So updating our many, many VPSes to mitigate for Meltdown and Spectre is on my plate today. We use Digital Ocean as our provider, and all of our VPS are provisioned with Trellis.
I’m not as good as I should be about keeping my VPSes updated, so the number of updates varied between servers, but the gist is the same.
DO has an article about Meltdown and Spectre here, which will be updated as more news and patches become available.
Following this article, here’s what I did:
- SSHed to my server
$ ssh email@example.com
- Switch to “admin” user (enter password from
trellis/group_vars/production/vault.yml when prompted)
$ su admin
- Update apt cache and perform a
$ sudo apt-get update
$ sudo apt-get dist-upgrade
Wait a while for the updates to run. A few of my servers prompted when a local file (
menu.lst) was modified. I chose the default to keep the modified version; I did NOT overwrite with the package maintainer’s version.
$ sudo reboot
- SSH back into the server (see step 1) and check the kernel version
$ uname -r
According to Digital Ocean, Ubuntu kernel version
4.4.0-109-generic is what you want to see here. If you see that, everything went great. Check that there are no errors on your site, and move on to the next server.
This has been my process and it’s worked so far. I have about 30 more droplets to update; wish me luck!