Difference between revisions of "Kernel"

From Atomicorp Wiki
Jump to: navigation, search
(Upgrading the kernel)
m (RHEL7/Centops 7)
 
(71 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Abstract ==
+
= Activating Kernel Protection =
 
+
This is a very very basic attempt to describe how the kernel is implemeted on redhat/fedora/centos for those people whom are in environments where someone tried to be "helpful" by removing the native distros kernel and replace it with their own. This is NOT an article for VPS users, because you dont have a kernel and theres nothing you can do. As a side note, this is not a replacement for the real documentation in the linux kernel, they are just my personal observations and are subject to error. This is not linux canon. You have been warned.
+
  
 
== Overview ==
 
== Overview ==
  
The kernel installation/upgrade process is for the most part completely automated. Upgrade events are capable of reading the existing configuration information, and adding them to the boot loader.  
+
[[ASL]] includes a special secure kernel, that will proactively protect your system from many different classes of attack.
  
'''Major components'''
+
Please be sure to read the [https://www.atomicorp.com/wiki/index.php/ASL_3.2_Virtualization_Notes ASL 3 Virtualization Notes] for special information about using the kernel with different Virtualization technologies.
  
Kernel, usually /boot/vmlinuz-XXXX
+
== Checking to see if the ASL kernel is installed ==
  
Ram Disk, usually /boot/initrd-XXXX
+
Check your rpm repository to see if the kernel is installed:
  
Modules, usually /lib/modules/XXXX
+
rpm -qa kernel-asl
  
Boot loader, usually Grub (/etc/grub.conf which is a symlink to /boot/grub/menu.lst)
 
  
Module configuration information, /etc/modprobe.conf, or /etc/modprobe.d/*
+
If you have the ASL kernel installed, you will see a series of kernel names with "asl" in them, similar to this:
  
 +
<pre>
 +
kernel-asl-4.14.26-3791.el6.art.x86_64
 +
kernel-asl-4.14.28-3927.el6.art.x86_64
 +
kernel-asl-4.14.13-3308.el6.art.x86_64
 +
kernel-asl-4.14.27-3910.el6.art.x86_64
 +
kernel-asl-4.14.30-3955.el6.art.x86_64
  
'''Minor componets'''
+
</pre>
  
New-kernel-pkg, /sbin/new-kernel-pkg
+
If you do not see any output, then you need to install the ASL kernel.
  
Kenel configuration file (used by new-kernel-pkg), /etc/sysconfig/kernel
+
== How to tell if you are running the ASL kernel ==
  
mkinitrd config directory (depends on distro), /etc/sysconfig/mkinitrd/
+
You can tell if you are running an ASL kernel with this command:
  
 +
uname -a
  
 +
If you are running the ASL kernel, you should see a kernel name with "'''art'''" in the title, for example:
  
== Boot Process ==
+
Linux www.atomicorp.com 4.14.13-3308.el6.art.x86_64 #1 SMP Fri Jan 19 09:51:23 EST 2018 x86_64 x86_64 x86_64 GNU/Linux
  
1) Grub is configured to load a specific kernel
 
  
2) Kernel boots, this loads the initrd ramdisk
+
'''If you do not see a kernel name with "art" in the title then you are not running the ASL kernel.'''  If you see "art" in the title, then you are running the ASL kernel.
  
3) initrd contains the modules needed to read core hardware, like the disks. This is generally where mayhem happens.
+
== Installing the ASL kernel ==
  
4) System mounts disks and goes multi-user, remaining modules like the ethernet controller, lm_sensors, firewall modules, are loaded dynamically
+
The [[ASL]] kernel is normally installed, by default, by the ASL installer. 
  
 +
=== If you have not run the ASL installer ===
  
== Initial Installation Process ==
+
If the kernel is not installed, '''and you have not run the ASL installer''', run the ASL installer. 
  
This is all pretty amazing and I'm completely underselling it. Basically the Red Hat OS installer does some really impressive work, its called anaconda and you can read more about it [http://fedoraproject.org/wiki/Anaconda here]. In brief, the system boots off of an installer kernel, and anaconda interrogates the system to populate the modprobe configuration file mentioned above. Its the only thing I know of that can actually figure out what the hardware is on a box without human intervention.
+
=== If you have run the ASL installer ===
  
Modprobe is what loads the kernel drivers for everything on the box, like the disks or the network card, and the modprobe.conf/modprobe.d part is only configured through anaconda. If you dont go through anaconda, then you dont get these configs for your hardware, and if you dont have these configs a normal upgrade wont work.
+
If you have run the ASL installer, and the kernel is not installed follow this process:
  
Let me reiterate this, if you're in an environment where someone thought they were doing you a favor by not putting their own kernel on a system from a disk image (1&1, and ovh, I mean YOU), well they '''arent'''. You're about to take the first step down the long road of becoming a kernel/hardware expert. There is no automated way, short of re-imaging the box (and thereby running anaconda again) to resolve this.
+
'''Step 1)'''  
  
== Upgrade Process ==
+
==== OpenVZ/Virtuzzo ====
  
Assuming you've got a healthy, normal system, its largely automated. At most I generally only interact with the system at the grub level, using tricks like --once to boot kernels in test mode. That aside, heres what happens when you upgrade the kernel with yum.
+
If you are using a [[VPS]] technology, such as virtuzzo or openvz, and you are installing ASL inside a VPS you will not be able to install a kernel. This is not limited to the ASL kernel, you can not install a kernel inside a VPS. VPS' do not have their own kernel, they share the hosts single kernel, and you can not replace or modify that kernel from inside a VPS.
  
1) Yum installs an additional kernel on the system. It may be configured to remove older kernels, but in nearly every environment it is just adding kernels to the system.
+
If you are concerned with kernel level vulnerabilities, install ASL on the host.
  
 +
Note: VPS technologies are not to be confused with technologies like VMWare, KVM, qemu, ESXi, Xen, and other virtualization technologies.  Those technologies do allow you to install your own kernel, and you can install the ASL kernel or any other kernel inside those virtual machines.
  
2) Inside the kernel rpm there is a post processing macro called %post, this is a shell script that actually does all the magic. Heres what it looks like from Fedora 10's 2.6.27.x kernels:
+
==== Xen ====
  
 +
Please see the [https://www.atomicorp.com/wiki/index.php/ASL_3.2_Virtualization_Notes#Xen Xen Notes] to ensure you have the Xen kernel enabled on your system.
  
  %{expand:%%post %{?-v*}}\
+
'''Step 2)'''
  %{-s:\
+
  if [ `uname -i` == "x86_64" -o `uname -i` == "i386" ] &&\
+
    [ -f /etc/sysconfig/kernel ]; then\
+
    /bin/sed -i -e 's/^DEFAULTKERNEL=%{-s*}$/DEFAULTKERNEL=%{-r*}/' /etc/sysconfig/kernel || exit $?\
+
  fi}\
+
  /sbin/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --mkinitrd --kernel-args="selinux=0 acpi=off" --depmod --install %{?1} %{KVERREL}%{?-v*} || exit $?\
+
  %{nil}
+
  
 +
Note: Check to make sure you do not have the kernel excluded from your yum configuration.  Please read this entire article as it covers how to determine if your system is setup this way.
  
3) Breaking this down, the first step is to update /etc/sysconfig/kernel. The sed line above is passing in information on which base kernel is being used. This is not the version, rather its saying that the default kernel for this system is the kernel-PAE or kernel- package. /etc/sysconfig/kernel itself is one of the config files used by the next step.
+
Set the kernel channel that is appropriate for your system via this setting in the ASL web console:
  
4) new-kernel-pkg is run. This is what creates the initrd ramdisk, and add the kernel to grub. Getting back to the whole modprobe.conf issue, new-kernel-pkg reads /etc/modprobe.conf or /etc/modprobe.d for the information it needs to create the /boot/initrd ramdisk. If this information is wrong, or missing, the kernel will not boot. What you'll get is a kernel panic.
+
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#Kernel_Channel
  
5) Once the initrd is created, new-kernel-pkg adds the entries to the bootloader (/etc/grub.conf or /boot/grub/menu.lst), again using /etc/sysconfig/kernel as its config file. You'll see a setting in there UPDATEDEFAULT=yes. If this is set to yes, then whenever new-kernel-pkg is run, the system will automatically configure that kernel as the default.
+
'''Step 3a)'''
  
 +
===== el5/el6 =====
  
6) Sometimes during this process you will see warnings that certain modules dont exist. This gets back to modprobe.conf again, as the kernel evolves sometimes the module names will change, or even go away. The entries still exist in modpobe.conf, and so new-kernel-pkg will still try to add them. Its generally a bad sign, and something you *should* worry about, especially if its referencing something important like a network or disk controller. Because of this its a good idea to always boot your kernels in testing mode with the --once flag.
+
If your system is 64 bit, run this command, as root, to install the kernel:
  
== Troubleshooting ==
+
''Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades.  Please check with the parties that configured your system to ensure that you want to do this.  By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.''
  
