Last updated 2018/07/08
Objective
OVH Dedicated Servers are easily able to boot into a Linux operating system using an updated kernel with the netboot startup system. However, it's best practice to update the kernel on the local machine.
This guide will show you how to update the kernel for distributions that use an OVH core.
By default, all system snapshots offered on OVH Dedicated Servers use an optimised OVH core. If you have replaced these snapshots with your own distribution, please refer to your distribution’s official documentation.
OVH provides self-managed machines that you are responsible for administering. We have no access to these machines and therefore cannot manage them. It is up to you to ensure that your machine is secured and your software is up to date.
We have made this guide available to assist you in applying this update. However, we recommend that you contact a specialist provider if you are facing any issues or have any doubts about managing, using or securing your server.
Requirements
- an OVH Dedicated Server
- root access to the server via SSH
- a backup of your data (see the official documentation for your distribution)
Instructions
Identify the kernel
Find the version of your kernel by typing the following command:
uname -r
For example:
uname -r
4.09.76-xxxx-std-ipv6-64
In this case, the kernel version is 4.09.76-xxxx-std-ipv6-64.
Update the kernel using OVH packages
On Debian-based and RedHat-based distributions, the kernel is installed using the package manager.
Step 1: Update the kernel package
On Debian-based distributions, update the kernel package using the following command:
apt-get update && apt-get dist-upgrade
On RedHat-based distributions, update the kernel package using the following command:
yum update
Step 2: Reboot the server
In order for the modifications to take effect, you must reboot the server:
reboot
Update the kernel without using OVH packages
Step 1: Navigate to the correct directory
The kernel image must be placed in the following directory:
cd /boot
Step 2: Get the image
Without recompiling the kernel, download the appropriate bzImage version, ideally the latest one. You can find these images at the following address: https://last-public-ovh-kernel.snap.mirrors.ovh.net/builds/.
Kernels are monolithic, so they don’t take into account kernel modules, such as CEPH, NBD, ZFS...
Let’s return to our example. We have this kernel version: 4.09.76-xxxx-std-ipv6-64.
We therefore need to download the image using this command:
wget https://last-public-ovh-kernel.snap.mirrors.ovh.net/builds/4.9.118/313405/bzImage/4.9.118-xxxx-std-ipv6-64/bzImage-4.9.118-xxxx-std-ipv6-64
Step 3: Update the boot loader program (GRUB)
Update the boot loader program (GRUB) using the following command:
update-grub
The command should return the following:
Generating grub configuration file ...
done
Verify that the following file (required for the update) is present in your configuration: 06_OVHkernel. You can verify that the file is present by executing the following command:
ls /etc/grub.d/
Step 4: Reboot the server
In order for the modifications to take effect, you must reboot the server, using the following command:
reboot
Rollback
In the event that you make a mistake or receive an error, it's possible to rollback your changes. To do so, the server must be placed in Rescue mode. This will require you to mount your system using the following commands:
mount /dev/md1 /mnt
In this example, the root directory (or slash /) is named md1. Please note, the name can vary. To verify the name of your root directory, type the following command:
fdiskor lsblk
mount -o rbind /dev /mnt/dev
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
chroot /mnt
Navigate to the /boot directory and delete the last files installed (rmcommand). In our example, the following command is used:
rm bzImage-4.9.118-xxxx-std-ipv6-64
The boot loader (GRUB) must be updated again:
update-grub
Finally, exit Rescue mode (reboot to disk) and perform a soft reboot using the following command:
reboot
Verify that the update has been applied correctly.
Once the update is complete, verify the newly installed kernel version using the following command:
uname -r
You can refer to the website of your distribution’s vendor to verify if the new version of the kernel is patched to protect you against the Meltdown and Spectrum vulnerabilities.
If necessary, there are a number of tools (for example, this one: https://github.com/speed47/spectre-meltdown-checker) that identify if the kernel being used is vulnerable or not.
OVH cannot guarantee the reliability of any third-party tools and these should be used at your own risk.
Go further
Information on Meltdown and Spectre vulnerabilities.
Update following Meltdown and Spectrum vulnerabilities by operating system.
Join our user community on https://community.ovh.com/en/