Complex Enterprise environments that wish to follow their own rollout policy and remain in control of which machines will get updated and when, can now take advantage of Canonical Livepatch on-prem. The Livepatch on-prem service regularly syncs with the central Canonical Livepatch server and obtains the latest patches. It then deploys the patches gradually in as many stages as required.
The service is easily deployable with juju on any environment from the public cloud of your choice to a VM using the juju framework. Once deployed it can be connected to the Canonical livepatch service with an Ubuntu Advantage token, and can be configured to perform patch deployment according to a predefined set of policies. The deployment of the livepatches is performed in multiple tiers with the first tier receiving the available patches unconditionally while the next tiers being promotion tiers under the control of the administrator. That approach allows for a risk-based deployment that keeps the most important systems as the last tier, or for cohort deployment where clusters of systems are patched gradually to keep the expected availability. The livepatch client systems are associated with each tier by assigning them a corresponding token for that tier, a token issued by the server.
The server can handle thousands of clients in a single CPU system, and it requires access to storage space of a few gigabytes, to store the patches. There are multiple supported storage backends, such as the local filesystem, OpenStack Object Storage (“Swift”), S3, minio or postgresql. You can find more detailed instructions on deploying and configuring livepatch on-prem on our website.
Canonical Livepatch on-prem is available with an Ubuntu Advantage subscription.
|2||patch_storage/s3||Using S3 for patch storage|
|1||patch_health||Patch Health reports|
|1||upgrading||Upgrading a deployment|