How to use LivePatch on Ubuntu 20.04

Livepatch is a utility tool that keeps your Ubuntu server up to date with essential kernel updates important for security and system performance. In addition, the tool allows you to patch running kernels without the need to restart the server. This reduces downtime, hence a necessary tool for production servers that are designed to operate continuously without rebooting.

This article will teach you how to install and use Livepatch on a Ubuntu 20.04 production server instance.

Prerequisites

• Deploy a Ubuntu 20.04 Server on Vultr.
• Connect to the Server.
• Login as a sudo user.
• Update the server.

Get a Canonical Livepatch API Token

You need a free Ubuntu One account to get a Livepatch token for your server. To get one, follow the link here.

Then, on the Canonical webpage, select Ubuntu user, and click Get your Livepatch token to authenticate on the Ubuntu One login page.

Login to your account, or simply select I don’t have an Ubuntu one account to enter your email, full name, username, and password to continue.

Verify your email, and then a 32 character Livepatch token will be displayed for use on your server.

Installation

Install Livepatch:

$ sudo snap install canonical-livepatch

Output:

canonical-livepatch 10.1.2 from Canonical✓ installed

Enable the service using your Livepatch token:

$ sudo canonical-livepatch enable Your-Livepatch-Token-Goes-Here

If your token is valid, the command output should be similar to the one below:

Successfully enabled device. Using machine-token: Livepatch-Token

Use Livepatch

To check the current Livepatch status, use the following command:

$ sudo canonical-livepatch status

If installed correctly, your output should be similar to the one below with a server check-in: succeeded line.

last check: 3 minutes ago
kernel: 5.4.0-91.102-generic
server check-in: succeeded
patch state: ✓ all applicable livepatch modules inserted
patch version: 84.1
tier: updates (Free usage; This machine beta tests new patches.)
machine id: 28d47cb4f669481fa14f2a71f7ce2e2b

To request the latest kernel update using Livepatch, run the following command:

$ sudo canonical-livepatch refresh

If the kernel is already updated to latest version, your output should look like this:

checking for patches
nothing to apply
kernel: 5.4.0-91.102-generic
patch state: ✓ all applicable livepatch modules inserted
patch version: 84.1

Uninstall Livepatch

If for any reason you want to remove Livepatch from your server, run the following command:

$ sudo snap remove canonical-livepatch

Output:

canonical-livepatch removed

Conclusion

In this article, you have installed Livepatch on a Ubuntu 20.04 server and enabled it to automatically update in the background without any need for user intervention. As a result, a reboot will not be required whenever your server upgrades to the latest kernel. If you want to remove the tool at a later stage, follow the uninstallation step above.