If you use Ubuntu Server in your data center, you can take advantage of Canonical’s Livepatch service to patch the running kernel on those servers without having to reboot. This is an amazing tool that can save you from a considerable headache, or having to come into work after hours just to patch the kernel and reboot the system.

By making use of the Canonical Livepatch service, you can ensure your systems:

  • Maximize service availability
  • Maintain security and compliance
  • Won’t interrupt in-memory databases or other services

Do note: This is not the same as upgrading a running kernel. If you upgrade a running kernel, you still have to reboot the system to make the changes take effect. Livepatching only works when applying patches to the running kernel (such as for security vulnerabilities).

The Livepatch service is free to use, up to three systems, and can only be used on 64-bit versions of Ubuntu 16.04 and 14.04, running at least kernel 4.4.

If you’re unsure which kernel you’re running, issue the command uname -r to see (Figure A).

Figure A

Let’s get this up and running.

Downloading your livepatch token

The first thing you must do is download a livepatch token from the Livepatch Service site. To use the free version, make sure to check Ubuntu User and then click Get your Livepatch token. You will then be prompted to log into your UbuntuOne account. Once you’ve authenticated with your account, you will be presented with your Livepatch token (which you should copy and save) and the necessary commands to install both Livepatch and your Livepatch token. The commands are:

sudo snap install canonical-livepatch
sudo canonical-livepatch enable TOKEN

Where TOKEN is your actual Livepatch token.

After running the second command, you should see Successfully enabled device. Using matching token TOKEN (where TOKEN is your actual Livepatch token).

And that’s all there is to it. You can now patch your running kernel without having to reboot your system. Do remember, if you upgrade the kernel, the server will still have to be rebooted. If you’re only patching and you have enabled the Livepatching service, your kernel will be good to go even without a reboot.