SUSE Linux Enterprise Live Patching
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 Service Pack 2 (SLES 12 SP2)
SUSE Linux Enterprise Server 12 Service Pack 3 (SLES 12 SP3)
SUSE Linux Enterprise Server 12 Service Pack 4 (SLES 12 SP4)
SUSE Linux Enterprise Server 15
Customer is using SUSE Linux Enterprise Live patching and receives the updates through SCC.
It would be desired to prevent regular (non-live) kernel patches from being installed. Masking them would avoid installing them accidentally.
The non-live kernel packages should be masked during the patching cycle by running:
# zypper addlock kernel-default
or (using abbreviations):
# zypper al kernel-default
This results in zypper command omitting packages named kernel-default-<version> during "zypper up" or "zypper patch" commands.
In the even of new non-live patches available during a patching action, the following message (or similar) will be displayed:
The following 2 items are locked and will not be changed by any action
kernel-default-XXXX kernel-default-YYYY ....
However, the patches containing the kgraft string will be installed, with the following message:
The following package is going to be upgraded:
By default, both kernel live and non-live patches are available for the systems.
The problematic explained in this TID can be bypassed by having a server lifecycle management tool, such as SUSE Manager. Repositories and/or patches can be easily masked as desired with this product.
All locks can be shown by simply running:
Locks can be removed by running:
zypper removelock package-name
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.