ansible: Install intel or amd microcode on physical hosts

Change-Id: I097ce36e0cbe1cea7e83876a7d13727120b49f47

diff --git a/automation/ansible/roles/common/tasks/setup-Debian.yml b/automation/ansible/roles/common/tasks/setup-Debian.yml
index 6a3ceb6bb390a571046a6913525f83b1092872f0..62ca401b6b99a1fb957c762ae824b33042bf1f53 100644 (file)
--- a/automation/ansible/roles/common/tasks/setup-Debian.yml
+++ b/automation/ansible/roles/common/tasks/setup-Debian.yml
@@ -52,3 +52,28 @@
         owner: root
         group: root
         mode: '0644'
+- name: Install microcode for physical hosts
+  when: ansible_virtualization_role == 'host'
+  block:
+    - name: Install AMD microcode
+      when: "'AuthenticAMD' in ansible_processor"
+      ansible.builtin.apt:
+        name: amd64-microcode
+      register: amd64_microcode
+    - name: Install Intel microcode
+      when: "'GenuineIntel' in ansible_processor"
+      ansible.builtin.apt:
+        name: intel-microcode
+      register: intel_microcode
+    - name: Update initramfs
+      when: amd64_microcode.changed or intel_microcode.changed
+      ansible.builtin.command:
+        argv: ['update-initramfs', '-u', '-k', 'all']
+    - name: Set reboot required
+      when: amd64_microcode.changed or intel_microcode.changed
+      ansible.builtin.copy:
+        dest: /var/run/reboot-required
+        content: '*** System restart required ***'
+        owner: root
+        group: root
+        mode: '0644'