Recently I got an email from DigitalOcean to update my server’s kernel to protect against the Meltdown and Spectre exploits. The instructions are the normal update commands that I usually run, “apt-get update” and “apt-get dist-upgrade”.
After doing the update, I thought that I would double-check the kernel version. The latest Ubuntu 14.04 kernel is “3.13.0-143-generic”. The kernel that my server was using is “3.13.0-039-generic”. My server was running an extremely old version of the kernel.
Supposedly, the Ubuntu GrubLoader should automatically run the latest installed kernel version after a reboot. However, my server was not doing that. It appears to be an issue with DigitalOcean’s droplet configuration.
The workaround is to use the DigitalOcean web interface to change the kernel from “DigitalOcean GrubLoader v0.2 (20160714)” to “DigitalOcean GrubLoader v0.1 (20160527)” (or vice versa). Then shutdown the server (using the command line) and switch the droplet back on using the DigitalOcean web interface. Somehow, changing the GrubLoader version makes the GrubLoader start working properly again.
Here are the full instructions to ensure that your Ubuntu server is running the latest kernel:
lsb_release -a
# Show kernel version (alternatively, run "uname -a" or "cat /proc/version")
uname -r
# Update apt-get repository
sudo apt-get update
# Install any updates, handle dependencies automatically
sudo apt-get dist-upgrade
# Reboot so Grub will load any newly-installed kernel version
sudo reboot
# After reboot, show kernel version
uname -r
# If the kernel version is not the latest "3.13.0-143-generic" or later,
# go to the DigitalOcean web interface and switch the droplet's kernel
# from "DigitalOcean GrubLoader v0.2" to "DigitalOcean GrubLoader v0.1"
# (or vice versa).
# Doublecheck by listing the installed kernel image(s)
dpkg --list | grep linux-image-generic
# Shutdown the server
sudo poweroff
# On the DigitalOcean web interface, refresh the Droplet details until
# you see the power switch (located to right of Droplet name) go to
# the Off position. Switch it back to the On position.
# After server boots up, show kernel version (you should see latest)
uname -r
# If you can't ssh into your server or you want the later
# "DigitalOcean GrubLoader v0.2" version, just repeat the steps above
# to change the GrubLoader version.
# Remove dependencies and packages which are no longer used
sudo apt-get autoremove
# If you get a "you may need to re-run your boot loader[grub]" warning,
# optionally update Grub's configuration.
sudo update-grub
Info above derived from: