Note: The default ITS GitLab runner is a shared resource and is subject to slowdowns during heavy usage.
You can run your own GitLab runner that is dedicated just to your group if you need to avoid processing delays.

main.yml 1.67 KB
Newer Older
Adam Robinson's avatar
Adam Robinson committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
# tasks file for vmware_foreshadow_mitigation
- assert:
    that: scheduler in shedulers
    fail_msg: "`scheduler` must be set to unmitigated, SCAv1, or SCAv2"

- name: Set unmitigated variables
  set_variable:
    hyperthreadingMitigation: false
    hyperthreadingMitigationIntraVM: true
  when: scheduler == "unmitigated"

- name: Set SCAv1 variables
  set_variable:
    hyperthreadingMitigation: true
    hyperthreadingMitigationIntraVM: true
  when: scheduler == "SCAv1"

- name: Set SCAv2 variables
  set_variable:
    hyperthreadingMitigation: true
    hyperthreadingMitigationIntraVM: false
  when: scheduler == "SCAv2"

- name: Configure hyperthreadingMitigation Advanced Option
  vmware_host_config_manager:
    hostname: '{{ vcenter_hostname }}'
    esxi_hostname: '{{ inventory_hostname }}'
    options:
        'VMkernel.Boot.hyperthreadingMitigation': '{{ hyperthreadingMitigation }}'
  delegate_to: localhost
  when: (ansible_distribution_version == "6.7.0" and ansible_distribution_build|int >= 9484548) or (ansible_distribution_version == "6.5.0" and ansible_distribution_build|int >= 9298722) or (ansible_distribution_version == "6.0.0" and ansible_distribution_build|int >= 9313334) or (ansible_distribution_version == "5.5.0" and ansible_distribution_build|int >= 9313066)

- name: Configure hyperthreadingMitigationIntraVM Advanced Option
  vmware_host_config_manager:
    hostname: '{{ vcenter_hostname }}'
    esxi_hostname: '{{ inventory_hostname }}'
    options:
        'VMkernel.Boot.hyperthreadingMitigationIntraVM': '{{ hyperthreadingMitigationIntraVM }}'
  delegate_to: localhost
  when: (ansible_distribution_version == "6.7.0" and ansible_distribution_build|int >= 13006603)