Last active
March 23, 2021 23:05
-
-
Save mnaser/480f9b5b890b20d0f4977835df515799 to your computer and use it in GitHub Desktop.
Ansible playbook for Meltdown mitigation (KPI for CentOS/RHEL 7)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: all | |
| gather_facts: false | |
| pre_tasks: | |
| - name: ensure ipmi tools are installed | |
| yum: | |
| name: ipmitool | |
| - name: retrieve ipmitool address | |
| shell: > | |
| ipmitool lan print | grep '^IP Addr' | grep -v Source | cut -d':' -f2 | xargs | |
| register: ipmitool_lan_print | |
| changed_when: false | |
| failed_when: ipmitool_lan_print.stdout == "" | |
| - name: print ipmi address | |
| debug: | |
| msg: "{{ ipmitool_lan_print.stdout }}" | |
| - name: ensure ipmi is accessible | |
| delegate_to: localhost | |
| wait_for: | |
| host: "{{ ipmitool_lan_print.stdout }}" | |
| port: 80 | |
| timeout: 5 | |
| tasks: | |
| - name: install updated kernel | |
| yum: | |
| name: | |
| - kernel-3.10.0-693.11.6.el7 | |
| - microcode_ctl-2.1-22.2.el7 | |
| state: installed | |
| post_tasks: | |
| - name: check if system contains fix | |
| shell: | |
| cat /boot/config-$(uname -r) | |
| register: kernel_config | |
| changed_when: false | |
| - name: prepare kexec | |
| when: '"CONFIG_KAISER=y" not in kernel_config.stdout' | |
| block: | |
| - name: unload current target | |
| shell: kexec -u | |
| - name: load kexec target | |
| shell: > | |
| kexec -l /boot/vmlinuz-3.10.0-693.11.6.el7.x86_64 \ | |
| --initrd=/boot/initramfs-3.10.0-693.11.6.el7.x86_64.img \ | |
| --reuse-cmdline | |
| - debug: | |
| msg: Machine requires reboot and ready for `systemctl kexec` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
btw you can tell if kpti is loaded and active with
cat /sys/kernel/debug/x86/pti_enabled