[ec2] linux-ec2, linux-image-ec2 held back

[Scott Moser]

On Wed, 10 Feb 2010, Jonathan Marston wrote:

> when doing apt-get upgrade on my ubuntu 9.10 ec2 instance, i see that there are upgrades pending for linux-ec2 and linux-image-ec2
>
> normally to get those held back packages to upgrade by doing 'apt-get dist-upgrade' but they still get held back
>
> apt-get dist-upgrade -V
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Calculating upgrade... Done
> The following packages have been kept back:
>    linux-ec2 (2.6.31.302.2 => 2.6.31.303.3)
>    linux-image-ec2 (2.6.31.302.2 => 2.6.31.303.3)
> 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
>
> This server was built from m1.large instance of ami-ab15f6c2
>
> uname -a:
> Linux domU-XX-XX-XX-XX-XX-XX 2.6.31-302-ec2 #7-Ubuntu SMP Tue Oct 13 19:55:22 UTC 2009 x86_64 GNU/Linux
>
> What are the updates?
>
> Do I want to force them or are they held back for a good reason?

I opened bug 520015 [1] to address this.  Basically, the packages are
broken and thats what is causing you to see what you're seeing.

> What is best approach for updating?

A while ago, I'd opened up bug 506960 [2] to investigate the proper way to
handle kernel package upgrades on ec2.

Basically, the install of a new kernel package is not going to do
*anything* for you on an instance-store type image, and wont do anything
without further effort on your part for an ebs-root image.

In both cases, you cannot change the kernel that is to be booted from
within the guest.  In the instance store case you can't change the kernel
for that instance *period*.   In the ebs case, you could shut down the
instance and change its kernel to the latest published kernel.

The default kernel for ami-ab15f6c2
(ubuntu-karmic-9.10-amd64-server-20091027.1.manifest.xml) is aki-fd15f694
(ubuntu-karmic-amd64-linux-image-2.6.31-302-ec2-v-2.6.31-302.7-kernel.img.manifest.xml)
which is the latest we have available on ec2 right now.  So it would
appear the meta packages are suggesting a newer kernel than is available.

I'm kind of torn as to what is the correct behavior for this, there are 2
options:
a.) only show kernel upgrades of the same ABI version (which would provide
modules which would boot with the kernel you've already booted)
b.) show the kernel upgrades as an indication to the user that there are
security updates, and somehow indicate to them that they need to address
those by booting another kernel and installing the kernel package the
instance.

I'm definitely open to feedback.

--
[1] https://bugs.launchpad.net/ubuntu/+source/linux-meta-ec2/+bug/520015
[2] https://bugs.launchpad.net/ubuntu/+source/ec2-init/+bug/506960