Executing Kernel and Package Upgrades via apt/dnf Package Managers
Maintaining a secure and performant Hovixa VPS requires regular updates to the Operating System's packages and the Linux Kernel. While the process is straightforward, mismanaging dependencies during an upgrade can lead to broken services or boot failures. Depending on your distribution, you will use either APT (Advanced Package Tool) for Debian/Ubuntu or DNF (Dandified YUM) for RHEL-based systems like AlmaLinux and CentOS.
1. The Package Management Workflow
Upgrading is a two-step process: first, the system synchronizes the local package index with the remote repositories; second, it downloads and installs the newer versions.
2. Upgrading on Debian and Ubuntu (apt)
The apt manager uses different levels of upgrades. Understanding the distinction between upgrade and dist-upgrade (or full-upgrade) is critical for kernel security.
# 1. Update the local index
sudo apt update
# 2. Upgrade standard packages (wont remove/add new packages)
sudo apt upgrade
# 3. Kernel and major dependency upgrades
sudo apt full-upgrade
3. Upgrading on AlmaLinux and CentOS (dnf)
dnf is more integrated than apt; a single upgrade command handles dependencies and kernel updates simultaneously. It also keeps multiple versions of the kernel by default as a safety mechanism.
# 1. Check for available updates
sudo dnf check-update
# 2. Execute all upgrades including the kernel
sudo dnf upgrade
4. Upgrade Comparison Matrix
| Action | Debian/Ubuntu (apt) | AlmaLinux/CentOS (dnf) |
|---|---|---|
| Sync Repositories | `apt update` | Automatic (during upgrade) |
| Safe Upgrade | `apt upgrade` | `dnf upgrade` |
| Kernel/Major Upgrade | `apt full-upgrade` | `dnf upgrade` |
| Remove Old Cache | `apt autoremove` | `dnf autoremove` |
5. Kernel Upgrades and Reboots
Unlike software applications, a new kernel cannot be applied to a running system without specialized tools (like kpatch). After a kernel upgrade, you must reboot your Hovixa VPS to initialize the new kernel version.
# Check current kernel version
uname -r
# Reboot to apply changes
sudo reboot
6. Technical Implementation Details
- Unattended Upgrades: For security, you can enable the
unattended-upgradespackage on Ubuntu to automatically install security patches. However, be cautious with this on production database servers to avoid unexpected downtime. - The GRUB Bootloader: On a Hovixa VPS, kernel upgrades automatically trigger
update-grub. This ensures that the next boot points to the highest version number available in/boot. - Package Locking: If you have a specific version of a package (e.g., MySQL 8.0.1) that must not be changed, use
apt-mark hold [package]ordnf versionlock add [package].
Sysadmin Advice: Always run **apt autoremove** or **dnf clean all** after a major upgrade. Old kernel headers and cached `.deb` or `.rpm` files can consume significant space on your NVMe storage over time.
