SOLVED Update kernel after removing KernelCare

[rs200]

Hello,

i recently removed the kernelcare license from my VPS with cPanel installed.

The system kernel is now 3.10.0-327.4.4.el7.centos.plus.x86_64. Security advisor advices me that is up-to-date.

I have some doubt regarding that the kernel is real updated, because the last version of CentOS 7 kernel is 3.10.0-1062 while i have the 3.10.0-327.

I need to update the kernel to 3.10.0-1062 version or the 3.10.0-327 is secure?

In case, do i need to run this command

# yum -y update kernel

and after, reboot the system?

 

[cPanelLauren]

That's exactly what you would do, once you reboot it should boot into the new kernel.

 

[rs200]

Thanks cPanelLauren,

for rebooting, do i need a forceful or just a graceful?

 

[cPanelLauren]

A graceful reboot would be enough.

 

[rs200]

I have done the update via SSH and the console showed me

No packages marked for update

Can't understand why the version is 3.10.0-327.4.4.el7.centos.plus.x86_64 and it's not possible to update it

 

[cPanelLauren]

Hi @rs200

I'd wager that your grub config is set to load the incorrect kernel. You'd need to identify the kernel boot order and set it to boot the most recent kernel to resolve this. CentOS has some instructions on this here: HowTos/Grub2 - CentOS Wiki

The following will tell you the menuentry for each kernel on the system:

awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg

Feel free to reply back with the output of that if you'd like.

 

[rs200]

Hi @cPanelLauren

there is not that file on my VPS, maybe because i have CentOS Plus...

Instead, there is a grub2.conf file, which is a symlink that point to /boot/grub/grub.conf file

The content of that file is

title CentOS Linux (3.10.0-1062.4.1.el7.centos.plus.x86_64) 7 (Core)
        root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.4.1.el7.centos.plus.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.4.1.el7.centos.plus.x86_64.img
title CentOS Linux (3.10.0-1062.1.2.el7.centos.plus.x86_64) 7 (Core)
        root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.1.2.el7.centos.plus.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.1.2.el7.centos.plus.x86_64.img
title CentOS Linux (3.10.0-1062.1.1.el7.centos.plus.x86_64) 7 (Core)
        root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.1.1.el7.centos.plus.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.1.1.el7.centos.plus.x86_64.img
title CentOS Linux (3.10.0-957.27.2.el7.centos.plus.bug16242.x86_64) 7 (Core)
        root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-957.27.2.el7.centos.plus.bug16242.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-957.27.2.el7.centos.plus.bug16242.x86_64.img
title CentOS Linux (3.10.0-327.4.4.el7.centos.plus.x86_64) 7 (Core)
        root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-327.4.4.el7.centos.plus.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-327.4.4.el7.centos.plus.x86_64.img

There is another file grub.conf.kvm in /boot/grub directory and the content is

title CentOS Linux (3.10.0-327.4.4.el7.centos.plus.x86_64) 7 (Core)
        root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-327.4.4.el7.centos.plus.x86_64 root=/dev/sda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-327.4.4.el7.centos.plus.x86_64.img

 

[cPanelLauren]

Hello,

Thanks for that, the issue isn't the CentOS kernel it's more than likely something specific to KVM, my test server has a similar configuration.

In /boot/grub/ is there no cfg file just a conf file?

In /boot/grub/grub.conf what is the default? You can paste the whole top portion until you get to titles in here.

Essentially you want to set the default to whatever the recent kernel is (though technically the newest kernel should be displayed as 0 in this file but I'll get to that in a minute)

My assumption is that based on what you've shown the default is set to 0 and the newest kernel is 1 - more than likely changing this to 1 then rebooting will allow you to boot into the newest kernel.

