Question

Do you update kernels sometimes?

  • Posted September 24, 2012

Hello, the question is in the title. I’m asking this because in past (this summer), I had a VPS, based on openvz technology, and the kernel was terribly old (2.6.18) and I had Ubuntu 11.10 but I was unable to upgrade to 12.04 LTS directly because of the kernel. (I was able to bypass this by doing a “apt-add-repository ppa:izx/ovz-libc” but i searched a couple of hours). I decided to quit because mysql server 5.5 never wanted to install (even with 512 ram, so probably because of the old kernel), and your VPS, even with 256 mb, installs it without problem. Also, is there a kernel by OS or the server runs its own kernel and VPS inherits it (like openvz)?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Any update on this issue? I am trying to install services that require a more recent kernel than the ancient one provided. It also isn’t in the dropdown list. Please advise.

I’d like to add my voice to the chorus of disappointment here. I’m concerned, even more generally, at DO’s bootloading procedure. And since they have disabled access to iPXE (during the power up) – which was working about a year ago – DO users are further hobbled, not helped.

BTW, the disabling of iPXE for pxe boots happened within 3 days of a video hitting youtube which described how to pxe boot a droplet (Shane Spencer, “Digital Ocean: Droplet iPXE install of Debian Linux 7.0 Minimal”, https://www.youtube.com/watch?v=hd0Ln2jL8Lo).

I’m also disappointed at the way DO handles informing users of what is going on related to something they ask about on community or (formerly?) uservoice. It usually goes like this. Someone, like Moisey, will say on a discussion group that they plan to roll out an enhancement/fix for X in N months; N months go by, then someone (or more people) ask what is the status of the enhancement/fix; there is no response from DO; you go out and ask about it on, say, Twitter; no response or an evasive response. It gets tiring.

I too tried to follow to procedure at https://www.digitalocean.com/community/tutorials/how-to-update-a-digitalocean-server-s-kernel-using-the-control-panel but was unable to upgrade the kernel after going from debian wheezy to jessie. I don’t know if it’s something I’m doing wrong, or if it’s simply not supported.

This is mind blowing. We can’t update kernels on our own? A patched kernel should be deployed within hours of a vulnerability - not weeks or months.

This is possibly the largest oversight of any vendor I’ve ever seen. Even no-named web hosts have this capability. Good luck when millions of droplets fall victim to a kernel exploit only to find out DigitalOcean isn’t concerned about patching kernels.

Bad news for your lawyers, too. You’ve documented that you know about this issue and you’re not prioritizing it. It’s been two years since this has been made public but still no movement.

My business is adding several servers a month - they will no longer be at DigitalOcean. Anyone at least slightly concerned with security should be removing their DigitalOcean servers immediately. With two CentOS kernel exploits just in the past two weeks, it’s completely unacceptable to rely on your platform to patch it when there are several already working alternatives provided by CentOS itself.

Again - my mind is blown…

After making the case to a client to start using DigitalOcean, I’m embarrassed to discover that providing the latest kernels to users isn’t much of a priority. Indeed, as Colin stated earlier, ‘this is a biggie guys’.

I’ve just seen this thread after wasting an afternoon trying to work out why I couldn’t get our kernels to update from yum :/ I hadn’t even realised we couldn’t till now, just assumed that as DO run KVM we should be OK. <br> <br>This is a biggie guys - I entirely agree with the views expressed above. Saying “we’re going to do it” for 6 months is pretty poor customer relations - can you at least give an updated ETA and explanation of where the problems are? <br> <br>I do appreciate that you are at least keeping your Kernel list pretty current, for CentOS anyway - I also use other providers who don’t which is a real nightmare. However, it is still a pain (and a potential way to expose vulnerabilities) to have to remember, check and manually update all VMs periodically. It would really be good to have direct control for messing with non-standard kernels, and ideally also automatically just through yum’s updates - is that the plan? <br> <br>

on ubuntu 12.04LTS there is a few pretty serious upgrades out there waiting too. <br> <br>this is really disappointing and troubling at the same time.

I’m completely agree with Alex… CentOS Kernel has a few critical vulnerabilities.

I’ve been hearing “we will update the kernels soon” for 6 moths now, and I’m still limited to using an ancient kernel on my Centos systems. <br> <br>Please realise that kernels are very much a moving target, and you should be making updated kernels available pretty well as soon as they’re released. Not doing so has huge security implications.

Any update on this? Need to trial mptcp and I guess I still have to go elsewhere to install a custom kernel?