[[Kernel Panic]]
+
yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel
  
== Checking to see if the ASL kernel is installed ==
+
For Xen systems, the command is:
  
Check your rpm repository to see if the kernel is installed:
+
yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel
  
rpm -qa | grep kernel
+
'''Step 3b)'''
  
If you have the ASL kernel installed, you will see a series of kernel names with "art" in them, similar to this:
+
If your system is 32 bit, run this command, as root, to install the kernel:
  
<pre>
+
 
kernel.x86_64 1:2.6.25.4-4.art installed
+
''Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades. Please check with the parties that configured your system to ensure that you want to do this. By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.''
kernel.x86_64 1:2.6.26.6-1.art installed
+
 
kernel.x86_64 1:2.6.27.7-9.art installed
+
yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel-PAE
kernel.x86_64 1:2.6.29.6-1.art installed
+
 
kernel.x86_64 1:2.6.32.8-1.art installed
+
For Xen systems, the command is:
kernel-devel.x86_64 1:2.6.25.4-4.art installed
+
 
kernel-devel.x86_64 1:2.6.26.6-1.art installed
+
yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel-PAE
kernel-devel.x86_64 1:2.6.27.7-9.art installed
+
 
kernel-devel.x86_64 1:2.6.29.6-1.art installed
+
If you do not already have a PAE kernel installed, then you will need to use this command:
kernel-devel.x86_64 1:2.6.32.8-1.art installed
+
 
kernel-headers.x86_64 1:2.6.32.8-1.art installed
+
yum --disableexcludes=all --enablerepo=tortix-kernel install kernel-PAE
 +
 
 +
For Xen systems, the command is:
 +
 
 +
yum --disableexcludes=all --enablerepo=tortix-kernel-xen install kernel-PAE
 +
 
 +
If this does not work, please contact your system administrator or hosting company. This means that your system has been configured to not allow you to install kernels, or something is seriously wrong with the software management in your OS.
 +
 
 +
===== el7 =====
 +
 
 +
If your system is 64 bit, run this command, as root, to install the kernel:
 +
 
 +
''Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades. Please check with the parties that configured your system to ensure that you want to do this. By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.''
 +
 
 +
yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel-asl
 +
 
 +
For Xen systems, the command is:
 +
 
 +
yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel-asl
 +
 
 +
'''Step 3b)'''
 +
 
 +
If your system is 32 bit, run this command, as root, to install the kernel:
 +
 
 +
 
 +
''Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades. Please check with the parties that configured your system to ensure that you want to do this. By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.''
 +
 
 +
yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel-PAE-al
 +
 
 +
For Xen systems, the command is:
 +
 
 +
yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel-PAE
 +
 
 +
If you do not already have a PAE kernel installed, then you will need to use this command:
 +
 
 +
yum --disableexcludes=all --enablerepo=tortix-kernel install kernel-PAE-asl
 +
 
 +
For Xen systems, the command is:
 +
 
 +
yum --disableexcludes=all --enablerepo=tortix-kernel-xen install kernel-PAE-asl
 +
 
 +
If this does not work, please contact your system administrator or hosting company. This means that your system has been configured to not allow you to install kernels, or something is seriously wrong with the software management in your OS.
 +
 
 +
== Upgrading the kernel ==
 +
 
 +
Note: [[VPS]] systems do not have their own kernel.
 +
 
 +
=== Step 1 ===
 +
 
 +
To tell if you have the latest kernel installed, run this command as root:
 +
 
 +
aum -ck
 +
 
 +
If you have the latest kernel installed and running you will see the updater report OK for the kernel, as in this example:
 +
 
 +
  Kernel update is available: 3.2.54-60                    [OK]
 +
 
 +
If you are not running the latest kernel you will see the updater report INFO for the kernel, as in this example:
 +
 
 +
  Kernel update is available: 3.2.54-60                    [INFO]
 +
 
 +
=== Step 2 ===
 +
 
 +
==== Non Xen Systems ====
 +
 
 +
Just run this command as root:
 +
 
 +
yum --enablerepo=tortix-kernel upgrade kernel-asl
 +
 
 +
Or if you have a 32 bit system, then you will want to install the PAE kernel. Use this command:
 +
 
 +
yum --enablerepo=tortix-kernel upgrade kernel-PAE-asl
 +
 
 +
Note:  As in the examples above, '''use yum upgrade, not yum update''' to upgrade a kernel.
 +
 
 +
If your system reports that there is no kernel to upgrade to, it is possible you already have the latest kernel installed and you simply need to reboot into the kernel.  Please see the [[#Checking_to_see_if_the_ASL_kernel_is_installed]] section for information about how to check what kernels you have installed.
 +
 
 +
If your system reports that there is no kernel to upgrade to, and the ASL kernel is not installed, it is possible your system is configured to not install kernels. Check your yum configuration for any "exclude" lines. These tell your system to not install certain software.
 +
 
 +
==== Xen Systems ====
 +
 
 +
Just run this command as root:
 +
 
 +
yum --enablerepo=tortix-kernel-xen upgrade kernel-asl
 +
 
 +
Or if you have a 32 bit system, then you will want to install the PAE kernel. Use this command:
 +
 
 +
yum --enablerepo=tortix-kernel-xen upgrade kernel-PAE-asl
 +
 
 +
Note:  As in the examples above, '''use yum upgrade, not yum update''' to upgrade a kernel.
 +
 
 +
If your system reports that there is no kernel to upgrade to, it is possible you already have the latest kernel installed and you simply need to reboot into the kernel.  Please see the [[#Checking_to_see_if_the_ASL_kernel_is_installed]] section for information about how to check what kernels you have installed.
 +
 
 +
If your system reports that there is no kernel to upgrade to, and the ASL kernel is not installed, it is possible your system is configured to not install kernels. Check your yum configuration for any "exclude" lines.  These tell your system to not install certain software.
 +
 
 +
=== Step 3 ===
 +
 
 +
'''IMPORTANT STEP!'''
 +
 
 +
The kernel is the "core" of your operating system.  If something goes wrong with it, your system will not boot.  So before you reboot into a new kernel you want to make sure you have two things:
 +
 
 +
'''1) Access to your server if it doesnt not reboot.''' 
 +
 
 +
You will want to have either physical access to your server, or remote access to the console via a KVM technology. SSH, telnet and web control panel access is not adequate. If your system hangs on boot only console access can be used to access it.
 +
 
 +
All reputable hosting companies provide free console access for their customers.  If your hosting company does not provide free console access, we encourage you to find a company that does.  You will find lots of good hosting companies on our forums at the URL below:
 +
 
 +
https://www.atomicorp.com/forums/index.php
 +
 
 +
'''2) A working kernel to boot into'''
 +
 
 +
Check to see what kernel your system is currently running. You can run this command as root to do this:
 +
 
 +
uname -r
 +
 
 +
You will see an output similar to this:
 +
 
 +
''2.6.18-308.11.1.el5''
 +
 
 +
This part of that line "2.6.18-308.11.1.el5" is the version of the kernel you are running.  You want to check to make sure that kernel is installed, and available to boot into.  Kernels in Linux are stored in this directory:
 +
 
 +
/boot
 +
 
 +
In the example above, you can search for that kernel with this command:
 +
 
 +
ls -al /boot/*`uname -r`*
 +
 
 +
If the kernel you are using is still installed, you'll see an output similar to this:
 +
 
 +
<pre>-rw-r--r-- 1 root root  67546 Jul 10  2012 /boot/config-2.6.18-308.11.1.el5
 +
-rw------- 1 root root 2717255 Jul 15  2012 /boot/initrd-2.6.18-308.11.1.el5.img
 +
-rw-r--r-- 1 root root  116695 Jul 10  2012 /boot/symvers-2.6.18-308.11.1.el5.gz
 +
-rw-r--r-- 1 root root 1276792 Jul 10  2012 /boot/System.map-2.6.18-308.11.1.el5
 +
-rw-r--r-- 1 root root 2117180 Jul 10  2012 /boot/vmlinuz-2.6.18-308.11.1.el5
 
</pre>
 
</pre>
  
If you do not see this, then you need to install the ASL kernel.  Simply run this command as root:
+
If you get an output like this:
  
yum install kernel
+
ls: /boot/*2.6.18-308.11.1.el5*: No such file or directory
  
If you are running a PAE system, run this command as root:
+
Then the kernel you are currently using is not installed on your system.  Do not reboot your system.  Contact support.
  
yum install kernel-PAE
+
Note:  If you are using a [[VPS]] you do not have a kernel.  Do not contact support for kernel issues with a [[VPS]] system. 
  
Then check to see if you have the ASL kernel installed by running the "rpm -qa | grep kernel" command again.
+
3) Check to make sure this kernel is listed in the grub boot manager
  
 +
Run this command as root to see if your running kernel is listed in your grub configuration:
  
== How to tell if you are running the ASL kernel ==
+
grep `uname -r` /etc/grub.conf
  
You can tell if you are running an ASL kernel with this command:
+
If your kernel is available in grub.conf you should see an output similar to this:
  
uname -a
+
<pre>title CentOS (2.6.18-308.11.1.el5)
 +
kernel /vmlinuz-2.6.18-308.11.1.el5 ro root=/dev/md0 selinux=0 panic=5
 +
initrd /initrd-2.6.18-308.11.1.el5.img
 +
</pre>
  
You should see a kernel name with "art" in the title, for example:
+
Before you reboot, also see the article [https://www.atomicorp.com/wiki/index.php/Kernel#Setting_which_kernel_to_boot Setting which kernel to boot] for instructions on configuring grub and confirming your current kernel is configured in grub.  Be sure to read this article so you completely understand how grub works before you reboot your system.
  
Linux www3.atomicorp.com 2.6.32.21-3.art.x86_64 #1 SMP Tue Sep 7 16:57:34 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
+
'''Note:'''  If you are using a third party boot manager, and not grub, please contact your boot manager vendor for support with configuring boot order and confirming if your kernel is available during reboots.
  
