Anybody tried ksplice or something similar on UCS yet?
Short answer: Such a thing is not available with UCS right now to my knowledge, neither from Univention directly, nor via third parties.
Ksplice was bought by Oracle a couple of years ago. Ksplice offered free updates for some desktop-oriented distributions and paid ones for server distributions. Nowadays Ksplice only supports Oracle Linux for servers (some exceptions for existing customers apply) and offers free patches for Ubuntu and Fedora on Desktops.
KernelCare is another live patching provider supporting a couple of distributions. It does support Debian and while the kernel used in UCS 4.4 is now pretty close to a stock Debian 9 kernel, I doubt that it would work. But they don’t officially support UCS. (and it’s paid only to)
SUSE and Red Hat to some extent offer such updates for their distributions using kGraft and kpatch whose common code has been upstreamed (unlike ksplice). However access to said live patches is sometimes tied to additional subscriptions and specific releases.
I’m right now trying KernelCare on a test-system and asked them if it may be possible to add support for it… Direct support by univention would of course be better.
So… KernelCare actually works as intended on Univention. But as Univention itself has these “errata-updates” it doesn’t make much sense to use…
as it currently works additional apps make no sense on UCS. as the complexity to implement availability during updates is much higher than setting up docker-swarm and configuring everything myself.