Kernel Patching with kexec: updating a CentOS 7 kernel without a full reboot (In-memory Kernel Upgrade)

Interesting / Fun / Productitive, Update/Updgrade procedure on UNIX-like Operating system, except Kernel…

Administrators must already understand almost all system software packages/application packages/Self-developed packages update/upgrade procedure on Linux could be done perfectly without rebooting.

But, Kernel Upgrade/Update may occured sometimes. Perhaps administrators may love to wait, wait, wait, and wait until the major upgrade chance appears. Normally, those chances are major server hosts are free for maintenance during long holiday, or critical security issues that related to the older Kernel versions. The reason is very simple, REBOOT might required on Kernel upgrade usually. The server hosts might very busy on several business critical operations.

Critical operations vs. Reboot to apply Kernel upgrade

The sad moment, critical securities issues ahead and administrators need to take a prompt action to prevent any risk occur. But the server hosts are serving critical business stuff and not able to be stopped/suspended for few minutes or half an hour shortly. At this moment, Kernel patching without a full reboot are very useful.

Utilities for the procedure of In-memory Kernel Upgrade

1. The major utility should be installed already. It is a tool named “kexec”. On CentOS 7, you can install it with the command “yum install kexec-tools”.
2. Then you can perform normal update/upgrade yum command, e.g. “yum update kernel”.
3. Then execute the command “kexec –u”. For safty, thie command will unload any previously attempted kernels first. This is harmless and will make sure you start “cleanly” with your upgrade process.
   (Ref: https://ma.ttias.be/kernel-patching-kexec-updating-centos-7-kernel-without-full-reboot/)
4. For example, the newest version of the Kernel is “3.10.0-514.6.1.el7”, you can issue the command:

   ***!!! YOU MUST REPLACE WITH THE CORRECT KERNEL VERSION NAME WITHIN THIS COMMAND !!!***

   Keep the following command in ONE LINE:
   kexec -l /boot/vmlinuz-3.10.0-514.6.1.el7.x86_64 –initrd=/boot/initramfs-3.10.0-514.6.1.el7.x86_64.img  –reuse-cmdline

   ***!!! YOU MUST REPLACE WITH THE CORRECT KERNEL VERSION NAME WITHIN THIS COMMAND !!!***

5. After the above long command has been executed, the server might freezed for serverl seconds to minutes, depends on how many services are running on your machine.

If the system continue being kept in freezed state, it seems all services are dead. a Hard Boot must be perform… unfortunately.

You must remember one important point here | Really zero disturbe to all running process?

In-Memory Kernel Upgrade could make Reboot time saving magic. But all running system services/application services are all killed during the “kexec -l /boot/vmlinuz-3.10.0-514.6.1.el7.x86_64 –initrd=/boot/initramfs-3.10.0-514.6.1.el7.x86_64.img  –reuse-cmdline” command is being executed. Is it a trick for Quick Rebooting on technical point of view. If the critical business stuff have good session management behind, all running processes could be resumed shortly and just give end-users a few seconds suspend, this magical trick is your perfect solution.

Really good to perform this type of Kernel Patching?

It the machine or Virtual Host built/configured with huge of memory, or/and it contains several processing-power/memory hungury applications, it might saved valueable time on POST, hardware checking process time, system services startup times, etc.

More reference about In-memory Kernel Upgrade