OS Linux Kernel Patching using ChAI

Kernel patching in SUSE Linux systems is a critical maintenance task that ensures system stability, security, and performance. Regular updates address vulnerabilities, enhance compatibility, and improve overall system functionality. SUSE Linux Enterprise Server (SLES) supports Live Patching (using kGraft) to apply kernel updates without rebooting, minimizing downtime. Alternatively, traditional patching methods require scheduling a maintenance window, downloading the latest patches via zypper, and performing a controlled reboot if necessary. Proper planning and automation are essential for seamless kernel patching in enterprise environments.

IT-Conductor ChAI (Change Automation Intelligence) simplifies and automates the kernel patching process in SUSE Linux environments. By integrating with IT-Conductor's orchestration and monitoring capabilities, ChAI enables IT teams to schedule, deploy, and verify kernel updates with minimal manual intervention. ChAI uses zypper to apply patches, which requires a system reboot to complete the update. The platform ensures compliance by tracking patch history, automating approvals, and providing real-time reporting. With ChAI, organizations can streamline SUSE kernel patching while reducing risks and maintaining system uptime.

Prerequisites

  • Before patching, the Linux system must be registered in IT-Conductor for monitoring. See Unix/Linux System Monitoring for more details.

  • A user with root access is required to register a Linux system in IT-Conductor.

Update Kernel Patching for Linux SUSE Systems using IT-Conductor ChAI

  1. Visit service.itconductor.com and enter your login credentials.

  2. Navigate to Dashboards → Configuration Management Automation Dashboard

  3. Locate the Patch Suse OS Kernel panel and click the title to access the wizard.

Figure 1: Configuration Management Automation Dashboard
  1. Click the Checkout Service Request icon.

Figure 2: Path Suse OS Kernel Details Screen
  1. Fill out all the necessary information in the Patch Suse OS Kernel wizard.

Figure 3a: Patch Suse OS Kernel Wizard (Input Parameters Screen)
  • Linux System - refers to the Linux system that will be updated. Select a previously configured Linux system from the dropdown menu.

  • OS Kernel Patch Version - refers to the new version to which the selected Linux system will be patched.

  • Reboot after patching? (optional) - enables automatic system reboot after applying the patch. Some patches require a reboot to take effect.

  1. Click the icon to continue. This will start the process definition.

Figure 3b: Patch Suse OS Kernel Wizard (Instantiate Process Definition Screen)
  1. Click the process name in the list, then select Process Viewer from the object menu to see the progress of the workflow.

Figure 3c: Patch Suse OS Kernel Wizard (Selecting Process Viewer Screen)
  1. Monitor the status of the process until completion.

    1. If any of the process definitions fail, click the icon next to the activity name, select Log from the object menu, and then troubleshoot accordingly.

Figure 4a: Suse Patch OS Kernel Process Definition (Failed Screen)

b. The process will be complete once all the process definition boxes have turned green. The process should be ready in approximately 10 minutes.

Figure 4b: Suse Patch OS Kernel Process Definition (Completed Screen)
  1. Verify that the patching was successful by clicking on the View Patched Version process definition box, and then click on the View Execution Log icon. In the dialog box, you’ll see the patched version that you updated to.

Figure 5: View SUSE Version in IT-Conductor
  1. Alternatively, you can connect to one of the SUSE virtual machines (VMs) via SSH and check the version number by issuing the following command:

uname -r
Figure 6: SUSE VM (Printing Linux Kernel Version)

Last updated