search cancel

PAMSC Linux multiple kernel modules loaded at the same time

book

Article ID: 202991

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

recommended process is unload,  upgrade  PIM then upgrade kernel.  Some system fail to unload since the system call is busy with application.   So unload process is not reliable.   To increase reliability we Stop/disable PIM, Upgrade OS, reboot hosts and  upgrade PIM. This co-ordinated upgrade cause some challenges.

 

There was a talk to support multiple Kernel module Say current version loaded is seos_1410_0_1494 and I need to go to seos_1410_0_1500. If multiple module support exists. I can go to seos_1410_0_1500 and then let our Unix admin to upgrade OS at latter time  and reboot and delete seos_1410_0_1494

 

 

Environment

Release : 14.1

Component : PAM SERVER CONTROL ENDPOINT WINDOWS

Resolution

Before applying a kernel patch or upgrading to a new release, users can manually shut down PAMSC services and unload the kernel module.  If the kernel module is not unloaded successfully because it is still being used, the unload process will not unload it but disable it.  This means that any thread that is still running in the disabled kernel module will continue without any problem.  After applying the new patch or upgrading to a new version, user can start PAMSC that will automatically load the new kernel module.  This new kernel module will be the enabled kernel module.  This enabled kernel module can coexist with any disabled kernel modules.  When all threads running in a disabled kernel module exit, the kernel module becomes idle and can then be manually unloaded or will be unloaded by a background cleanup job run periodically.

 

While PAMSC is running, execute "secons -ik" will list all the loaded SEOS kernel modules, one enabled and any disabled.  Although the secons command provides two other options, -ek and -dk, to enable and disable a kernel module respectively, it is not recommended to do so by the user without consulting with PAMSC Support.

 

To answer the customer's question, there is no need to reboot if unload fails.  Simply apply the patch or upgrade to the new version.  Once applied or installed, it will be running with the new kernel module.