If you do not see a kernel name with "art" in the title then you are not running the ASL kernel.  If you see "art" in the title, then you are running the ASL kernel.
+
=== Step 4 ===
  
== What to do if the kernel is not installed ==
+
Access your remote console and ensure you have access.  Keep this connection open during step 4 below.  If you run into any errors on boot, our support team will need you to provide the errors you see in your console.  A serial console is the best tool to use, as this will allow you to cut and paste any errors you see.
  
If the kernel is not installed '''after running the ASL installer''', that can mean two things:
+
If you do not have a serial console, you will need to document the full output of the boot.  Sending screenshots of the final boot screen will not be helpful to diagnose your issue.  Therefore, we highly recommend you use a serial console so you can cut and paste the output of the boot process.
  
 +
=== Step 5 ===
  
1)  If this is a VPS, you can not install a kernel.  VPS systems do not have their own kernel and use the single kernel shared by the system.  Please contact your hosting provider or sysadmin to install the ASL kernel on the root system.
+
Reboot the system into the new kernel.
  
2)  If this is not a VPS, the ASL installer will not install the kernel if your system is configured to not allow this.  No distribution does this by default.  If you system is configured this way, it usually means yum is configured on your system to not allow kernels to be installed.  Please check your yum configuration to make sure it is not configured to exclude kernels.  Some places to check are your /etc/yum.conf file for a line similar to this:
+
Run this command as root:
 +
 
 +
reboot
 +
 
 +
Once the system boots correctly, check to see if you have the ASL kernel installed by running the "uname -a" command again.  If you do not see "asl" in the kernel name, your system did not boot into the ASL kernel.
 +
 
 +
=== What to do if the kernel is not installed or won't upgrade ===
 +
 
 +
If the kernel is not installed '''after running the ASL installer''' or the kernel will not upgrade, that can mean three things:
 +
 
 +
 
 +
1)  If your system is using a container technology like Virtuozzo and Openvz products, you can not install a kernel.  Container based systems do not have their own kernel and use the single kernel shared by the host system.  Please contact your hosting provider or sysadmin to install the ASL kernel on the host system.
 +
 
 +
2) Your hosting company wont let you install the kernel and has modified your system to prevent this.
 +
 
 +
3)  If this is not a container based system, the ASL installer will not install the kernel if your system is configured to not allow this.  No distribution does this by default.  If you system is configured this way, it usually means yum is configured on your system to not allow kernels to be installed.  Please check your yum configuration to make sure it is not configured to exclude kernels.  Some places to check are your /etc/yum.conf file for a line similar to this:
  
  
Line 142: Line 297:
 
If you see any lines like that, remove them.  Also check in your /etc/yum.repos.d directory to make sure someone did not set this in a repository.
 
If you see any lines like that, remove them.  Also check in your /etc/yum.repos.d directory to make sure someone did not set this in a repository.
  
ASL honors your systems configuration, so if you configure you system to prevent kernels from being installed via yum, ASL will not install its kernel.  If you do not have any exclude lines configured for yum, please contact the parties that configured/setup your system and ask them to fix your system to allow kernels to be installed.
+
ASL honors your systems configuration, so if you configure you system to prevent kernels from being installed via yum, ASL will not install its kernel.  If you do have any exclude lines configured for yum, please contact the parties that configured/setup your system and ask them to fix your system to allow kernels to be installed.
  
You can also try manually installing the kernel, but keep in mind that if you have to do this something else is wrong with your system.  Please run this command as root to see if yum is listing the ASL kernels:
+
You can also manually installing the kernel, as described above, but keep in mind that if you have to do this something else is wrong with your system.  The [[ASL]] installer does this automatically, so if the kernel is not installed something on your system is preventing its installation, and not ASL
  
 +
Please run the command below, as root to see if yum is listing the ASL kernels as being available to install on your system, and as described in this section of this article
  
''yum list | grep kernel''
+
https://www.atomicorp.com/wiki/index.php/Kernel#If_you_have_run_the_ASL_installer
  
 +
''yum list | grep kernel''
  
 +
(This is not a listing of the kernels installed on your system, just the kernels available via yum that may be installed on your system)
  
 
You should see kernel names similar to this (note the "art" in the rpm name, your architecture may be different, but an ASL kernel will have "art" in the name):
 
You should see kernel names similar to this (note the "art" in the rpm name, your architecture may be different, but an ASL kernel will have "art" in the name):
Line 168: Line 326:
  
  
If you see art kernels listed, yum upgrade should work, in that case you would run this command as root:
+
If you see art kernels listed, yum installation or upgrade should work, for upgrades you would run this command as root:
  
  
''yum upgrade kernel''
+
==== Non Xen Systems ====
  
 +
Just run this command as root:
  
If this does not work, or the kernels are not listed, please open a case with support by sending an email to support@atomicorp.com.
+
yum --enablerepo=tortix-kernel upgrade kernel-asl
  
 +
Or if you have a 32 bit system, then you will want to install the PAE kernel.  Use this command:
  
If the kernel is not installed, '''and you have not run the ASL installer''', run the ASL installer.  The ASL installer is the only supported method of installing the ASL kernel.
+
yum --enablerepo=tortix-kernel upgrade kernel-PAE-asl
  
== Upgrading the kernel ==
+
Note:  As in the examples above, '''use yum upgrade, not yum update''' to upgrade a kernel.
 +
 
 +
For installs, please see the section of this article on manually installations of the kernel linked to below:
 +
 
 +
https://www.atomicorp.com/wiki/index.php/Kernel#If_you_have_run_the_ASL_installer
 +
 
 +
==== Xen Systems ====
  
 
Just run this command as root:
 
Just run this command as root:
  
yum upgrade kernel
+
yum --enablerepo=tortix-kernel-xen upgrade kernel-asl
  
 
Or if you have a 32 bit system, then you will want to install the PAE kernel.  Use this command:
 
Or if you have a 32 bit system, then you will want to install the PAE kernel.  Use this command:
  
yum upgrade kernel-PAE
+
yum --enablerepo=tortix-kernel-xen upgrade kernel-PAE-asl
Checking_to_see_if_the_ASL_kernel_is_installed
+
If your system reports that there is no kernel to upgrade to, it is possible you already have the latest kernel installed and you simply need to reboot into the kernel.  Please see the [[#Checking_to_see_if_the_ASL_kernel_is_installed]] section for information about how to check what kernels you have installed.
+
  
If your system reports that there is no kernel to upgrade to, and the ASL kernel is not installed, it is possible your system is configured to not install kernelsCheck your yum configuration for any "exclude" lines.  These tell your system to not install certain software.
+
For installs, please see the section of this article on manually installations of the kernel linked to below:
 +
 
 +
https://www.atomicorp.com/wiki/index.php/Kernel#If_you_have_run_the_ASL_installer
 +
 
 +
== Rolling back the kernel ==
 +
 
 +
If you wish to use an older kernel, you can use this command to [[rollback]] yum updates provided you have your system setup to allow [[Downgrading rpms]].
 +
 
 +
yum downgrade kernel
 +
 
 +
If you are using the PAE kernel, use this command:
 +
 
 +
yum downgrade kernel-PAE
 +
 
 +
=== If you have kernel upgrades disabled in ASL ===
 +
 
 +
If you select the option of not auto-updating the kernel, this will change the asl.repo file to exclude the kernel.  This also means that you can no longer manually install the ASL kernel.  You must remove this exclusion to use yum to install older kernels.  To prevent ASL from upgrading to a newer kernel follow this process:
 +
 
 +
Step 1)  Enable kernel updates
 +
 
 +
Log into the ASL web console, select the Configuration Tab, then Select ASL Configuration.  Change "UPDATE_TYPE" setting to "all".
 +
 
 +
Step 2) Install the older kernel
 +
 
 +
You will need to specifically select the kernel you want to install.
 +
 
 +
Step 3) Disable kernel updates
 +
 
 +
Log into the ASL web console, select the Configuration Tab, then Select ASL ConfigurationChange the "UPDATE_TYPE" setting to "exclude-kernel" or "rules-only".
  
 
== Setting which kernel to boot ==
 
== Setting which kernel to boot ==
  
Linux uses a boot loader to select which kernel to boot into (this is not part of ASL).  In most cases your system will use a boot loader called "grub".  If your system is using lilo, the older (really really old) boot loader we recommend you use grub.
+
Note: '''[[ASL]] will not replace your existing kernel, it will install and set the secure ASL kernel to boot, but will leave your default kernel intact should you wish to use a non-secure kernel instead.''' 
  
ASL will not replace your existing kernel.  ASL will install an additional secure kernel you can boot into, and will set that new secure kernel to boot by default.  Should you need to use your older kernel just select your old kernel to boot into.
+
=== If you have just installed ASL ===
  
If your system is using grub:
+
If you have just installed ASL, all you need to do is reboot the system.  When the system starts a special init called "asl-firstboot" will check the system to make sure everything worked correctly.  If it did, then ASL will configure the ASL secure kernel to be the default kernel.
  
