-
-
Save dmsimard/dcede08630bcffaa2a5eacf7194ee350 to your computer and use it in GitHub Desktop.
Ansible playbook for Meltdown mitigation (KPI for CentOS/RHEL 7)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: all | |
| gather_facts: false | |
| pre_tasks: | |
| - name: ensure ipmi tools are installed | |
| yum: | |
| name: ipmitool | |
| - name: retrieve ipmitool address | |
| shell: > | |
| ipmitool lan print | grep '^IP Addr' | grep -v Source | cut -d':' -f2 | xargs | |
| register: ipmitool_lan_print | |
| changed_when: false | |
| failed_when: ipmitool_lan_print.stdout == "" | |
| - name: print ipmi address | |
| debug: | |
| msg: "{{ ipmitool_lan_print.stdout }}" | |
| - name: ensure ipmi is accessible | |
| delegate_to: localhost | |
| wait_for: | |
| host: "{{ ipmitool_lan_print.stdout }}" | |
| port: 80 | |
| timeout: 5 | |
| tasks: | |
| - name: install updated kernel | |
| yum: | |
| name: | |
| - kernel-3.10.0-693.11.6.el7 | |
| - microcode_ctl-2.1-22.2.el7 | |
| state: installed | |
| post_tasks: | |
| - name: check if system contains fix | |
| shell: | |
| cat /boot/config-$(uname -r) | |
| register: kernel_config | |
| changed_when: false | |
| - name: prepare kexec | |
| when: '"CONFIG_KAISER=y" not in kernel_config.stdout' | |
| block: | |
| - name: unload current target | |
| shell: kexec -u | |
| - name: load kexec target | |
| shell: > | |
| kexec -l /boot/vmlinuz-3.10.0-693.11.6.el7.x86_64 \ | |
| --initrd=/boot/initramfs-3.10.0-693.11.6.el7.x86_64.img \ | |
| --reuse-cmdline | |
| - debug: | |
| msg: Machine requires reboot and ready for `systemctl kexec` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment