Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
Why can't I update the kernel and package for an Amazon EC2 instance that I launched from an Amazon EKS optimized AMI?
I used an Amazon Elastic Kubernetes Service (Amazon EKS) optimized Amazon Machine Image (AMI) to launch my Amazon Elastic Compute Cloud (Amazon EC2) instance. However, I can’t update the kernel or package even when later versions are available. I receive “Nothing to do” and “No packages marked for update” messages.
Short description
Typically, Amazon EKS optimized AMIs block package updates because the yum-versionlock plugin locked specific package versions and excluded all others. The plugin keeps locked packages at their defined versions so that you don't accidentally update to an incompatible version.
To resolve this issue, it's a best practice to update the AMI instead of the kernel. However, if you use a custom AMI with a locked package, then you can remove the version lock and upgrade the package.
Resolution
Note: It's a best practice to back up your EC2 instances and data before you troubleshoot or make changes. Create an AMI of your instance, or create a snapshot of your Amazon Elastic Block Store (Amazon EBS) volume.
Verify that your AMI has a version lock
To check the kernel version that your instance is running, run the following command:
uname -r
To check whether packages are locked to specific kernel versions, run the following command:
yum versionlock list
If yum-versionlock has version lock activated, then you receive an output similar to the following example:
kernel-devel-1:6.1.155-176.282.amzn2023.* kernel-headers-1:6.1.155-176.282.amzn2023.* kernel-1:6.1.155-176.282.amzn2023.* kernel-libbpf-1:6.1.155-176.282.amzn2023.* kernel-srpm-macros-0:1.0-14.amzn2023.0.3.* kernel-livepatch-repo-s3-0:2023.9.20251014-0.amzn2023.* amazon-ec2-net-utils-0:2.7.1-1.amzn2023.0.1.* containerd-2:1.7.27-1.eks.amzn2023.0.4.*
Update the AMI for a version-locked AMI
Upgrade the Amazon EKS optimized AMI to use the latest version. This change keeps your system stable as you use only validated kernel versions.
Remove the version lock, and then upgrade the package
Important: There might be compatibility issues between the updated package and other components such as containerd. Locked updates haven't been tested for compatibility.
To upgrade the package for a custom AMI, complete the following steps:
-
Run the following command to view the list of locked packages:
sudo yum versionlock list: -
To remove the version lock on a specific package, run the following command:
sudo yum versionlock delete package_nameNote: Replace package_name with the package that you want to unlock.
To remove the version lock on all packages, run the following command:sudo yum versionlock clear -
Run the following command to validate that the version is unlocked:
sudo yum versionlock list -
Update the packages to the latest versions available in your repositories.
Related information
Deterministic upgrades through versioned repositories on AL2023
- Topics
- Compute
- Tags
- Amazon EC2
- Language
- English
Relevant content
- asked 4 years ago
- asked 2 years ago
