LaurentDumont · January 5, 2018 01:03 · Jan 4, 2018 · Jan 4, 2018 · Jan 4, 2018 · Jan 4, 2018
diff --git a/mitigate-meltdown.yml b/mitigate-meltdown.yml
@@ -19,6 +19,7 @@
       wait_for:
         host: "{{ ipmitool_lan_print.stdout }}"
         port: 80
+        timeout: 5
   tasks:
     - name: install updated kernel
       yum:
@@ -43,4 +44,4 @@
                   --initrd=/boot/initramfs-3.10.0-693.11.6.el7.x86_64.img \
                   --reuse-cmdline
         - debug:
-            msg: Machine requires reboot and ready for `systemctl kexec`
+            msg: Machine requires reboot and ready for `systemctl kexec`
diff --git a/mitigate-meltdown.yml b/mitigate-meltdown.yml
@@ -20,18 +20,27 @@
         host: "{{ ipmitool_lan_print.stdout }}"
         port: 80
   tasks:
-    - name: check if system contains fix
-      shell:
-        cat /boot/config-$(uname -r)
-      register: kernel_config
-      changed_when: false
     - name: install updated kernel
       yum:
         name:
           - kernel-3.10.0-693.11.6.el7
           - microcode_ctl-2.1-22.2.el7
         state: installed
   post_tasks:
-    - debug:
-        msg: machine requires reboot
+    - name: check if system contains fix
+      shell:
+        cat /boot/config-$(uname -r)
+      register: kernel_config
+      changed_when: false
+    - name: prepare kexec
       when: '"CONFIG_KAISER=y" not in kernel_config.stdout'
+      block:
+        - name: unload current target
+          shell: kexec -u
+        - name: load kexec target
+          shell: >
+            kexec -l /boot/vmlinuz-3.10.0-693.11.6.el7.x86_64 \
+                  --initrd=/boot/initramfs-3.10.0-693.11.6.el7.x86_64.img \
+                  --reuse-cmdline
+        - debug:
+            msg: Machine requires reboot and ready for `systemctl kexec`
diff --git a/mitigate-meltdown.yml b/mitigate-meltdown.yml
@@ -27,7 +27,9 @@
       changed_when: false
     - name: install updated kernel
       yum:
-        name: kernel-3.10.0-693.11.6.el7
+        name:
+          - kernel-3.10.0-693.11.6.el7
+          - microcode_ctl-2.1-22.2.el7
         state: installed
   post_tasks:
     - debug:

diff --git a/mitigate-meltdown.yml b/mitigate-meltdown.yml
@@ -29,9 +29,7 @@
       yum:
         name: kernel-3.10.0-693.11.6.el7
         state: installed
-      when: '"CONFIG_KAISER=y" not in kernel_config.stdout'
-      register: yum_install
   post_tasks:
     - debug:
-        msg: machine ready for reboot
-      when: yum_install.changed
+        msg: machine requires reboot
+      when: '"CONFIG_KAISER=y" not in kernel_config.stdout'
diff --git a/mitigate-meltdown.yml b/mitigate-meltdown.yml
@@ -0,0 +1,37 @@
+---
+- hosts: all
+  gather_facts: false
+  pre_tasks:
+    - name: ensure ipmi tools are installed
+      yum:
+        name: ipmitool
+    - name: retrieve ipmitool address
+      shell: >
+        ipmitool lan print | grep '^IP Addr' | grep -v Source | cut -d':' -f2 | xargs
+      register: ipmitool_lan_print
+      changed_when: false
+      failed_when: ipmitool_lan_print.stdout == ""
+    - name: print ipmi address
+      debug:
+        msg: "{{ ipmitool_lan_print.stdout }}"
+    - name: ensure ipmi is accessible
+      delegate_to: localhost
+      wait_for:
+        host: "{{ ipmitool_lan_print.stdout }}"
+        port: 80
+  tasks:
+    - name: check if system contains fix
+      shell:
+        cat /boot/config-$(uname -r)
+      register: kernel_config
+      changed_when: false
+    - name: install updated kernel
+      yum:
+        name: kernel-3.10.0-693.11.6.el7
+        state: installed
+      when: '"CONFIG_KAISER=y" not in kernel_config.stdout'
+      register: yum_install
+  post_tasks:
+    - debug:
+        msg: machine ready for reboot
+      when: yum_install.changed