Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Wable deploying KernelCare. yay, no more annoying sudden reboots.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Wable deploying KernelCare. yay, no more annoying sudden reboots.

vimalwarevimalware Member
edited November 2014 in Providers

Source: https://www.facebook.com/permalink.php?story_fbid=1488346141427418&id=1407513069510726

We're deploying [KernelCare](http://kernelcare.com/) this should mean no more reboots are needed for kernel updates (as they're applied within memory). Without KernelCare we were averaging ~113 days between reboots due to critical kernel updates, looking forward to counting uptime in the years. Lets see how this goes.

Thanked by 1ryanarp
«1

Comments

  • jarjar Patron Provider, Top Host, Veteran

    I love KernelCare. It's far too inexpensive to not deploy. Glad to see they decided to make use of it, and to those who recognize my admitted Wable bias, I honestly didn't know they were doing so.

    Thanked by 1ryanarp
  • Be careful, this might actually result in more reboots (due to sudden kernel panics) ;-)

  • ryanarpryanarp Member, Patron Provider

    Kernel panics will happen with or without kernel care. I have been using kernel care for a while now and so far everything has been stable.

  • @ryanarp Do you use it for CatalystHost too?

  • ryanarpryanarp Member, Patron Provider
    edited November 2014

    vRozenSch00n said: @ryanarp Do you use it for CatalystHost too?

    Yes, I have been using it since June.

  • ryanarp said: Yes, I have been using it since June.

    That's great. Two thumbs up for you and your team :)

    Thanked by 1HalfEatenPie
  • GoodHostingGoodHosting Member
    edited November 2014

    We've been on the $2/dedi for our services for a while with KernelCare, and continue to use in on all of our dedicated servers; and clients services as required. While it is unfortunate that KernelCare can sometimes be on the slower side for CVE vulnerability patches (especially those related to OpenVZ lately), otherwise they are a rock solid product.

    /2 cents

  • GoodHosting said: GoodHosting

    Ever used KSplice? They are usually faster then KernelCare (More expensive nonetheless).

  • MunMun Member
    edited November 2014

    I really wish there was something like this for free

  • @Mun - its like $1.50/month! Its as good as free

    Thanked by 1Mark_R
  • Mun said: I really wish there was something like this for free

    Ksplice is free for Ubuntu and Fedora.

  • @sleddog said:

    I use Debian.

    @MarkTurner said:
    Mun - its like $1.50/month! Its as good as free

    I know, but the need at the price isn't there. Free I'd do it. Monthly price, I just have no need.

  • Nick_ANick_A Member, Top Host, Host Rep

    KCare isn't all sunshine and rainbows. It can be nice, but there have been some significant bumps in the road. They pushed at least two bad patches recently, one of which literally wrecked the running kernel on 7 of our production servers to the point where we had to single user in and reinstall the kernel. I can't imagine the headache we would have had if the update reached all of our VZ nodes before anyone could take action. The idea was to have an automated patching system that would allow us to sleep better at night, but we've had to disable auto updates for now.

    It has its benefits no doubt (we're still paying for and using it), but it's not perfect.

  • @Nick_A said:
    KCare isn't all sunshine and rainbows. It can be nice, but there have been some significant bumps in the road. They pushed at least two bad patches recently, one of which literally wrecked the running kernel on 7 of our production servers to the point where we had to single user in and reinstall the kernel. I can't imagine the headache we would have had if the update reached all of our VZ nodes before anyone could take action. The idea was to have an automated patching system that would allow us to sleep better at night, but we've had to disable auto updates for now.

    It has its benefits no doubt (we're still paying for and using it), but it's not perfect.

    Why would you ever apply patches to the running kernel of production servers without testing them first?

  • jarjar Patron Provider, Top Host, Veteran

    @ks500 said:
    Why would you ever apply patches to the running kernel of production servers without testing them first?

    You can test everything but it doesn't change that things act differently in production sometimes. Computers and operating systems are imperfect creations made by imperfect beings. Notice those same updates were applied by other providers with no problems. Stuff happens.

  • @Jar said:
    You can test everything but it doesn't change that things act differently in production sometimes. Computers and operating systems are imperfect creations made by imperfect beings. Notice those same updates were applied by other providers with no problems. Stuff happens.

    I guess we can agree to disagree. I've never in my life had a kernel patch pass through our qual testing and cause an issue on a prod server. Saying things can act differently as if that's somehow a reason not to test is ridiculous.

  • jarjar Patron Provider, Top Host, Veteran
    edited November 2014

    Yeah, everyone likes to talk like they're not human, the rest of us know better. It's common for newbies here to talk that way. Been there too. You'll screw up just as much as the rest of us do. It's not a big deal. You learn, you do better.

  • Nick_ANick_A Member, Top Host, Host Rep

    @ks500 said:
    Why would you ever apply patches to the running kernel of production servers without testing them first?

