Rocky 8.9 Kernel Issues

Rocky Linux General
1

Hi All,

Firstly, apologies but I’m not an expert, have just enough skills to get myself in trouble!

I ran a Nessus scan on my server and it reported this:-

“Installed package kernel-4.18.0-514.el8 is greater than kernel-4.18.0-513.24.1.el8_9.
However, according to uname -r, the current running kernel level is 4.18.0-477.27.1.el8_8.
This system requires a reboot to begin using the patched kernel level.”

This server was an upgrade from CentOS to RL and I’m wondering if this is somehow conflicting with the el8_9 kernel? Checking my server (cat /etc/rocky-release) shows “Rocky Linux release 8.9 (Green Obsidian)”. However, looking at the boot (grubby --info=ALL) this shows “Rocky Linux (4.18.0-477.27.1.el8_8.x86_64) 8.8 (Green Obsidian)”.

Checking the installed items (dnf list installed kernel\*) shows the following:-

Installed Packages
kernel.x86_64                                                                                             4.18.0-477.27.1.el8_8                                                                                   @baseos
kernel.x86_64                                                                                             4.18.0-513.el8                                                                                          @baseos
kernel.x86_64                                                                                             4.18.0-514.el8                                                                                          @baseos
kernel-core.x86_64                                                                                        4.18.0-477.27.1.el8_8                                                                                   @baseos
kernel-core.x86_64                                                                                        4.18.0-513.el8                                                                                          @baseos
kernel-core.x86_64                                                                                        4.18.0-514.el8                                                                                          @baseos
kernel-headers.x86_64                                                                                     4.18.0-513.24.1.el8_9                                                                                   @baseos
kernel-modules.x86_64                                                                                     4.18.0-477.27.1.el8_8                                                                                   @baseos
kernel-modules.x86_64                                                                                     4.18.0-513.el8                                                                                          @baseos
kernel-modules.x86_64                                                                                     4.18.0-514.el8                                                                                          @baseos
kernel-tools.x86_64                                                                                       4.18.0-513.24.1.el8_9                                                                                   @baseos
kernel-tools-libs.x86_64                                                                                  4.18.0-513.24.1.el8_9                                                                                   @baseos

Grubby output:-

index=0
kernel="/boot/vmlinuz-4.18.0-514.el8.x86_64"
args="ro crashkernel=auto resume=/dev/mapper/cs_XX-swap rd.lvm.lv=cs_XX/root rd.lvm.lv=cs_XX/swap rhgb quiet $tuned_params"
root="/dev/mapper/cs_XX-root"
initrd="/boot/initramfs-4.18.0-514.el8.x86_64.img $tuned_initrd"
title="CentOS Stream (4.18.0-514.el8.x86_64) 8"
id="4253bcbb1baa4619be76de1567336617-4.18.0-514.el8.x86_64"
index=1
kernel="/boot/vmlinuz-4.18.0-513.el8.x86_64"
args="ro crashkernel=auto resume=/dev/mapper/cs_XX-swap rd.lvm.lv=cs_XX/root rd.lvm.lv=cs_XX/swap rhgb quiet $tuned_params"
root="/dev/mapper/cs_XX-root"
initrd="/boot/initramfs-4.18.0-513.el8.x86_64.img $tuned_initrd"
title="CentOS Stream (4.18.0-513.el8.x86_64) 8"
id="4253bcbb1baa4619be76de1567336617-4.18.0-513.el8.x86_64"
index=2
kernel="/boot/vmlinuz-4.18.0-477.27.1.el8_8.x86_64"
args="ro crashkernel=auto resume=/dev/mapper/cs_XX-swap rd.lvm.lv=cs_XX/root rd.lvm.lv=cs_XX/swap rhgb quiet $tuned_params"
root="/dev/mapper/cs_XX-root"
initrd="/boot/initramfs-4.18.0-477.27.1.el8_8.x86_64.img $tuned_initrd"
title="Rocky Linux (4.18.0-477.27.1.el8_8.x86_64) 8.8 (Green Obsidian)"
id="4253bcbb1baa4619be76de1567336617-4.18.0-477.27.1.el8_8.x86_64"
index=3
kernel="/boot/vmlinuz-0-rescue-4253bcbb1baa4619be76de1567336617"
args="ro crashkernel=auto resume=/dev/mapper/cs_XX-swap rd.lvm.lv=cs_XX/root rd.lvm.lv=cs_XX/swap rhgb quiet"
root="/dev/mapper/cs_XX-root"
initrd="/boot/initramfs-0-rescue-4253bcbb1baa4619be76de1567336617.img"
title="CentOS (0-rescue-4253bcbb1baa4619be76de1567336617) 8"
id="4253bcbb1baa4619be76de1567336617-0-rescue"

