I would be interested to hear the serverfault community's experiences with Ksplice in production.
Quick blurb from wikipedia:
Ksplice is a free and open source extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system.
and
Ksplice can, without restarting the kernel, apply any source code patch that only needs to modify the kernel code. Unlike other hot update systems, Ksplice takes as input only a unified diff and the original kernel source code, and it updates the running kernel correctly, with no further human assistance required. Additionally, taking advantage of Ksplice does not require any preparation before the system is originally booted (the running kernel does not need to have been specially compiled, for example). In order to generate an update, Ksplice must determine what code within the kernel has been changed by the source code patch.
So a few questions:
How has the stability been? any odd issues that you have encountered with its 'rebootless live patching' of the kernel? Kernel panics or horror stories?
I have been running it on a few test systems and so far its been working as advertised, but I am interested in what other sysadmins experiences have been with Ksplice before going 'all in' and deploying this on our production servers.
So, anybody using Kspice in production?
update: hmm, not seeing any real activity on this question after a couple of hours (besides some kind upvotes and favs). Maybe to spark some activity I'll also ask a few more questions and see if we can get this discussion going...
"If you are aware of Ksplice, is there a reason you are not using it?"
"Do you feel its still too bleeding edge, unproven or untested?"
"Does Ksplice not fit well within your current patch-management system?"
"Do you hate having systems that have long (and secure) uptimes?" ;-)