Modify this file as root:
+
If ASL detects any issues with the secure kernel, it will reboot the system into the default non-ASL kernel installed on the system.
 +
 
 +
If your system is not setup this way, or this is missing from your boot loader '''please read this entire article.'''  This can only occur if either your system is configured to not allow the installation of kernels, or something is seriously wrong with your systems software management system and is preventing this process from working correctly.
 +
 
 +
=== If you want to switch to a different kernel ===
 +
 
 +
==== RHEL6/Centos 6====
 +
 
 +
Linux uses a boot loader to select which kernel to boot into (this is not part of ASL, its part of your operating system).  In most cases your system will use a boot loader called "grub".  If your system is using lilo, the older (really really old) boot loader we recommend you use grub.  If you are using a third party boot loader, please contact your boot loader vendor for assistance.
 +
 
 +
If your system is using grub, you will simply need modify this file as root:
  
 
/etc/grub.conf
 
/etc/grub.conf
Line 233: Line 435:
  
  
The system will boot into the kernel based on the configuration of this line in /etc/grub/conf:
+
The system will boot into the kernel based on the configuration of this single line in /etc/grub/conf:
  
default=0
+
''default=0''
  
Where "0" is the number of the kernel to boot into.  In grub the first position is "0", the second position is "1" and so on.  So the kernel the system will boot into, in the example above, is:
+
Where "0" is the number of the kernel to boot into.  In grub the first position, or selected kernel, is "0", the second position is "1" and so on.  So the kernel the system will boot into, in the example above, is:
  
 
<pre>title CentOS (2.6.27.7-9.art.i686)
 
<pre>title CentOS (2.6.27.7-9.art.i686)
Line 244: Line 446:
 
initrd /initrd-2.6.27.7-9.art.i686.img</pre>
 
initrd /initrd-2.6.27.7-9.art.i686.img</pre>
  
If you want the system to boot into a different kernel, for example if we wanted to boot into the second kernel (in position 1, remember the first position is 0, not 1):
+
Because its in "position" 0.  If you want the system to boot into a different kernel, for example if we wanted to boot into the second kernel (its in position 1, remember the first position is 0, not 1):
  
 
<pre>title CentOS (2.6.26.6-1.art.i686)
 
<pre>title CentOS (2.6.26.6-1.art.i686)
Line 251: Line 453:
 
initrd /initrd-2.6.26.6-1.art.i686.img</pre>
 
initrd /initrd-2.6.26.6-1.art.i686.img</pre>
  
The this line:
+
Simply change this line:
  
default=0
+
''default=0''
  
Must be changed to:
+
To:
  
default=1
+
''default=1''
 +
 
 +
If you wanted, in the example above, to boot into the third kernel then you would change this number to "2", and so on.
 +
 
 +
'''Note:  The grub examples above are just examples, do not use them to configure grub.  Follow the instructions in this article to install the kernel, which will configure grub for you.
 +
'''
 +
 
 +
====RHEL7/Centos 7====
 +
 
 +
See this article from redhat:
 +
 
 +
https://access.redhat.com/solutions/1605183
 +
 
 +
=== Preventing the upgrade or installation of the secure kernel ===
  
 
If you want do not want yum to install the secure ASL kernel, and would prefer to stick with your distributions stock kernel, put 'exclude=kernel*' in the [asl-2.0] section in /etc/yum.repos.d/asl.repo.  ASL will actively test and report vulnerabilities in all kernels, so if your stock kernel is reported to have vulnerabilities '''these are not false positives.'''  We do not recommend you use any kernel other than the ASL kernel.
 
