You've successfully subscribed to Nuvotex Blog
Great! Next, complete checkout for full access to Nuvotex Blog
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Upgrading kernel on Ubuntu (20.04) LTS

Upgrading kernels on LTS releases of ubuntu can easily be done by enabling an LTS enablement stack. This guide will show how and what to consider.

Daniel Nachtrub
Daniel Nachtrub

You might like to run LTS versions of operating systems because you don't need access to the newest features direct after release. While this is a good choice for systems running a particular workload over the whole lifecycle, there are other setups where you want to get access to newer features.

In our case we've a scenario where we want to run Kubernetes with Cilium CNI and we would like to use XDP to get a very efficient and fast datapath. Ubuntu 20.04 ships with kernel 5.4 and has therefore hv_netvsc with driver version 5.4 - but XDP acceleration on Cilium requires at least version 5.6.

uname -a
# Linux LAB2-NUV-K8S0C2 5.4.0-94-generic #106-Ubuntu SMP Thu Jan 6 23:58:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
LTS kernel version

Long story short: We want to upgrade the kernel. Luckily - as most things in ubuntu - this is quite easy and straight forward.

Use Hardware Enablement Stack

The solution is to use the Hardware Enablement Stack (HWE) which will give you access to newer kernels. Enabling HWE is done using a single command:

apt update && apt install --install-recommends linux-generic-hwe-20.04

# [...]
# The following additional packages will be installed:
#  linux-headers-5.13.0-27-generic linux-headers-generic-hwe-20.04 linux-hwe-5.13-headers-5.13.0-27 linux-image-5.13.0-27-generic linux-image-generic-hwe-20.04 linux-modules-5.13.0-27-generic linux-modules-extra-5.13.0-27-generic
# [...]
# Generating grub configuration file ...
# Found linux image: /boot/vmlinuz-5.13.0-27-generic
# Found initrd image: /boot/initrd.img-5.13.0-27-generic
enable HWE

As you can see we've enabled HWE and upgraded the kernel.

Applying the kernel requires a reboot here. 

uname -a
# Linux LAB2-NUV-K8S0C2 5.13.0-27-generic #29~20.04.1-Ubuntu SMP Fri Jan 14 00:32:30 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
upgraded kernel

Where's the catch?

Well, like in probably any case there's no free lunch. In this case: HWE kernels are only supported 6 months. This is critical because support means that there won't be any security patches after quite a short time. So be sure to have the right automation tools in place to stay up to date here.

More information about LTS enablement stack is available at ubuntu's documentation: Kernel/LTSEnablementStack - Ubuntu Wiki

Linux
Daniel Nachtrub

Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.

You might also like

Linux kernel keyrings, container isolation and maybe some kerberos

Linux kernel keyrings, container isolation and maybe some kerberos

On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes
Why you should use rook ceph on kubernetes (onprem)

Why you should use rook ceph on kubernetes (onprem)

If you run kubernetes on your own, you need to provide a storage solution with it. We are using ceph (operated through rook). This article gives some short overview about it's benefits and some pro's and con's of it.

Daniel Nachtrub
Daniel Nachtrub
Cloud

Authors →

Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.

Sebastian Augustin

Lorenz Maier