ClickCease Automating Your Live Patch Management with APIs

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Automating Your Live Patch Management with APIs

Nikos Mavrogiannopoulos

February 24, 2023 - Director of Product, TuxCare

KernelCare Enterprise enables organizations to rapidly patch Linux kernel and critical userspace library vulnerabilities on enterprise Linux environments without requiring kernel restarts or system downtime. It comes with TuxCare ePortal, which allows teams to apply live patches into on-premises systems according to their patch rollout policy and other advanced patch management use cases.

While TuxCare ePortal enables organizations to create their own rollout policy and manage all aspects of their Linux live-patched estate, many of our customers prefer to integrate its functionality into their existing tooling using an API. With the release of ePortal 1.43, we now provide a comprehensive API to integrate ePortal’s functionality into one’s environment. In this post we introduce the new API functionality of ePortal.

What Is TuxCare ePortal? 

TuxCare ePortal is the web management console for advanced KernelCare Enterprise live patch management. Once deployed, it provides administrators with a central management interface to register Linux systems for live patching and a central repository that live patches are distributed from. ePortal regularly receives its updates from the main TuxCare live patch server.

The ePortal interface allows administrators to monitor their live-patched estate and organize it into feeds that can be manually patched or assigned an automatic patch rollout policy. Due to its abstract treatment of feeds, any patch rollout policy can be implemented – giving administrators a flexible tool to implement their organizational policy.

Managing and Automating with APIs

At the same time, a web interface provides a solution for some administrators, but when full automation is the goal, an approach that can be easily integrated by existing applications is necessary. ePortal 1.43 comes with a set of REST APIs designed to be integrated with automation tools. These APIs enable the following functionality:

  • creating a new client enrollment key
  • creating a new feed
  • associating a key with a feed
  • listing and updating the available feeds
  • listing servers and their details
  • listing available live patch sets.
  • listing administrator users and their permissions
  • attaching tags to a system
  • listing the tags from a system

As such, tasks that previously required interacting with the web interface can now be integrated with your system management tools, simplifying and automating your workflows.

Getting Started with the APIs: Getting a List of Servers

Let’s walk through how we can get the list of servers connected to ePortal using the APIs. For our small demo, we will use the widely available curl application. We are assuming that the ePortal server is present on the “eportal.example.com” server.

$ curl --user api-admin:api-admin-password -X GET https://eportal.example.com/admin/api/servers

{
"count": 42,
"limit": 10,
"offset": 0,
"result": [
{
"id": "99c97tz44uKX13b5",
"ip": "10.51.16.72",
"hostname": "localhost.localdomain",
"key": "some-key",
"feed": "main",
"registered": "2021-04-08 16:43:23.907671",
"checkin": "2021-07-12 17:35:56.065077",
"updated": "2021-06-01 16:37:03.000000",
"euname": "3.10.0-1160.25.1.el7",        // effective kernel version
"release": "3.10.0-957.5.1.el7.x86_64",  // installed kernel version
"kernel_id": "9647204d2708cad906a75944ee56ac68fc5b5704",
"patch_level": 49,
"patch_type": "default",
"tags": null,
"uptime": 6394092,
"version": "#1 SMP Fri Feb 1 14:54:57 UTC 2019",
"virt": "kvm",
"kcare_version": "2.44-2",
"distro": "CentOS Linux",
"distro_version": "7.6.1810",
"machine": "x86_64",
"processor": "x86_64"
},
...
]
}

The command above asked TuxCare ePortal for the list of servers that are live patched by it. The result is in JSON format and includes the number of total servers as well as information for each individual server. You can find more information about the available APIs and how to use them with your preferred IT automation tool on the ePortal API documentation pages.

How Can You Get the Latest Version of ePortal?

You can use your operating system’s update commands to upgrade the TuxCare ePortal to the latest version as shown below.

Red Hat / AlmaLinux / CentOS

$ sudo yum update -y kcare-eportal

Ubuntu

$ sudo apt-get update
$ sudo apt-get install -y kcare-eportal

Alternatively, use the instructions from the documentation to install ePortal.

Happy live patching!

Summary
Automating Your Live Patch Management with APIs
Article Name
Automating Your Live Patch Management with APIs
Description
With the release of ePortal 1.43, TuxCare now provides a comprehensive API to integrate ePortal’s functionality into one’s environment.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter
Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter
close-link