LVM installs and encrypted installs use a small separate /boot partition. The small partition is capable of holding only four or five kernels, and fills to capacity quickly. To prevent /boot partition from getting full, you need to configure automatic removing of old kernels, or remove old kernels regularly manually, if automatic removing of old kernels is not working by default; see Bug #1357093.

Changing the kernel-containing packages on your system requires commands with root access, so please do read RootSudo.

Regular Maintenance

Removing old kernels is easy to do on a properly-operating system. You can do it manually, or set unattended-upgrades to do it automatically. If you are receiving package management errors, regular maintenance may not work until the problem is fixed. See chapter Problems below.

Manual Maintenance

Using Apt

If your system is operating without error, you should be able to remove old kernels with a simple autoremove command in shell:

sudo apt-get autoremove --purge

Note: Due to Bug #1492709 in Ubuntu 14.04 this works only, if you have installed security updates automatically, and not manually by e.g. Software Updater, see in this chapter how to configure it.

In 16.04 and newer you could alternatively use

sudo apt autoremove --purge

The system keeps track of which kernels are older and marks them eligible for removal using this method; the apt(-get) method also removes other automatically installed packages that (recursively) no manually installed package depends on.

Note: This way will not remove all automatically installed old kernels; the list of kept kernels is maintained in text file /etc/apt/apt.conf.d/01autoremove-kernels as a list of matching regular expressions.

Other Methods

There is an advanced script for purging kernels; it is called linux-purge.

If you just need to purge kernels selectively, you could benefit from this answer.

Automatic Maintenance

The unattended-upgrades package, included with the default install of all Ubuntu flavors, includes a setting to run automatic remove automatically. Enabling this setting is a two-step process.

Enable Unattended Upgrades

The first step is to enable unattended-upgrades. You can do it by using the GUI or the shell.

GUI Way

Enable unattended upgrades using Software & Updates --> Updates Tab:

  • Check the box for *-security (and/or any other repositories you wish)
  • Automatically check for updates: Set to any frequency (except 'Never')
  • When there are security updates: Set to Download and Install Automatically

Shell Way

sudo dpkg-reconfigure -plow unattended-upgrades

By default this installs possible security upgrades every day. If you want to change which sort of packages it will upgrade (if any), or how often, see here for details.

Configure Unattended Upgrades to Remove Unneeded Kernels Automatically

Note: The following methods may only remove kernels that are marked as being automatically installed. In Ubuntu 16.04 kernels installed by Software Updater are marked as being automatically installed. In Ubuntu 14.04 only kernels installed by Unattended Upgrades are marked as being automatically installed.

Note: This way will not remove all automatically installed old kernels; the list of kept kernels is maintained in text file /etc/apt/apt.conf.d/01autoremove-kernels as a list of matching regular expressions.

The second step is to edit the configuration file /etc/apt/apt.conf.d/50unattended-upgrades to enable completely automatic remove. It's owned by root, so remember to use sudo!

Option for All Ubuntu Releases (recommended)

The following setting configures unattended-upgrade to remove excessive automatically installed packages after unattended upgrades.

Make sure /etc/apt/apt.conf.d/50unattended-upgrades contains line

Unattended-Upgrade::Remove-Unused-Dependencies "true";

(and not the one ending with "false";).

Thereafter system should remove old automatically installed kernels and packages associated to them - automatically as part of unattended upgrade. (It does not purge them, however.) It also removes other unneeded packages, as well. You could do the same manually by running

sudo apt-get autoremove

Actually, in Ubuntu 16.04 and later kernels do not have to be installed automatically, if you install them by Software Updater, because they are technically marked as being automatically installed then. As a consequence, you could disable automatic upgrading of packages and still have automatic removing of packages by additionally commenting out i.e. prefixing by // all software origins i.e. lines in section Unattended-Upgrade::Allowed-Origins in file /etc/apt/apt.conf.d/50unattended-upgrades.

Option for Ubuntu 16.04 and Later

Unattended-upgrades version 0.90 supports new configuration variable that makes it possible to automatically remove only packages that become excessive during unattended upgrade. It is enabled i.e. "true" by default, so make sure there is NO line

Unattended-Upgrade::Remove-New-Unused-Dependencies "false"

and NO line

Unattended-Upgrade::Remove-Unused-Dependencies "true";

in /etc/apt/apt.conf.d/50unattended-upgrades, if you want to remove only new unused dependencies automatically after unattended upgrades. Due to this design, it is important that you let unattended-upgrades handle automatic installing of security updates. Otherwise kernels do accumulate, and you may have to do some manual removing of kernels.

