OS Linux Kernel Patching using ChAI
Last updated
Last updated
Kernel patching in SUSE Linux systems is a critical maintenance task that ensures system stability, security, and performance. Regular updates address vulnerabilities, enhance compatibility, and improve overall system functionality. SUSE Linux Enterprise Server (SLES) supports Live Patching (using kGraft) to apply kernel updates without rebooting, minimizing downtime. Alternatively, traditional patching methods require scheduling a maintenance window, downloading the latest patches via zypper, and performing a controlled reboot if necessary. Proper planning and automation are essential for seamless kernel patching in enterprise environments.
IT-Conductor ChAI (Change Automation Intelligence) simplifies and automates the kernel patching process in SUSE Linux environments. By integrating with IT-Conductor's orchestration and monitoring capabilities, ChAI enables IT teams to schedule, deploy, and verify kernel updates with minimal manual intervention. ChAI uses zypper to apply patches, which requires a system reboot to complete the update. The platform ensures compliance by tracking patch history, automating approvals, and providing real-time reporting. With ChAI, organizations can streamline SUSE kernel patching while reducing risks and maintaining system uptime.
Before patching, the Linux system must be registered in IT-Conductor for monitoring. See for more details.
A user with root access is required to register a Linux system in IT-Conductor.
Visit and enter your login credentials.
Navigate to Dashboards → Configuration Management Automation Dashboard
Locate the Patch Suse OS Kernel panel and click the title to access the wizard.
Fill out all the necessary information in the Patch Suse OS Kernel wizard.
Linux System - refers to the Linux system that will be updated. Select a previously configured Linux system from the dropdown menu.
OS Kernel Patch Version - refers to the new version to which the selected Linux system will be patched.
Reboot after patching? (optional) - enables automatic system reboot after applying the patch. Some patches require a reboot to take effect.
Click the process name in the list, then select Process Viewer from the object menu to see the progress of the workflow.
Monitor the status of the process until completion.
b. The process will be complete once all the process definition boxes have turned green. The process should be ready in approximately 10 minutes.
Alternatively, you can connect to one of the SUSE virtual machines (VMs) via SSH and check the version number by issuing the following command:
Click the Checkout Service Request icon.
Click the icon to continue. This will start the process definition.
If any of the process definitions fail, click the icon next to the activity name, select Log from the object menu, and then troubleshoot accordingly.
Verify that the patching was successful by clicking on the View Patched Version process definition box, and then click on the View Execution Log icon. In the dialog box, you’ll see the patched version that you updated to.
