A new feature is being added to the "edpm_update" ansible role in order to leverage kpatch (live kernel update). Proper documentation must be created.

Here's a bit of context and data to make writing the doc easier:

By default, the feature is disabled, the user has to pass a new parameter to the service: edpm_update_enable_kpatch: true

Toggling this boolean will disable kernel and kernel-core package update in the run, and install the valid kpatch-patch-KERNEL_VERSION package instead.

Note that live patches like that are more for a "quick way to fix a bug or a CVE", but is in no way a 1:1 replacement to a proper kernel and system update. In case a user wants to address a CVE or a bug via kpatch, they want to check the kpatch content in the Red Hat Errata to ensure the package fixes the needed issue.

References:

• Red Hat Live Kernel patching: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/applying-patches-with-kernel-live-patching_managing-monitoring-and-updating-the-kernel