If you want do not want yum to install the secure ASL kernel, and would prefer to stick with your distributions stock kernel, put 'exclude=kernel*' in the [asl-2.0] section in /etc/yum.repos.d/asl.repo.  ASL will actively test and report vulnerabilities in all kernels, so if your stock kernel is reported to have vulnerabilities '''these are not false positives.'''  We do not recommend you use any kernel other than the ASL kernel.
 +
'''
 +
 +
= Kernel Options =
 +
 +
Please see the [https://www.atomicorp.com/wiki/index.php/ASL_Configuration#Kernel_configuration Kernel Configuration] section.
 +
 +
= Testing the Kernel =
 +
 +
== Grub Users ==
 +
 +
1) Once the Atomic kernel is installed, determine which position the ''Atomic kernel'' has been installed.
 +
 +
Example:
 +
[root@ac3 ~]# cat /etc/grub.conf
 +
 +
# grub.conf generated by anaconda
 +
#
 +
# Note that you do not have to rerun grub after making changes to this file
 +
# NOTICE:  You have a /boot partition.  This means that
 +
#          all kernel and initrd paths are relative to /boot/, eg.
 +
#          root (hd0,0)
 +
#          kernel /vmlinuz-version ro root=/dev/hda3
 +
#          initrd /initrd-version.img
 +
#boot=/dev/hda
 +
default=1
 +
timeout=5
 +
serial --unit=0 --speed=57600
 +
terminal --timeout=5 serial console
 +
title CentOS (2.6.17-1.art)
 +
        root (hd0,0)
 +
        kernel /vmlinuz-2.6.17-1.art ro root=LABEL=/ console=ttyS0,57600n8 selinux=0
 +
        initrd /initrd-2.6.17-1.art.img
 +
title CentOS (2.6.9-34.0.2.ELsmp)
 +
        root (hd0,0)
 +
        kernel /vmlinuz-2.6.9-34.0.2.ELsmp ro root=LABEL=/ console=ttyS0,57600n8
 +
        initrd /initrd-2.6.9-34.0.2.ELsmp.img
 +
 +
Note the line: default=1, this indicates the kernel the system will boot by default, starting at position 0. Position 0 is "title CentOS (2.6.17-1.art)", and position 1 is "title CentOS (2.6.9-34.0.2.ELsmp)" in this example, indicating the system is configured to boot into the default CentOS kernel.
 +
 +
2) Type: grub
 +
 +
the following will be displayed:
 +
GNU GRUB  version 0.97  (640K lower / 3072K upper memory)
 +
[ Minimal BASH-like line editing is supported.  For the first word, TAB
 +
  lists possible command completions.  Anywhere else TAB lists the possible
 +
  completions of a device/filename.]
 +
grub>
 +
 +
3) At the grub prompt set the default kernel to 0, and to only boot once with the following:
 +
 +
grub> savedefault --default=0 --once
 +
 +
4) type: quit
 +
 +
5) reboot the system. If for some reason the kernel does not work with the Atomic kernel, or is otherwise non-responsive, powercycling the system will restore the system to the default kernel.
 +
 +
== Lilo Users ==
 +
 +
1) The art kernel should be listed in /boot - for example:
 +
 +
        /boot/vmlinuz-2.6.19-7.art
 +
 +
2) Create a symbolic link to this:
 +
 +
        ln -s  /boot/vmlinuz-2.6.19-7.art  /boot/vmlinuz-art
 +
 +
3) edit /etc/lilo.conf to add a section for the art kernel. Eg:
 +
 +
        image=/boot/vmlinuz-art
 +
        label=lxart
 +
        append="console=tty0 console=ttyS0,57600 panic=30"
 +
 +
4) Type: lilo to make the change permanent. Then to test that you can boot into the new kernel do
 +
      lilo -v -v
 +
      lilo -R lxart
 +
      shutdown -r now
 +
 +
5) When it's rebooted, doing a uname -r should show the new art kernel. Now you can make it permanent. Edit /etc/lilo.conf so that it has the line:
 +
      default=lxart
 +
 +
6) type lilo. Then reboot.
 +
 +
 +
= Manual Kernel Installation =
 +
 +
Description: In some situations, due to deviations with the distribution kernel management system, it is not possible to perform ASL kernel installation through the regular installer.
 +
 +
Cause: Platform has replaced grub2 with the older grub 1.0 system on el7.
 +
 +
== RHEL/CentOS EL7 ==
 +
 +
 +
1) edit /etc/asl/config and set
 +
  KERNEL_CHANNEL="tortix-kernel"
 +
or if you are using xen:
 +
  KERNEL_CHANNEL="tortix-kernel-xen"
 +
 +
2) Update configs
 +
  aum -u
 +
 +
 +
3) Install the kernel
 +
  yum install kernel-asl
 +
 +
 +
For systems with grub2 installed:
 +
 +
4) Set the kernel to boot only once for testing.
 +
  grub2-reboot 1
 +
 +
5) Reboot
 +
  reboot
 +
 +
 +
6) If this is successful, set the ASL kernel to default boot
 +
  /usr/sbin/grub2-set-default 0
 +
 +
7) Regenerate config
 +
  grub2-mkconfig -o /boot/grub2/grub.cfg
 +
 +
= Kernel Tuning =
 +
 +
== Schedulers ==
 +
 +
The ASL kernel includes four I/O schedulers to suit various system needs and configurations.
 +
 +
=== Scheduler Types ===
 +
 +
==== Completely Fair Queuing (CFQ) ====
 +
 +
This is the default algorithm. As the name implies, CFQ maintains a scalable per-process I/O queue and attempts to distribute the available I/O bandwidth equally among all I/O requests. CFQ is well suited for mid-to-large multi-processor systems and for systems which require balanced I/O performance over multiple LUNs and I/O controllers.
 +
 +
==== Deadline ====
 +
 +
The Deadline elevator uses a deadline algorithm to minimize I/O latency for a given I/O request. The scheduler provides near real-time behavior and uses a round robin policy to attempt to be fair among multiple I/O requests and to avoid process starvation. Using five I/O queues, this scheduler will aggressively re-order requests to improve I/O performance.
 +
 +
==== NOOP ====
 +
 +
This scheduler is a simple FIFO queue and uses the minimal amount of CPU/instructions per I/O to accomplish the basic merging and sorting functionality to complete the I/O. It assumes performance of the I/O has been or will be optimized at the block device (memory-disk) or with an intelligent HBA or externally attached controller.
 +
 +
==== Anticipatory ====
 +
 +
The Anticipatory elevator introduces a controlled delay before dispatching the I/O to attempt to aggregate and/or re-order requests improving locality and reducing disk seek operations. This algorithm is intended to optimize systems with small or slow disk subsystems. One artifact of using the AS scheduler can be higher I/O latency.
 +
 +
=== Changing the scheduler ===
 +
 +
If the default scheduler does not meet your needs, you can change the scheduler by logging in as root and changing the scheduler for the device in this manner:
 +
 +
echo {SCHEDULER-NAME} > /sys/block/{DEVICE-NAME}/queue/scheduler
 +
 +
Example:
 +
 +
echo noop > /sys/block/hda/queue/scheduler
 +
 +
You can also view the scheduler you are using this this command:
 +
 +
cat /sys/block/{DEVICE-NAME}/queue/scheduler
 +
 +
Example:
 +
 +
cat /sys/block/hda/queue/scheduler
 +
 +
= Technical Abstract =
 +
 +
This is a very very basic attempt to describe how the kernel is implemeted on redhat/fedora/centos for those people whom are in environments where someone tried to be "helpful" by removing the native distros kernel and replace it with their own. This is NOT an article for VPS users, because you dont have a kernel and theres nothing you can do. As a side note, this is not a replacement for the real documentation in the linux kernel, they are just my personal observations and are subject to error. This is not linux canon. You have been warned.
 +
 +
== Overview ==
 +
 +
The kernel installation/upgrade process is for the most part completely automated. Upgrade events are capable of reading the existing configuration information, and adding them to the boot loader.
 +
 +
'''Major components'''
 +
 +
Kernel, usually /boot/vmlinuz-XXXX
 +
 +
Ram Disk, usually /boot/initrd-XXXX
 +
 +
Modules, usually /lib/modules/XXXX
 +
 +
Boot loader, usually Grub (/etc/grub.conf which is a symlink to /boot/grub/menu.lst)
 +
 +
Module configuration information, /etc/modprobe.conf, or /etc/modprobe.d/*
 +
 +
 +
'''Minor componets'''
 +
 +
New-kernel-pkg, /sbin/new-kernel-pkg
 +
 +
Kenel configuration file (used by new-kernel-pkg), /etc/sysconfig/kernel
 +
 +
mkinitrd config directory (depends on distro), /etc/sysconfig/mkinitrd/
 +
 +
 +
 +
=== Boot Process ===
 +
 +
1) Grub is configured to load a specific kernel
 +
 +
2) Kernel boots, this loads the initrd ramdisk
 +
 +
3) initrd contains the modules needed to read core hardware, like the disks. This is generally where mayhem happens.
 +
 +
4) System mounts disks and goes multi-user, remaining modules like the ethernet controller, lm_sensors, firewall modules, are loaded dynamically
 +
 +
 +
=== Initial Installation Process ===
 +
 +
Basically the Red Hat OS installer does some really impressive work, its called anaconda and you can read more about it [http://fedoraproject.org/wiki/Anaconda here]. In brief, the system boots off of an installer kernel, and anaconda interrogates the system to populate the modprobe configuration file mentioned above. Its the only thing I know of that can actually figure out what the hardware is on a box without human intervention.
 +
 +
Modprobe is what loads the kernel drivers for everything on the box, like the disks or the network card, and the modprobe.conf/modprobe.d part is only configured through anaconda. If you dont go through anaconda, then you dont get these configs for your hardware, and if you dont have these configs a normal upgrade wont work.
 +
 +
Let me reiterate this, if you're in an environment where someone thought they were doing you a favor by not putting their own kernel on a system from a disk image (1&1, and ovh, I mean YOU), well they '''arent'''. You're about to take the first step down the long road of becoming a kernel/hardware expert. There is no automated way, short of re-imaging the box (and thereby running anaconda again) to resolve this.
 +
 +
=== Upgrade Process ===
 +
 +
Assuming you've got a healthy, normal system, its largely automated. At most ASL only interacts with the system at the grub level, using tricks like --once to boot kernels in test mode. That aside, heres what happens when you upgrade the kernel with yum.
 +
 +
1) Yum installs an additional kernel on the system. It may be configured to remove older kernels, but in nearly every environment it is just adding kernels to the system.
 +
 +
 +
2) Inside the kernel rpm there is a post processing macro called %post, this is a shell script that actually does all the magic. Heres what it looks like from Fedora 10's 2.6.27.x kernels:
 +
 +
 +
  %{expand:%%post %{?-v*}}\
 +
  %{-s:\
 +
  if [ `uname -i` == "x86_64" -o `uname -i` == "i386" ] &&\
 +
    [ -f /etc/sysconfig/kernel ]; then\
 +
    /bin/sed -i -e 's/^DEFAULTKERNEL=%{-s*}$/DEFAULTKERNEL=%{-r*}/' /etc/sysconfig/kernel || exit $?\
 +
  fi}\
 +
  /sbin/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --mkinitrd --kernel-args="selinux=0 acpi=off" --depmod --install %{?1} %{KVERREL}%{?-v*} || exit $?\
 +
  %{nil}
 +
 +
 +
3) Breaking this down, the first step is to update /etc/sysconfig/kernel. The sed line above is passing in information on which base kernel is being used. This is not the version, rather its saying that the default kernel for this system is the kernel-PAE or kernel- package. /etc/sysconfig/kernel itself is one of the config files used by the next step.
 +
 +
4) new-kernel-pkg is run. This is what creates the initrd ramdisk, and add the kernel to grub. Getting back to the whole modprobe.conf issue, new-kernel-pkg reads /etc/modprobe.conf or /etc/modprobe.d for the information it needs to create the /boot/initrd ramdisk. If this information is wrong, or missing, the kernel will not boot. What you'll get is a kernel panic.
 +
 +
5) Once the initrd is created, new-kernel-pkg adds the entries to the bootloader (/etc/grub.conf or /boot/grub/menu.lst), again using /etc/sysconfig/kernel as its config file. You'll see a setting in there UPDATEDEFAULT=yes. If this is set to yes, then whenever new-kernel-pkg is run, the system will automatically configure that kernel as the default.
 +
 +
 +
6) Sometimes during this process you will see warnings that certain modules dont exist. This gets back to modprobe.conf again, as the kernel evolves sometimes the module names will change, or even go away. The entries still exist in modpobe.conf, and so new-kernel-pkg will still try to add them. Its generally a bad sign, and something you *should* worry about, especially if its referencing something important like a network or disk controller. Because of this its a good idea to always boot your kernels in testing mode with the --once flag.
 +
 +
= Troubleshooting =
 +
 +
== Known Kernel Module Name Changes ==
 +
 +
1and1 network card module name changes
 +
 +
Vmware SCSI emulation name changes
 +
 +
 +
'''1and1 Checklist for /etc/modules.conf or /etc/modprobe.conf'''
 +
 +
Step 1) Enumerate hardware with /sbin/lspci
 +
 +
Step 2) Check network cards,
 +
 +
Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II]  was
 +
  alias eth0 8139too
 +
change to
 +
  alias eth0 via-rhine
 +
 +
Step 3) Check SATA modules
 +
 +
== Kernel Panics ==
 +
 +
See the [[Kernel Panic]] article.
 +
 +
= Virtualization Notes =
 +
 +
See the [[ASL_3.2_Virtualization_Notes]] article for important information on the kernel and different virtualization technologies.
 +
 +
= ASL Kernel Features =
 +
 +
Please see the [[ASL Kernel Features]] article.
 +
 +
= ASL kernel modules =
 +
 +
Please see the [[ASL kernel modules]] article.
 +
 +
= Source Code =
 +
 +
You can install the kernel source code by running this command as root:
 +
 +
''yum install kernel-asl-devel --enablerepo=tortix-kernel ''

Latest revision as of 17:28, 30 April 2020

Contents

[edit] Activating Kernel Protection

[edit] Overview

ASL includes a special secure kernel, that will proactively protect your system from many different classes of attack.

Please be sure to read the ASL 3 Virtualization Notes for special information about using the kernel with different Virtualization technologies.

[edit] Checking to see if the ASL kernel is installed

Check your rpm repository to see if the kernel is installed:

rpm -qa kernel-asl


If you have the ASL kernel installed, you will see a series of kernel names with "asl" in them, similar to this:

kernel-asl-4.14.26-3791.el6.art.x86_64
kernel-asl-4.14.28-3927.el6.art.x86_64
kernel-asl-4.14.13-3308.el6.art.x86_64
kernel-asl-4.14.27-3910.el6.art.x86_64
kernel-asl-4.14.30-3955.el6.art.x86_64

If you do not see any output, then you need to install the ASL kernel.

[edit] How to tell if you are running the ASL kernel

You can tell if you are running an ASL kernel with this command:

uname -a

If you are running the ASL kernel, you should see a kernel name with "art" in the title, for example:

Linux www.atomicorp.com 4.14.13-3308.el6.art.x86_64 #1 SMP Fri Jan 19 09:51:23 EST 2018 x86_64 x86_64 x86_64 GNU/Linux


If you do not see a kernel name with "art" in the title then you are not running the ASL kernel. If you see "art" in the title, then you are running the ASL kernel.

[edit] Installing the ASL kernel

The ASL kernel is normally installed, by default, by the ASL installer.

[edit] If you have not run the ASL installer

If the kernel is not installed, and you have not run the ASL installer, run the ASL installer.