Note: This is the default behavior of Ubuntu 16.04.

Further Configure Unattended Upgrades

Check this out for reference.

Note: Do not use the "--dry-run" option in older Ubuntu than 17.04 due to bug Bug #1544942

Problems

If your package management is broken, or if regular maintenance above is not working, any of several problems may have occurred. You may be out of storage space, or you may have a package version mismatch, or you may have another problem.

Safely Removing Old Kernels

For users of LVM systems, encrypted systems or limited-storage systems, the most frequent problem is that the /boot partition is simply full. The package manager cannot install a pending upgrade due to lack of space. Besides, apt-get can not remove a package due to broken dependency.

This problem can be fixed from the shell: Simply identify one or two old kernels to remove manually, which will provide the package manager enough space to install the queued upgrade.

Note: For convenience, the following process has been scripted in linux-purge.

$ sudo rm -rv ${TMPDIR:-/var/tmp}/mkinitramfs-*  
                                  ## In Ubuntu 16.04 and earlier there may be leftover temporary
                                  ## files to delete.
                                  ## See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814345

$ uname -r                        ## This command identifies the currently-running kernel
4.2.0-21-generic                  ## This is the current kernel.
                                  ## DO NOT REMOVE it!

$ dpkg -l | tail -n +6 | grep -E 'linux-image-[0-9]+' | grep -Fv $(uname -r)
                                  ## This command lists all the kernels excluding the booted
                                  ## kernel in the package database, and their status.
rc  linux-image-4.2.0-14-generic  ## The oldest kernel in the database
                                  ## Status 'rc' means it's already been removed
ii  linux-image-4.2.0-15-generic  ## The oldest installed kernel. Eligible for removal.
                                  ## Status 'ii' means Installed.
ii  linux-image-4.2.0-16-generic  ## Another old installed kernel. Eligible for removal
ii  linux-image-4.2.0-18-generic  ## Another old installed kernel. Eligible for removal
ii  linux-image-4.2.0-19-generic  ## The previous good kernel. Keep
iU  linux-image-4.2.0-22-generic  ## DO NOT REMOVE. Status 'iU' means it's not installed,
                                  ## but queued for install in apt.
                                  ## This is the package we want apt to install.

                                  ## Purge the oldest kernel package using dpkg instead of apt.
                                  ## First you need to remove the image initrd.img file manually
                                  ## due to Bug #1678187.
$ sudo update-initramfs -d -k 4.2.0-15-generic
$ sudo dpkg --purge linux-image-4.2.0-15-generic linux-image-extra-4.2.0-15-generic
                                  ## If the previous command fails, some installed package
                                  ## depends on the kernel. The output of dpkg tells the name
                                  ## of the package. Purge it first.

                                  ## Also purge the respective header package.
$ sudo dpkg --purge linux-headers-4.2.0-15-generic
                                  ## Try also purging the common header package.
$ sudo dpkg --purge linux-headers-4.2.0-15
                                  ## Do not worry, if the previous command fails.

$ sudo apt-get -f install         ## Try to fix the broken dependency.

If the last command works without an error, continue to chapter Manual Maintenance to remove more kernels. Otherwise, if the last command still failed due to insufficient disk space in /boot, you have to purge another kernel same way.

Unmet Dependency Errors

If you have ignored apt and dpkg errors for a while, then some packages may have upgraded while others did not. This is an expected follow-on effect. You will see mysterious, persistent version errors upon normal upgrades.

The simple way to fix most version mismatch errors is to update the package database, clean out the package cache, and download-and-reinstall the newer version of the offending package.

This is easier than it sounds. For example, if the 'hello' package is one of those unmet dependencies:

$ sudo apt-get update                      ## Update the package database
$ sudo apt-get clean hello                 ## Delete the hello package from the local cache
$ sudo apt-get install --reinstall hello   ## Download and reinstall the latest version of hello

Oops, Removed All Kernels!

If you got a bit carried away and deleted all the kernels, you fall into the "You did WHAT?!?!" class. You will be pleased to know that you are not the first, nor will be the last, person to do this. Get your LiveCD and head over to GRUB reports no operating system.

RemoveOldKernels (last edited 2017-09-14 00:18:45 by jarnos)