Could the old CentOS install be stopping the install of the latest RL kernel and should I be doing something to remove the CentOS kernals ( rpm -e ?).

Any help is much appreciated.

Paul.

2

Just to update on this issue. I put a checkpoint on the VM and decided to give the rpm -e a go. So I ran the following:-

rpm -e kernel-4.18.0-514.el8.x86_64
rpm -e kernel-4.18.0-513.el8.x86_64
dnf update

This then updated to 8_9 and seems to have sorted my issue.

Paul.

3

Sorry for not spotting this before.

While the rpm -e can uninstall packages, one should use the dnf remove instead. Why? The dnf keeps a searchable history of what it has done and can also remove unneeded dependency packages.

Yes, you can list packages with, for example

rpm -qa kernel\*
dnf list installed kernel\*

but for kernel packages there is a handy:

dnf rq --installonly

The latter is not limited to kernel packages, but they tend to be the only ones that one has multiple versions.
On can even filter that list with:
Latest of every name: dnf rq --installonly --latest=1
All but last two of every name: dnf rq --installonly --latest=-2

One can even feed the output – a list – to other command:

dnf remove $(dnf rq --installonly --latest=-2)

Why did your system boot to 4.18.0-477.27.1.el8_8?

/etc/sysconfig/kernel sets UPDATEDEFAULT=yes and notes:

UPDATEDEFAULT specifies if kernel-install should make new kernels the default

The “new” means the one that was installed last. What is actually updated is variable saved_entry that one can see with grub2-editenv list.

The grub.cfg is generated based on values of /etc/default/grub and one of those is usually GRUB_DEFAULT=saved. In other words, bootloader defaults to entry that matches the saved_entry (or first on list if none does).

If the kernel-4.18.0-477.27.1.el8_8 had been installed after kernel-4.18.0-514.el8 then all of the above does what it did.

The dnf up does not install kernel-4.18.0-513.24.1.el8_9?

On system that already had kernel-4.18.0-514.el8 installed the “514 > 513.x” said that “nothing new” is available nor should be installed. One could have checked what is available and then installed explicitly:

dnf list --showduplicates kernel
dnf install kernel-4.18.0-513.24.1.el8_9

Since this would have changed the “latest installed”, it would have also changed what is used on reboot.
(User should always be able to change the selection on bootloader’s menu manually.)

1 Like
4

Thanks @jlehtone for the detailed reply.

I presume using the rpm -e option is the reason why I still have the packages below that would have been removed automatically if I used dnf.

kernel-core.x86_64                                                                           4.18.0-514.el8
kernel-modules.x86_64                                                                        4.18.0-514.el8

Can you list what package these were a dependence of, or is this not possible now the kernel package has been removed? I assume I then just need to remove these two manually now?

Thanks
Paul.

5

Think I’ve sort of answered my own question thanks to google :slight_smile:

This shows what the current package needs:-

dnf repoquery --requires kernel-4.18.0-513.5.1.el8_9

kernel-core-uname-r = 4.18.0-513.5.1.el8_9.x86_64
kernel-modules-uname-r = 4.18.0-513.5.1.el8_9.x86_64

But I assume as those other packages were CentOS related and I don’t have that repository anymore it can’t know what they were?