[edit] If you have run the ASL installer

If you have run the ASL installer, and the kernel is not installed follow this process:

Step 1)

[edit] OpenVZ/Virtuzzo

If you are using a VPS technology, such as virtuzzo or openvz, and you are installing ASL inside a VPS you will not be able to install a kernel. This is not limited to the ASL kernel, you can not install a kernel inside a VPS. VPS' do not have their own kernel, they share the hosts single kernel, and you can not replace or modify that kernel from inside a VPS.

If you are concerned with kernel level vulnerabilities, install ASL on the host.

Note: VPS technologies are not to be confused with technologies like VMWare, KVM, qemu, ESXi, Xen, and other virtualization technologies. Those technologies do allow you to install your own kernel, and you can install the ASL kernel or any other kernel inside those virtual machines.

[edit] Xen

Please see the Xen Notes to ensure you have the Xen kernel enabled on your system.

Step 2)

Note: Check to make sure you do not have the kernel excluded from your yum configuration. Please read this entire article as it covers how to determine if your system is setup this way.

Set the kernel channel that is appropriate for your system via this setting in the ASL web console:

https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#Kernel_Channel

Step 3a)

[edit] el5/el6

If your system is 64 bit, run this command, as root, to install the kernel:

Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades. Please check with the parties that configured your system to ensure that you want to do this. By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.

yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel

For Xen systems, the command is:

yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel

Step 3b)

If your system is 32 bit, run this command, as root, to install the kernel:


Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades. Please check with the parties that configured your system to ensure that you want to do this. By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.

yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel-PAE

For Xen systems, the command is:

yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel-PAE

If you do not already have a PAE kernel installed, then you will need to use this command:

yum --disableexcludes=all --enablerepo=tortix-kernel install kernel-PAE

For Xen systems, the command is:

yum --disableexcludes=all --enablerepo=tortix-kernel-xen install kernel-PAE

If this does not work, please contact your system administrator or hosting company. This means that your system has been configured to not allow you to install kernels, or something is seriously wrong with the software management in your OS.

[edit] el7

If your system is 64 bit, run this command, as root, to install the kernel:

Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades. Please check with the parties that configured your system to ensure that you want to do this. By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.

yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel-asl

For Xen systems, the command is:

yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel-asl

Step 3b)

If your system is 32 bit, run this command, as root, to install the kernel:


Note: The command below forces your system to install the kernel, this will over ride any configuration you may have to prevent kernel installation or upgrades. Please check with the parties that configured your system to ensure that you want to do this. By default ASL will not force an install or upgrade of the kernel, and honors your systems configuration for kernel installations and upgrades.

yum --disableexcludes=all --enablerepo=tortix-kernel upgrade kernel-PAE-al

For Xen systems, the command is:

yum --disableexcludes=all --enablerepo=tortix-kernel-xen upgrade kernel-PAE

If you do not already have a PAE kernel installed, then you will need to use this command:

yum --disableexcludes=all --enablerepo=tortix-kernel install kernel-PAE-asl

For Xen systems, the command is:

yum --disableexcludes=all --enablerepo=tortix-kernel-xen install kernel-PAE-asl

If this does not work, please contact your system administrator or hosting company. This means that your system has been configured to not allow you to install kernels, or something is seriously wrong with the software management in your OS.

[edit] Upgrading the kernel

Note: VPS systems do not have their own kernel.

[edit] Step 1

To tell if you have the latest kernel installed, run this command as root:

aum -ck

If you have the latest kernel installed and running you will see the updater report OK for the kernel, as in this example:

 Kernel update is available: 3.2.54-60                    [OK]

If you are not running the latest kernel you will see the updater report INFO for the kernel, as in this example:

 Kernel update is available: 3.2.54-60                    [INFO]

[edit] Step 2

[edit] Non Xen Systems

Just run this command as root:

yum --enablerepo=tortix-kernel upgrade kernel-asl

Or if you have a 32 bit system, then you will want to install the PAE kernel. Use this command:

yum --enablerepo=tortix-kernel upgrade kernel-PAE-asl

Note: As in the examples above, use yum upgrade, not yum update to upgrade a kernel.

If your system reports that there is no kernel to upgrade to, it is possible you already have the latest kernel installed and you simply need to reboot into the kernel. Please see the #Checking_to_see_if_the_ASL_kernel_is_installed section for information about how to check what kernels you have installed.

If your system reports that there is no kernel to upgrade to, and the ASL kernel is not installed, it is possible your system is configured to not install kernels. Check your yum configuration for any "exclude" lines. These tell your system to not install certain software.

[edit] Xen Systems

Just run this command as root:

yum --enablerepo=tortix-kernel-xen upgrade kernel-asl

Or if you have a 32 bit system, then you will want to install the PAE kernel. Use this command:

yum --enablerepo=tortix-kernel-xen upgrade kernel-PAE-asl

Note: As in the examples above, use yum upgrade, not yum update to upgrade a kernel.

If your system reports that there is no kernel to upgrade to, it is possible you already have the latest kernel installed and you simply need to reboot into the kernel. Please see the #Checking_to_see_if_the_ASL_kernel_is_installed section for information about how to check what kernels you have installed.

If your system reports that there is no kernel to upgrade to, and the ASL kernel is not installed, it is possible your system is configured to not install kernels. Check your yum configuration for any "exclude" lines. These tell your system to not install certain software.

[edit] Step 3

IMPORTANT STEP!

The kernel is the "core" of your operating system. If something goes wrong with it, your system will not boot. So before you reboot into a new kernel you want to make sure you have two things:

1) Access to your server if it doesnt not reboot.

You will want to have either physical access to your server, or remote access to the console via a KVM technology. SSH, telnet and web control panel access is not adequate. If your system hangs on boot only console access can be used to access it.

All reputable hosting companies provide free console access for their customers. If your hosting company does not provide free console access, we encourage you to find a company that does. You will find lots of good hosting companies on our forums at the URL below:

https://www.atomicorp.com/forums/index.php

2) A working kernel to boot into

Check to see what kernel your system is currently running. You can run this command as root to do this:

uname -r

You will see an output similar to this:

2.6.18-308.11.1.el5

This part of that line "2.6.18-308.11.1.el5" is the version of the kernel you are running. You want to check to make sure that kernel is installed, and available to boot into. Kernels in Linux are stored in this directory:

/boot

In the example above, you can search for that kernel with this command:

ls -al /boot/*`uname -r`*

If the kernel you are using is still installed, you'll see an output similar to this:

-rw-r--r-- 1 root root   67546 Jul 10  2012 /boot/config-2.6.18-308.11.1.el5
-rw------- 1 root root 2717255 Jul 15  2012 /boot/initrd-2.6.18-308.11.1.el5.img
-rw-r--r-- 1 root root  116695 Jul 10  2012 /boot/symvers-2.6.18-308.11.1.el5.gz
-rw-r--r-- 1 root root 1276792 Jul 10  2012 /boot/System.map-2.6.18-308.11.1.el5
-rw-r--r-- 1 root root 2117180 Jul 10  2012 /boot/vmlinuz-2.6.18-308.11.1.el5

If you get an output like this:

ls: /boot/*2.6.18-308.11.1.el5*: No such file or directory

Then the kernel you are currently using is not installed on your system. Do not reboot your system. Contact support.

Note: If you are using a VPS you do not have a kernel. Do not contact support for kernel issues with a VPS system.

3) Check to make sure this kernel is listed in the grub boot manager

Run this command as root to see if your running kernel is listed in your grub configuration:

grep `uname -r` /etc/grub.conf

If your kernel is available in grub.conf you should see an output similar to this:

title CentOS (2.6.18-308.11.1.el5)
	kernel /vmlinuz-2.6.18-308.11.1.el5 ro root=/dev/md0 selinux=0 panic=5
	initrd /initrd-2.6.18-308.11.1.el5.img

Before you reboot, also see the article Setting which kernel to boot for instructions on configuring grub and confirming your current kernel is configured in grub. Be sure to read this article so you completely understand how grub works before you reboot your system.

Note: If you are using a third party boot manager, and not grub, please contact your boot manager vendor for support with configuring boot order and confirming if your kernel is available during reboots.

[edit] Step 4

Access your remote console and ensure you have access. Keep this connection open during step 4 below. If you run into any errors on boot, our support team will need you to provide the errors you see in your console. A serial console is the best tool to use, as this will allow you to cut and paste any errors you see.

If you do not have a serial console, you will need to document the full output of the boot. Sending screenshots of the final boot screen will not be helpful to diagnose your issue. Therefore, we highly recommend you use a serial console so you can cut and paste the output of the boot process.

[edit] Step 5

Reboot the system into the new kernel.

Run this command as root:

reboot

Once the system boots correctly, check to see if you have the ASL kernel installed by running the "uname -a" command again. If you do not see "asl" in the kernel name, your system did not boot into the ASL kernel.

[edit] What to do if the kernel is not installed or won't upgrade

If the kernel is not installed after running the ASL installer or the kernel will not upgrade, that can mean three things:


1) If your system is using a container technology like Virtuozzo and Openvz products, you can not install a kernel. Container based systems do not have their own kernel and use the single kernel shared by the host system. Please contact your hosting provider or sysadmin to install the ASL kernel on the host system.

2) Your hosting company wont let you install the kernel and has modified your system to prevent this.

3) If this is not a container based system, the ASL installer will not install the kernel if your system is configured to not allow this. No distribution does this by default. If you system is configured this way, it usually means yum is configured on your system to not allow kernels to be installed. Please check your yum configuration to make sure it is not configured to exclude kernels. Some places to check are your /etc/yum.conf file for a line similar to this:


exclude=kernel*


If you see any lines like that, remove them. Also check in your /etc/yum.repos.d directory to make sure someone did not set this in a repository.

