How to Set Patch Sync Filters

babak.k.shandiz · May 31, 2023, 12:21pm

Livepatch on-prem enables users to synchronise with the hosted server, and this synchronisation process is configurable.

The primary synchronisation filters are:

System architecture for limiting patches via architecture
Flavours for limiting the kernel flavour
Minimum kernel version, only allowing versions greater than the minimum to be sychronised.

Based on the deployment method, below are various ways of setting sync filters.

Reactive Charm

To check if you are running the reactive charm run juju status and look for the charm channel. Any channel including latest/* e.g. latest/stable is a Reactive charm.

Livepatch’s older reactive charm can be configured as described below.

juju config livepatch \
    sync_flavors=generic,lowlatency,aws \
    sync_architectures=amd64,s390x \
    sync_minimum_kernel_version=5.4.0

Operator Framework charm

As described above, run juju status and look for the charm channel to identify the charm. Any channel including ops1.x/* e.g. ops1.x/stable is a Operator Framework charm.

Livepatch’s newest Operator Framework charm can be configured as described below.

juju config livepatch \
    patch-sync.flavors=generic,lowlatency,aws \
    patch-sync.architectures=amd64,s390x \
    patch-sync.minimum_kernel_version=5.4.0

Snap

The Livepatch Server Snap can be configured as follows

sudo snap set canonical-livepatch-server patch-sync.flavors=generic,lowlatency
sudo snap set canonical-livepatch-server patch-sync.architectures=amd64,s390x
sudo snap set canonical-livepatch-server patch-sync.minimum_kernel_version=6.8.0

Config Explained

The table below explains the format for each config option. The format is identical across all deployment methods.

Parameter	Description
`flavors`	Comma-separated list of kernel flavors to download patches for.
`architectures`	Comma-separated list of kernel architectures to download patches for.
`minimum_kernel_version`	A minimum kernel version of format “0.0.0” denoting the lowest kernel version to download patches for.

maarten256 · December 3, 2023, 4:23pm

I found that in my livepatch deployment, those parameters do not exist. Instead I find:

patch-sync.architectures
patch-sync.flavors
patch-sync.minimum-kernel-version

Maybe I have a different version of livepatch or something?

kian-parvin · December 4, 2023, 7:10am

Hi @maarten256, are you using the Livepatch server snap or charm (and if the charm, from which channel)?

We currently have a few versions of the server charm because of changes to Juju’s charm framework over the years.

The oldest and stable version of the on-prem charm is available from https://charmhub.io/canonical-livepatch-server in the `latest/stable channel.
Then we have 2 new versions of the charm that use the latest operator framework. These are the kubernetes charm, and a machine charm which is available at the same link as above but will be found in the ops1.x/latest channel when we publish it there (currently only available in ops1.x/edge`).

I mention the above because our config has undergone some change and once we fully publish the new charm some doc pages like this one will need to change. But as you’ve been able to tell, the differences are fairly easy to spot so I hope that gives some context to what you’re seeing.

maarten256 · December 6, 2023, 5:04am

Hi @kian-parvin,

I’m using the charm, and I am on the stable channel:

canonical-livepatch-server-k8s latest/stable

So that explains it!

whershberger · July 19, 2024, 3:45pm

It would be helpful if this doc page included the relevant commands for snap deployments as well:

sudo snap set canonical-livepatch-server patch-sync.flavors=generic
sudo snap set canonical-livepatch-server patch-sync.architectures=amd64
sudo snap set canonical-livepatch-server patch-sync.minimum_kernel_version=6.8.0

kian-parvin · July 22, 2024, 7:50am

Good idea, I’ve added this. Thanks!