Feature Overview

This feature aims to introduce kernel live patching (kpatch) support within Red Hat OpenStack Services on OpenShift (RHOSO) environments. Kernel live patching enables the application of critical security updates and bug fixes to the kernel without requiring a system reboot. This feature will provide RHOSO users with the ability to apply important patches promptly, especially in situations where immediate rebooting is not feasible, ensuring minimal disruption to running workloads.

In the context of RHOSO there are 3 types of releases that could be applicable:

• async release: any release that needs to be shipped ASAP without a full cycle or planned cadence
• bugfix updates: Periodic updates to resolve bugs or CVEs in the RHOSO codebases. These will generally also pick up fixes in the underlying products (RHEL, for example) and will often resolve container grades as well.
• Feature Updates/Feature Packages: Periodic releases that incorporate fixes from all types of releases above

Goals

The primary beneficiaries of this feature are RHOSO users, particularly system administrators and operators responsible for maintaining OpenStack environments. With kernel live patching support, users can swiftly apply critical updates to the kernel without interrupting running workloads, thereby reducing downtime and enhancing system availability.

The key difference between the current state and the implementation of this feature lies in the ability to address security vulnerabilities and bugs in the kernel promptly and efficiently, minimizing the impact on operations and ensuring continuous service availability.

Requirements

Out of Scope

This feature does not encompass the development of custom live patches or support for third-party live patching solutions. Additionally, it does not address issues related to non-Red Hat-provided kernel live patches.

Background, and Strategic Fit

Those involved in implementing this feature need to understand the concept of kernel live patching, its limitations, and the specific requirements for integrating it within RHOSO environments. Strategic fit involves aligning the feature with Red Hat's commitment to providing robust and secure solutions for its customers.

Assumptions

Assumptions include prerequisites such as compatible hardware and software configurations for kernel live patching. Additionally, it is assumed that users have a basic understanding of system administration tasks and the implications of applying live patches to the kernel.

Customer Considerations

Considerations include the impact of this feature on different customer environments, potential upgrade considerations, and ensuring compatibility with existing hardware and software configurations.

Documentation Considerations

Documentation should include educational materials, reference guides, and release notes for users/administrators. Success is achieved when users can easily understand and implement kernel live patching within RHOSO environments. Doc impact includes new content creation and updates to existing documentation.

References:

1. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/applying-patches-with-kernel-live-patching_managing-monitoring-and-updating-the-kernel
2. https://www.kernel.org/doc/html/latest/livepatch/livepatch.html

Interoperability Considerations

This feature may impact other products within the Red Hat portfolio, especially those that rely on RHOSO environments. Interoperability test scenarios should be conducted to ensure seamless integration with other Red Hat products and versions.

Questions