Livepatch is a utility tool that keeps your Ubuntu server up to date with essential kernel updates important for security and system performance. In addition, the tool allows you to patch running kernels without the need to restart the server. This reduces downtime, hence a necessary tool for production servers that are designed to operate continuously without rebooting.
This article will teach you how to install and use Livepatch on a Ubuntu 20.04 production server instance.
Prerequisites
- Deploy a Ubuntu 20.04 Server on Vultr.
- Connect to the Server.
- Login as a sudo user.
- Update the server.
Get a Canonical Livepatch API Token
You need a free Ubuntu One account to get a Livepatch token for your server. To get one, follow the link here.
Then, on the Canonical webpage, select Ubuntu user, and click Get your Livepatch token to authenticate on the Ubuntu One login page.
Login to your account, or simply select I don’t have an Ubuntu one account to enter your email, full name, username, and password to continue.
Verify your email, and then a 32 character Livepatch token will be displayed for use on your server.
Installation
Install Livepatch:
$ sudo snap install canonical-livepatchOutput:
canonical-livepatch 10.1.2 from Canonical✓ installedEnable the service using your Livepatch token:
$ sudo canonical-livepatch enable Your-Livepatch-Token-Goes-HereIf your token is valid, the command output should be similar to the one below:
Successfully enabled device. Using machine-token: Livepatch-TokenUse Livepatch
To check the current Livepatch status, use the following command:
$ sudo canonical-livepatch statusIf installed correctly, your output should be similar to the one below with a server check-in: succeeded line.
last check: 3 minutes ago
kernel: 5.4.0-91.102-generic
server check-in: succeeded
patch state: ✓ all applicable livepatch modules inserted
patch version: 84.1
tier: updates (Free usage; This machine beta tests new patches.)
machine id: 28d47cb4f669481fa14f2a71f7ce2e2bTo request the latest kernel update using Livepatch, run the following command:
$ sudo canonical-livepatch refreshIf the kernel is already updated to latest version, your output should look like this:
checking for patches
nothing to apply
kernel: 5.4.0-91.102-generic
patch state: ✓ all applicable livepatch modules inserted
patch version: 84.1Uninstall Livepatch
If for any reason you want to remove Livepatch from your server, run the following command:
$ sudo snap remove canonical-livepatchOutput:
canonical-livepatch removedConclusion
In this article, you have installed Livepatch on a Ubuntu 20.04 server and enabled it to automatically update in the background without any need for user intervention. As a result, a reboot will not be required whenever your server upgrades to the latest kernel. If you want to remove the tool at a later stage, follow the uninstallation step above.