piyologさんにまとまっていたのでCentOS7の更新をしました(利用頻度が低いサーバを実験台にしました)
http://d.hatena.ne.jp/Kango/20180104/1515094046
centos7のkernelアップデート
むかし書いたCentOS7のkernelアップデート手順
https://qiita.com/smallpalace/items/e2489e48e011aff20170
# yum update kernel microcode_ctl linux-firmware qemu-kvm libvirt
=========================================================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================================================
Installing:
kernel x86_64 3.10.0-693.11.6.el7 updates 43 M
Updating:
kexec-tools x86_64 2.0.14-17.2.el7 updates 333 k
linux-firmware noarch 20170606-57.gitc990aae.el7 updates 35 M
microcode_ctl x86_64 2:2.1-22.2.el7 updates 1.1 M
Updating for dependencies:
dracut x86_64 033-502.el7_4.1 updates 321 k
dracut-config-generic x86_64 033-502.el7_4.1 updates 54 k
dracut-config-rescue x86_64 033-502.el7_4.1 updates 56 k
dracut-network x86_64 033-502.el7_4.1 updates 98 k
Transaction Summary
=========================================================================================================================================================================
Install 1 Package
Upgrade 3 Packages (+4 Dependent packages)
Total download size: 80 M
Is this ok [y/d/N]: y
Installed:
kernel.x86_64 0:3.10.0-693.11.6.el7
Updated:
kexec-tools.x86_64 0:2.0.14-17.2.el7 linux-firmware.noarch 0:20170606-57.gitc990aae.el7 microcode_ctl.x86_64 2:2.1-22.2.el7
Dependency Updated:
dracut.x86_64 0:033-502.el7_4.1 dracut-config-generic.x86_64 0:033-502.el7_4.1 dracut-config-rescue.x86_64 0:033-502.el7_4.1 dracut-network.x86_64 0:033-502.el7_4.1
Complete!
※aws上のCentOS7でqemu-kvm libvirtは入ってなかった
・一応確認できたチェンジログ
# rpm -q --changelog microcode_ctl|head
* Fri Dec 15 2017 Petr Oros <poros@redhat.com> - 2.1-22.2
- Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04
- Resolves: #1527358
# rpm -q --changelog linux-firmware|head
* Wed Dec 27 2017 Rafael Aquini <aquini@redhat.com> - 20170606-57.gitc990aae
- Add amd-ucode for fam17h
# uname -r
# awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
# grub2-set-default 0
# grub2-mkconfig -o /boot/grub2/grub.cfg
# uname -r
# reboot
ssh
$ sudo su -
# uname -r
3.10.0-693.11.6.el7.x86_64
とりあえず対策されてるらしいカーネルへのアップデートは完了
https://access.redhat.com/errata/RHSA-2018:0007
Ubuntu16のkernelアップデート
※Azureのノード。
$ uname -r
4.11.0-1016-azure
$ sudo apt install linux-generic
$ dpkg -l | grep linux-image | grep ^ii
ii linux-image-4.11.0-1016-azure 4.11.0-1016.16 amd64 Linux kernel image for version 4.11.0 on 64 bit x86 SMP
ii linux-image-4.13.0-1005-azure 4.13.0-1005.7 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.4.0-103-generic 4.4.0-103.126 amd64 Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii linux-image-4.4.0-109-generic 4.4.0-109.132 amd64 Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii linux-image-azure 4.13.0.1005.6 amd64 Linux kernel image for Azure systems.
ii linux-image-extra-4.11.0-1016-azure 4.11.0-1016.16 amd64 Linux kernel extra modules for version 4.11.0 on 64 bit x86 SMP
ii linux-image-extra-4.4.0-103-generic 4.4.0-103.126 amd64 Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii linux-image-extra-4.4.0-109-generic 4.4.0-109.132 amd64 Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii linux-image-extra-virtual 4.4.0.109.114 amd64 Transitional package.
ii linux-image-generic 4.4.0.109.114 amd64 Generic Linux kernel image
$ sudo reboot
sshしなおす
$ uname -r
4.13.0-1005-azure
戻したいときは戻したい対象の旧いkernelパッケージ以外を消すとよい模様。
http://sicklylife.hatenablog.com/entry/2017/05/24/185955