ASL honors your systems configuration, so if you configure you system to prevent kernels from being installed via yum, ASL will not install its kernel. If you do have any exclude lines configured for yum, please contact the parties that configured/setup your system and ask them to fix your system to allow kernels to be installed.

You can also manually installing the kernel, as described above, but keep in mind that if you have to do this something else is wrong with your system. The ASL installer does this automatically, so if the kernel is not installed something on your system is preventing its installation, and not ASL.

Please run the command below, as root to see if yum is listing the ASL kernels as being available to install on your system, and as described in this section of this article

https://www.atomicorp.com/wiki/index.php/Kernel#If_you_have_run_the_ASL_installer

yum list | grep kernel

(This is not a listing of the kernels installed on your system, just the kernels available via yum that may be installed on your system)

You should see kernel names similar to this (note the "art" in the rpm name, your architecture may be different, but an ASL kernel will have "art" in the name):

kernel.x86_64 1:2.6.25.4-4.art installed
kernel.x86_64 1:2.6.26.6-1.art installed
kernel.x86_64 1:2.6.27.7-9.art installed
kernel.x86_64 1:2.6.29.6-1.art installed
kernel.x86_64 1:2.6.32.8-1.art installed
kernel-devel.x86_64 1:2.6.25.4-4.art installed
kernel-devel.x86_64 1:2.6.26.6-1.art installed
kernel-devel.x86_64 1:2.6.27.7-9.art installed
kernel-devel.x86_64 1:2.6.29.6-1.art installed
kernel-devel.x86_64 1:2.6.32.8-1.art installed
kernel-headers.x86_64 1:2.6.32.8-1.art installed


If you see art kernels listed, yum installation or upgrade should work, for upgrades you would run this command as root:


[edit] Non Xen Systems

Just run this command as root:

yum --enablerepo=tortix-kernel upgrade kernel-asl

Or if you have a 32 bit system, then you will want to install the PAE kernel. Use this command:

yum --enablerepo=tortix-kernel upgrade kernel-PAE-asl

Note: As in the examples above, use yum upgrade, not yum update to upgrade a kernel.

For installs, please see the section of this article on manually installations of the kernel linked to below:

https://www.atomicorp.com/wiki/index.php/Kernel#If_you_have_run_the_ASL_installer

[edit] Xen Systems

Just run this command as root:

yum --enablerepo=tortix-kernel-xen upgrade kernel-asl

Or if you have a 32 bit system, then you will want to install the PAE kernel. Use this command:

yum --enablerepo=tortix-kernel-xen upgrade kernel-PAE-asl

For installs, please see the section of this article on manually installations of the kernel linked to below:

https://www.atomicorp.com/wiki/index.php/Kernel#If_you_have_run_the_ASL_installer

[edit] Rolling back the kernel

If you wish to use an older kernel, you can use this command to rollback yum updates provided you have your system setup to allow Downgrading rpms.

yum downgrade kernel

If you are using the PAE kernel, use this command:

yum downgrade kernel-PAE

[edit] If you have kernel upgrades disabled in ASL

If you select the option of not auto-updating the kernel, this will change the asl.repo file to exclude the kernel. This also means that you can no longer manually install the ASL kernel. You must remove this exclusion to use yum to install older kernels. To prevent ASL from upgrading to a newer kernel follow this process:

Step 1) Enable kernel updates

Log into the ASL web console, select the Configuration Tab, then Select ASL Configuration. Change "UPDATE_TYPE" setting to "all".

Step 2) Install the older kernel

You will need to specifically select the kernel you want to install.

Step 3) Disable kernel updates

Log into the ASL web console, select the Configuration Tab, then Select ASL Configuration. Change the "UPDATE_TYPE" setting to "exclude-kernel" or "rules-only".

[edit] Setting which kernel to boot

Note: ASL will not replace your existing kernel, it will install and set the secure ASL kernel to boot, but will leave your default kernel intact should you wish to use a non-secure kernel instead.

[edit] If you have just installed ASL

If you have just installed ASL, all you need to do is reboot the system. When the system starts a special init called "asl-firstboot" will check the system to make sure everything worked correctly. If it did, then ASL will configure the ASL secure kernel to be the default kernel.

If ASL detects any issues with the secure kernel, it will reboot the system into the default non-ASL kernel installed on the system.

If your system is not setup this way, or this is missing from your boot loader please read this entire article. This can only occur if either your system is configured to not allow the installation of kernels, or something is seriously wrong with your systems software management system and is preventing this process from working correctly.

[edit] If you want to switch to a different kernel

[edit] RHEL6/Centos 6

Linux uses a boot loader to select which kernel to boot into (this is not part of ASL, its part of your operating system). In most cases your system will use a boot loader called "grub". If your system is using lilo, the older (really really old) boot loader we recommend you use grub. If you are using a third party boot loader, please contact your boot loader vendor for assistance.

If your system is using grub, you will simply need modify this file as root:

/etc/grub.conf

A typical grub.conf file will look similar to this:

# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/md1
#          initrd /initrd-version.img
#boot=/dev/md0
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.27.7-9.art.i686)
	root (hd0,0)
	kernel /vmlinuz-2.6.27.7-9.art.i686 ro root=/dev/md1 rhgb quiet selinux=0 panic=5 ramdisk_size=128000
	initrd /initrd-2.6.27.7-9.art.i686.img
title CentOS (2.6.26.6-1.art.i686)
	root (hd0,0)
	kernel /vmlinuz-2.6.26.6-1.art.i686 ro root=/dev/md1 rhgb quiet selinux=0 panic=5 ramdisk_size=128000
	initrd /initrd-2.6.26.6-1.art.i686.img
title CentOS (2.6.25.4-4.art.i686)
	root (hd0,0)
	kernel /vmlinuz-2.6.25.4-4.art.i686 ro root=/dev/md1 rhgb quiet selinux=0 panic=5 ramdisk_size=128000
	initrd /initrd-2.6.25.4-4.art.i686.img


The system will boot into the kernel based on the configuration of this single line in /etc/grub/conf:

default=0

Where "0" is the number of the kernel to boot into. In grub the first position, or selected kernel, is "0", the second position is "1" and so on. So the kernel the system will boot into, in the example above, is:

title CentOS (2.6.27.7-9.art.i686)
	root (hd0,0)
	kernel /vmlinuz-2.6.27.7-9.art.i686 ro root=/dev/md1 rhgb quiet selinux=0 panic=5 ramdisk_size=128000
	initrd /initrd-2.6.27.7-9.art.i686.img

Because its in "position" 0. If you want the system to boot into a different kernel, for example if we wanted to boot into the second kernel (its in position 1, remember the first position is 0, not 1):

title CentOS (2.6.26.6-1.art.i686)
	root (hd0,0)
	kernel /vmlinuz-2.6.26.6-1.art.i686 ro root=/dev/md1 rhgb quiet selinux=0 panic=5 ramdisk_size=128000
	initrd /initrd-2.6.26.6-1.art.i686.img

Simply change this line:

default=0

To:

default=1

If you wanted, in the example above, to boot into the third kernel then you would change this number to "2", and so on.

Note: The grub examples above are just examples, do not use them to configure grub. Follow the instructions in this article to install the kernel, which will configure grub for you.

[edit] RHEL7/Centos 7

See this article from redhat:

https://access.redhat.com/solutions/1605183

[edit] Preventing the upgrade or installation of the secure kernel

If you want do not want yum to install the secure ASL kernel, and would prefer to stick with your distributions stock kernel, put 'exclude=kernel*' in the [asl-2.0] section in /etc/yum.repos.d/asl.repo. ASL will actively test and report vulnerabilities in all kernels, so if your stock kernel is reported to have vulnerabilities these are not false positives. We do not recommend you use any kernel other than the ASL kernel.

[edit] Kernel Options

Please see the Kernel Configuration section.

[edit] Testing the Kernel

[edit] Grub Users

1) Once the Atomic kernel is installed, determine which position the Atomic kernel has been installed.

Example:

[root@ac3 ~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/hda3
#          initrd /initrd-version.img
#boot=/dev/hda
default=1
timeout=5
serial --unit=0 --speed=57600
terminal --timeout=5 serial console
title CentOS (2.6.17-1.art)
       root (hd0,0)
       kernel /vmlinuz-2.6.17-1.art ro root=LABEL=/ console=ttyS0,57600n8 selinux=0
       initrd /initrd-2.6.17-1.art.img
title CentOS (2.6.9-34.0.2.ELsmp)
       root (hd0,0)
       kernel /vmlinuz-2.6.9-34.0.2.ELsmp ro root=LABEL=/ console=ttyS0,57600n8
       initrd /initrd-2.6.9-34.0.2.ELsmp.img

Note the line: default=1, this indicates the kernel the system will boot by default, starting at position 0. Position 0 is "title CentOS (2.6.17-1.art)", and position 1 is "title CentOS (2.6.9-34.0.2.ELsmp)" in this example, indicating the system is configured to boot into the default CentOS kernel.

2) Type: grub

the following will be displayed:

GNU GRUB  version 0.97  (640K lower / 3072K upper memory)
[ Minimal BASH-like line editing is supported.  For the first word, TAB
  lists possible command completions.  Anywhere else TAB lists the possible
  completions of a device/filename.]
grub>

3) At the grub prompt set the default kernel to 0, and to only boot once with the following:

grub> savedefault --default=0 --once

4) type: quit

5) reboot the system. If for some reason the kernel does not work with the Atomic kernel, or is otherwise non-responsive, powercycling the system will restore the system to the default kernel.

