fix: (host-setup) properly set and pin the desired kernel #920
Conversation
rackerchris
changed the title
There was a problem hiding this comment.
we'll need an equal configuration setup for debian defined here
| @@ -18,44 +18,59 @@ | |||
| filter: "ansible_kernel" | |||
|
|
|||
| - name: Check Kernel Version | |||
There was a problem hiding this comment.
the intent of this check was to ensure that the deployed kernel on a given host met our minimum requirements. If we go down the path of pinning to a specific kernel version, we can eliminate this task.
| host_required_kernel: 6.8.0-0-generic | ||
| # This variable is used to set the default kernel in grub. Ensure you are | ||
| # using the ENTIRE output from uname -r | ||
| host_required_kernel: 6.8.0-47-generic |
There was a problem hiding this comment.
The latest kernel in this series is 6.8.0-56-generic if we're going down the path of doing specific kernel pinning, I don't think we should start out with an older version of the kernel that contains known CVEs.
There was a problem hiding this comment.
I think it would be good to create an opt-out interface for the task that calls this file; thinking of how we might need to run other kernel versions like linux-image-6.8.0-1006-intel for some of the accelerator work we're aiming to release in flex in the not so distant future.
pin-kernel task wasnt actaully pinning the desired kernel but rather checking to see if it wasin the same major/minor series. This pr defines a static kernel and ensures that its installed and "pinned" via GRUB_DEFAULT updates.