    That kind of goes hand in hand with auto patching. KCare markets itself as a fully automated system. We expected them to deliver on that feature. That was the main point of us signing up for it in the first place, after all. It's significantly less valuable to have a patching system that requires manual interaction when the product is supposed to be "set and forget."

    Thanked by 1vRozenSch00n
  • @Jar said:
    Yeah, everyone likes to talk like they're not human, the rest of us know better. It's common for newbies here to talk that way. Been there too. You'll screw up just as much as the rest of us do.

    That's laughable. This site is a hobby. My day job is keeping enterprise systems up and running. If you worked for me and applied a patch without testing it first it would be your first and last day on the job. There's nothing inhuman about common sense.

  • @Nick_A said:
    That kind of goes hand in hand with auto patching. KCare markets itself as a fully automated system. We expected them to deliver on that feature. That was the main point of us signing up for it in the first place, after all. It's significantly less valuable to have a patching system that requires manual interaction when the product is supposed to be "set and forget."

    I guess lesson learned? I wouldn't ever trust an automated system to patch my boxes without running through qual testing first on anything important.

  • jarjar Patron Provider, Top Host, Veteran
    edited November 2014

    Heh, if you don't learn something new every day you're not a sever administrator. If you don't make mistakes, you're lying. Plain and simple. Puff your chest out all you want, humans are humans and you are not the exception. If you were, you wouldn't need to try to talk down to others on an Internet forum. The only news you're spreading here is that you lack humility, which is not the best of introductions.

  • Nick_ANick_A Member, Top Host, Host Rep

    @ks500 said:
    I guess lesson learned? I wouldn't ever trust an automated system to patch my boxes without running through qual testing first on anything important.

    I specifically pointed out that we changed our protocol after KCare didn't live up to its promises:

    Nick_A said: The idea was to have an automated patching system that would allow us to sleep better at night, but we've had to disable auto updates for now.

    No one is here to get lectured. I was offering the flip side of what appeared to be very optimistic thread about KernelCare.

  • coolicecoolice Member
    edited November 2014

    @ks500 said:
    That's laughable. This site is a hobby. My day job is keeping enterprise systems up and running. If you worked for me and applied a patch without testing it first it would be your first and last day on the job. There's nothing inhuman about common sense.

    If your enterprise system data got deleted among the first several hours after public announcement of a security hole and you excuse is that you are running quality testing and not applying the patch for the last hour nobody will care... you just got fired too (with no chances to get sysadmin job again)

    Happen in real life ... coin has 2 sides...

    Thanked by 3jar ryanarp jaypeesmith
  • vRozenSch00nvRozenSch00n Member
    edited November 2014

    ks500 said: That's laughable. This site is a hobby. My day job is keeping enterprise systems up and running. If you worked for me and applied a patch without testing it first it would be your first and last day on the job. There's nothing inhuman about common sense.

    They are not hobbies, they are respected small businesses.

    Enterprise class is different. If they use ITIL/Cobit standard there are several prerequisites to follow until certain patch/patches are deployed into production.

    There should be a UAT, PAT, SAT/Pen Test using well prepared test plan / test script and all have to be recorded. IMHO :)

    Thanked by 1jar
  • @vRozenSch00n said:
    There should be a UAT, PAT, SAT/Pen Test using well prepared test plan / test script and all have to be recorded. IMHO :)

    I think you misread that. I wasn't saying this site is a hobby for the people selling services. I was saying it's a hobby for me.

  • @coolice said:
    If your enterprise system data got deleted among the first several hours after public announcement of a security hole and you excuse is that you are running quality testing and not applying the patch for the last hour nobody will care... you just got fired too (with no chances to get sysadmin job again)

    Happen in real life ... coin has 2 sides...

    That's what an IDS/IPS and offsite backups are for. You block rogue traffic from even getting into your network and patch once the patch has been validated. Critical systems are generally firewalled off completely from everything but the systems that actually should be talking to them. Kind of off-topic from the OP.

  • ks500 said: I think you misread that. I wasn't saying this site is a hobby for the people selling services. I was saying it's a hobby for me.

    ks500 said: That's laughable. This site is a hobby. My day job is keeping enterprise systems up and running. If you worked for me and applied a patch without testing it first it would be your first and last day on the job. There's nothing inhuman about common sense.

    Aah I see. If that is what you mean, then please accept my apology :)

  • ks500 said: That's what an IDS/IPS and offsite backups are for.

    And how do you deal with internal network breach if I may know? What layer of security do you apply?

  • jarjar Patron Provider, Top Host, Veteran

    @vRozenSch00n said:
    And how do you deal with internal network breach if I may know? What layer of security do you apply?

    They don't happen because he wrote all of the code and doesn't make mistakes.

    Thanked by 1hostnoob
  • @vRozenSch00n said:
    And how do you deal with internal network breach if I may know? What layer of security do you apply?

    Internal traffic is firewalled between subnets so an "internal breach" is no different than an "external breach". As I said, traffic is only allowed between systems that should be talking to each other.

Sign In or Register to comment.