-
-
Save LaurentDumont/39cdf5e9cf8acaa31fdb16ec263e845e to your computer and use it in GitHub Desktop.
Ansible playbook for Meltdown mitigation (KPI for CentOS/RHEL 7)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| - hosts: all | |
| gather_facts: false | |
| pre_tasks: | |
| - name: ensure ipmi tools are installed | |
| yum: | |
| name: ipmitool | |
| - name: retrieve ipmitool address | |
| shell: > | |
| ipmitool lan print | grep '^IP Addr' | grep -v Source | cut -d':' -f2 | xargs | |
| register: ipmitool_lan_print | |
| changed_when: false | |
| failed_when: ipmitool_lan_print.stdout == "" | |
| - name: print ipmi address | |
| debug: | |
| msg: "{{ ipmitool_lan_print.stdout }}" | |
| - name: ensure ipmi is accessible | |
| delegate_to: localhost | |
| wait_for: | |
| host: "{{ ipmitool_lan_print.stdout }}" | |
| port: 80 | |
| timeout: 5 | |
| tasks: | |
| - name: install updated kernel | |
| yum: | |
| name: | |
| - kernel-3.10.0-693.11.6.el7 | |
| - microcode_ctl-2.1-22.2.el7 | |
| state: installed | |
| post_tasks: | |
| - name: check if system contains fix | |
| shell: | |
| cat /boot/config-$(uname -r) | |
| register: kernel_config | |
| changed_when: false | |
| - name: prepare kexec | |
| when: '"CONFIG_KAISER=y" not in kernel_config.stdout' | |
| block: | |
| - name: unload current target | |
| shell: kexec -u | |
| - name: load kexec target | |
| shell: > | |
| kexec -l /boot/vmlinuz-3.10.0-693.11.6.el7.x86_64 \ | |
| --initrd=/boot/initramfs-3.10.0-693.11.6.el7.x86_64.img \ | |
| --reuse-cmdline | |
| - debug: | |
| msg: Machine requires reboot and ready for `systemctl kexec` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment