important CVEs, and no premium subscription is required. They will be delivered via the regular content stream and can be consumed via Yum updates. (Previously, these were on request for premium subscription customers and “hand delivered.”) The goal of the program is to minimize the need to reboot systems in order to get the latest critical security updates.”
For more, check out this Red Hat video and this discussion of AIX Live Update methodology. Chris Gibson has a best practices guide and presentation slides, and on March 25 you can take in his Power VUG session on Live Update best practices.
Of course these are different tools for different operating systems, but take a moment to consider them in tandem: We continue to advance in a direction where more fixes can be applied on the fly. While I don’t imagine we’ll ever see a world completely free of reboots, this is welcome progress.