The Canonical Livepatch Service applies critical kernel security patches without rebooting Ubuntu. This is especially useful on production environments and services where any downtime could be disruptive.
Livepatch is free for up to 3 machines. It is also included in every Ubuntu Advantage subscription.
This tutorial will show you how to enable this service on your Ubuntu system.
What you’ll need
- A computer running Ubuntu 16.04 LTS or 14.04 LTS with an Internet connection
- An Ubuntu One account
- Some basic command-line knowledge
Getting the Livepatch token
In order to use this service, you have to generate the Livepatch token.
To get it, simply visit the Livepatch portal.
Select the Ubuntu user option and click Get your Livepatch token. You’ll have to log in with your Ubuntu One account if you haven’t done so already.
The portal will return your Livepatch credentials:
You’ll see a key associated with your account. Don’t close the page or copy the token somewhere - you’ll need it later.
Installing the Livepatch daemon
Enabling snap support
The Livepatch daemon is distributed through the Snap Store.
If you are using Ubuntu 14.04 LTS, you have to enable snap support first:
sudo apt update sudo apt install snapd
Then, start a new shell so your
PATH variable is updated to include the
Ubuntu 16.04 LTS supports snaps by default - you don’t have to do anything.
Installing the daemon
To install the Livepatch daemon, simply type:
sudo snap install canonical-livepatch
Almost there! You now have to enable the service with the token you got from the Livepatch portal:
sudo canonical-livepatch enable <token>
Once the service has checked your token, you should see the following message:
Successfully enabled device. Using machine-token: <token>
You can ensure that the Livepatch service is working properly by running:
canonical-livepatch status --verbose
Congratulations, you now have zero downtime kernel patching on your system!
If you have a problem, we’re ready to help! Check the following links:
- This datasheet contains more technical details and FAQs on the Canonical Livepatch service.