For example my server is running the following kernel:

[[email protected]]# uname -r
3.10.0-957.27.2.el7.x86_64

[[email protected] grub2]# cat /boot/grub/grub.conf

#
## Note that you do not have to rerun grub after making changes to this file
## NOTICE:  You do not have a /boot partition.  This means that
##          all kernel and initrd paths are relative to /, eg.
##          root (hd0,0)
##          kernel /boot/vmlinuz-version ro root=/dev/sda1
##          initrd /boot/initrd-[generic-]version.img
##boot=/dev/sda
default=3
timeout=10
#splashimage=(hd0,0)/boot/grub/splash.xpm.gz
#
title CentOS Linux (3.10.0-1062.4.1.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.4.1.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.4.1.el7.x86_64.img
title CentOS Linux (3.10.0-1062.1.2.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.1.2.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.1.2.el7.x86_64.img
title CentOS Linux (3.10.0-1062.1.1.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.1.1.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.1.1.el7.x86_64.img
title CentOS Linux (3.10.0-957.27.2.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-957.27.2.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-957.27.2.el7.x86_64.img
title CentOS Linux (3.10.0-957.21.3.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-957.21.3.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-957.21.3.el7.x86_64.img

My grub.conf notes that my default is 0 which isn't actually the newest kernel available. To resolve this I modify that default, set to the newerst kernel on the system which is 0 and reboot, then check the kernel version once it's booted.

[[email protected] ~]# uname -r
3.10.0-1062.4.1.el7.x86_64

For the cleanup, as you can see I have quite a few older kernel versions present. Now once I'm on the latest kernel I have available and I'm sure everything is good, you can do the following to remove older kernels.

You can do this using yum-utils and the process is as follows:

yum install yum-utils

If it's already installed, no worries, it'll tell you it's installed and at the latest version.

Then run the following to clean up the packages - I keep the last 3 kernel versions present and I'd recommend you keep at least two but this number can be whatever you'd like.

package-cleanup --oldkernels --count=3

Once that's done you should be able to see that you only have three of the most recent kernels installed:

[[email protected] ~]# rpm -qa |grep kernel
kernel-headers-3.10.0-1062.4.1.el7.x86_64
kernel-tools-3.10.0-1062.4.1.el7.x86_64
kernel-3.10.0-1062.1.2.el7.x86_64
kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64
kernel-3.10.0-1062.4.1.el7.x86_64
kernel-3.10.0-1062.1.1.el7.x86_64

And that the grub.conf file has also been updated accordingly:

[[email protected] ~]# cat /boot/grub/grub.conf

#
## Note that you do not have to rerun grub after making changes to this file
## NOTICE:  You do not have a /boot partition.  This means that
##          all kernel and initrd paths are relative to /, eg.
##          root (hd0,0)
##          kernel /boot/vmlinuz-version ro root=/dev/sda1
##          initrd /boot/initrd-[generic-]version.img
##boot=/dev/sda
default=0
timeout=10
#splashimage=(hd0,0)/boot/grub/splash.xpm.gz
#
title CentOS Linux (3.10.0-1062.4.1.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.4.1.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.4.1.el7.x86_64.img
title CentOS Linux (3.10.0-1062.1.2.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.1.2.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.1.2.el7.x86_64.img
title CentOS Linux (3.10.0-1062.1.1.el7.x86_64) 7 (Core)
    root (hd0,0)
        kernel /boot/vmlinuz-3.10.0-1062.1.1.el7.x86_64 root=/dev/vda1 console=tty0 ro vconsole.keymap=us vconsole.font=latarcyrheb-sun16 LANG=en_US.UTF-8 net.ifnames=0 biosdevname=0 nomodeset
        initrd /boot/initramfs-3.10.0-1062.1.1.el7.x86_64.img

 

[rs200]

Hello @cPanelLauren,

i have modified the default to 0 (old value was 4) and then rebooted.

Now the actual kernel is 3.10.0-1062.4.1.el7.centos.plus.x86_64 which is the latest version.

I'll do a cleanup of the old kernels.

Thank you so much for your patience

 

[cPanelLauren]

No problem! I'm happy I could help!