[edit] Lilo Users

1) The art kernel should be listed in /boot - for example:

       /boot/vmlinuz-2.6.19-7.art

2) Create a symbolic link to this:

       ln -s  /boot/vmlinuz-2.6.19-7.art   /boot/vmlinuz-art

3) edit /etc/lilo.conf to add a section for the art kernel. Eg:

       image=/boot/vmlinuz-art
       label=lxart
       append="console=tty0 console=ttyS0,57600 panic=30"

4) Type: lilo to make the change permanent. Then to test that you can boot into the new kernel do

      lilo -v -v
      lilo -R lxart
      shutdown -r now

5) When it's rebooted, doing a uname -r should show the new art kernel. Now you can make it permanent. Edit /etc/lilo.conf so that it has the line:

      default=lxart

6) type lilo. Then reboot.


[edit] Manual Kernel Installation

Description: In some situations, due to deviations with the distribution kernel management system, it is not possible to perform ASL kernel installation through the regular installer.

Cause: Platform has replaced grub2 with the older grub 1.0 system on el7.

[edit] RHEL/CentOS EL7

1) edit /etc/asl/config and set

 KERNEL_CHANNEL="tortix-kernel"

or if you are using xen:

 KERNEL_CHANNEL="tortix-kernel-xen"

2) Update configs

 aum -u


3) Install the kernel

 yum install kernel-asl


For systems with grub2 installed:

4) Set the kernel to boot only once for testing.

 grub2-reboot 1

5) Reboot

 reboot


6) If this is successful, set the ASL kernel to default boot

 /usr/sbin/grub2-set-default 0

7) Regenerate config

 grub2-mkconfig -o /boot/grub2/grub.cfg

[edit] Kernel Tuning

[edit] Schedulers

The ASL kernel includes four I/O schedulers to suit various system needs and configurations.

[edit] Scheduler Types

[edit] Completely Fair Queuing (CFQ)

This is the default algorithm. As the name implies, CFQ maintains a scalable per-process I/O queue and attempts to distribute the available I/O bandwidth equally among all I/O requests. CFQ is well suited for mid-to-large multi-processor systems and for systems which require balanced I/O performance over multiple LUNs and I/O controllers.

[edit] Deadline

The Deadline elevator uses a deadline algorithm to minimize I/O latency for a given I/O request. The scheduler provides near real-time behavior and uses a round robin policy to attempt to be fair among multiple I/O requests and to avoid process starvation. Using five I/O queues, this scheduler will aggressively re-order requests to improve I/O performance.

[edit] NOOP

This scheduler is a simple FIFO queue and uses the minimal amount of CPU/instructions per I/O to accomplish the basic merging and sorting functionality to complete the I/O. It assumes performance of the I/O has been or will be optimized at the block device (memory-disk) or with an intelligent HBA or externally attached controller.

[edit] Anticipatory

The Anticipatory elevator introduces a controlled delay before dispatching the I/O to attempt to aggregate and/or re-order requests improving locality and reducing disk seek operations. This algorithm is intended to optimize systems with small or slow disk subsystems. One artifact of using the AS scheduler can be higher I/O latency.

[edit] Changing the scheduler

If the default scheduler does not meet your needs, you can change the scheduler by logging in as root and changing the scheduler for the device in this manner:

echo {SCHEDULER-NAME} > /sys/block/{DEVICE-NAME}/queue/scheduler

Example:

echo noop > /sys/block/hda/queue/scheduler

You can also view the scheduler you are using this this command:

cat /sys/block/{DEVICE-NAME}/queue/scheduler

Example:

cat /sys/block/hda/queue/scheduler

[edit] Technical Abstract

This is a very very basic attempt to describe how the kernel is implemeted on redhat/fedora/centos for those people whom are in environments where someone tried to be "helpful" by removing the native distros kernel and replace it with their own. This is NOT an article for VPS users, because you dont have a kernel and theres nothing you can do. As a side note, this is not a replacement for the real documentation in the linux kernel, they are just my personal observations and are subject to error. This is not linux canon. You have been warned.

[edit] Overview

The kernel installation/upgrade process is for the most part completely automated. Upgrade events are capable of reading the existing configuration information, and adding them to the boot loader.

Major components

Kernel, usually /boot/vmlinuz-XXXX

Ram Disk, usually /boot/initrd-XXXX

Modules, usually /lib/modules/XXXX

Boot loader, usually Grub (/etc/grub.conf which is a symlink to /boot/grub/menu.lst)

Module configuration information, /etc/modprobe.conf, or /etc/modprobe.d/*


Minor componets

New-kernel-pkg, /sbin/new-kernel-pkg

Kenel configuration file (used by new-kernel-pkg), /etc/sysconfig/kernel

mkinitrd config directory (depends on distro), /etc/sysconfig/mkinitrd/


[edit] Boot Process

1) Grub is configured to load a specific kernel

2) Kernel boots, this loads the initrd ramdisk

3) initrd contains the modules needed to read core hardware, like the disks. This is generally where mayhem happens.

4) System mounts disks and goes multi-user, remaining modules like the ethernet controller, lm_sensors, firewall modules, are loaded dynamically


[edit] Initial Installation Process

Basically the Red Hat OS installer does some really impressive work, its called anaconda and you can read more about it here. In brief, the system boots off of an installer kernel, and anaconda interrogates the system to populate the modprobe configuration file mentioned above. Its the only thing I know of that can actually figure out what the hardware is on a box without human intervention.

Modprobe is what loads the kernel drivers for everything on the box, like the disks or the network card, and the modprobe.conf/modprobe.d part is only configured through anaconda. If you dont go through anaconda, then you dont get these configs for your hardware, and if you dont have these configs a normal upgrade wont work.

Let me reiterate this, if you're in an environment where someone thought they were doing you a favor by not putting their own kernel on a system from a disk image (1&1, and ovh, I mean YOU), well they arent. You're about to take the first step down the long road of becoming a kernel/hardware expert. There is no automated way, short of re-imaging the box (and thereby running anaconda again) to resolve this.

[edit] Upgrade Process

Assuming you've got a healthy, normal system, its largely automated. At most ASL only interacts with the system at the grub level, using tricks like --once to boot kernels in test mode. That aside, heres what happens when you upgrade the kernel with yum.

1) Yum installs an additional kernel on the system. It may be configured to remove older kernels, but in nearly every environment it is just adding kernels to the system.


2) Inside the kernel rpm there is a post processing macro called %post, this is a shell script that actually does all the magic. Heres what it looks like from Fedora 10's 2.6.27.x kernels:


 %{expand:%%post %{?-v*}}\
 %{-s:\
 if [ `uname -i` == "x86_64" -o `uname -i` == "i386" ] &&\
    [ -f /etc/sysconfig/kernel ]; then\
   /bin/sed -i -e 's/^DEFAULTKERNEL=%{-s*}$/DEFAULTKERNEL=%{-r*}/' /etc/sysconfig/kernel || exit $?\
 fi}\
 /sbin/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --mkinitrd --kernel-args="selinux=0 acpi=off" --depmod --install %{?1} %{KVERREL}%{?-v*} || exit $?\
 %{nil}


3) Breaking this down, the first step is to update /etc/sysconfig/kernel. The sed line above is passing in information on which base kernel is being used. This is not the version, rather its saying that the default kernel for this system is the kernel-PAE or kernel- package. /etc/sysconfig/kernel itself is one of the config files used by the next step.

4) new-kernel-pkg is run. This is what creates the initrd ramdisk, and add the kernel to grub. Getting back to the whole modprobe.conf issue, new-kernel-pkg reads /etc/modprobe.conf or /etc/modprobe.d for the information it needs to create the /boot/initrd ramdisk. If this information is wrong, or missing, the kernel will not boot. What you'll get is a kernel panic.

5) Once the initrd is created, new-kernel-pkg adds the entries to the bootloader (/etc/grub.conf or /boot/grub/menu.lst), again using /etc/sysconfig/kernel as its config file. You'll see a setting in there UPDATEDEFAULT=yes. If this is set to yes, then whenever new-kernel-pkg is run, the system will automatically configure that kernel as the default.


6) Sometimes during this process you will see warnings that certain modules dont exist. This gets back to modprobe.conf again, as the kernel evolves sometimes the module names will change, or even go away. The entries still exist in modpobe.conf, and so new-kernel-pkg will still try to add them. Its generally a bad sign, and something you *should* worry about, especially if its referencing something important like a network or disk controller. Because of this its a good idea to always boot your kernels in testing mode with the --once flag.

[edit] Troubleshooting

[edit] Known Kernel Module Name Changes

1and1 network card module name changes

Vmware SCSI emulation name changes


1and1 Checklist for /etc/modules.conf or /etc/modprobe.conf

Step 1) Enumerate hardware with /sbin/lspci

Step 2) Check network cards,

Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II] was

 alias eth0 8139too

change to

 alias eth0 via-rhine

Step 3) Check SATA modules

[edit] Kernel Panics

See the Kernel Panic article.

[edit] Virtualization Notes

See the ASL_3.2_Virtualization_Notes article for important information on the kernel and different virtualization technologies.

[edit] ASL Kernel Features

Please see the ASL Kernel Features article.

[edit] ASL kernel modules

Please see the ASL kernel modules article.

[edit] Source Code

You can install the kernel source code by running this command as root:

yum install kernel-asl-devel --enablerepo=tortix-kernel

Personal tools