Hi.
The situation is quite the same as described in No kernel update available for cloud optimized rocky8 .
I’m runningRocky 8.10 VM deployed in Google Cloud.
My kernel is 4.18.0-553.16.1.el8_10.cloud.0.1.x86_64 #1 SMP Thu Sep 12 13:56:18 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
When checking in Index of /pub/sig/8/cloud/x86_64/cloud-kernel/ - indeed this is the latest available signed version.
I’m not sure how the signed versions are rolled out? Should I wait more for the updated signed versions?
Thanks.
I noticed that kernel was marked as excluded in the rocky-base.repo configuration (reminder - I’m using Google Cloud)
As a workaround I’ve disabled the cloud-kernel repository and commented out the exclude line.
It’s quite ugly, but I had no choice.
Any update on new cloud kernel? when they are going to realese new kernel update?
I’m not sure who maintains the cloud-kernel sig @neil @nazunalika do you maybe know when updated kernels appear?
You can try raising awareness of this on Rocky Mattermost in sig/cloud channel: Rocky Linux Mattermost
From the chat activirty, I see a MR with kernel updates is pending: [SIG-CLOUD-8] Add bugfixes for carried patches (!21) · Merge requests · SIG / cloud / patch / kernel · GitLab
1 Like
@ilyabr How you procced for kernel update, I am still waiting for the cloud kernel update.
I can not switch the cloud kernel to normal kernel since i have more count of VM’s
@Jatin_firme exacly as I said:
I’ve disabled the cloud-cernel repository and commented the exclude line in the Rocky-BaseOS.repo:
pssh -H "all_my_hosts" sudo sed -i 's/exclude/#exclude/' /etc/yum.repos.d/Rocky-BaseOS.repo && sudo dnf config-manager --disable cloud-kernel
Of course, before that I’ve tested the regular kernel for a week on our staging deployment.
I don’t know what’s the main difference between the cloud and the regular kernel, but it looks like this is not something significant that we can’t live without it.
Hi folks - thank you for your patience.
I’m now puhsing out some new builds that have been tested and are up to date as of December 29th, 2024… Which I recognize is still two months out of date.
I plan to do some devblog soon, but the long story short is we’ve a big technical debt inside our secureboot signing procedures, in that they’re fully manual at this time… and require scheduling multiple volunteers in our release engineering / security / infrastructure group to perform the signing and etc in a blessed way. I’d like to automate more of this, but as one can imagine, it’s a time consuming and arduous process with lots of pitfalls and things to take into consideration.
In any case, it’s clear we also need to update the documentation and keep it up to date on what the Cloud SIG kernel is and how it differs from the upstream Rocky one. This isn’t the place to do that, but I am taking a task here to update the documentation on the SIG wiki and make sure it’s clear what the differences are, when they differ.
In general, unless you’re running Rocky Linux 8 aarch64 on Google Cloud, you’re OK to use the upstream kernel in 99% of cases. For Rocky 8 aarch64 in SIG/Cloud (only), we use a different kernel page size to enable the OS to boot on the hardware.
Again, thank you all very much for your patience on this. It’s obviously not good to leave the kernel unpatched for this long and while there were extenuating circumstances in this instance, it’s a noted item in our procedures that needs to be fixed and tracked properly.
–Neil
1 Like
If that something I can assist with in any way?