From b3d158732b521192f39783031a4a7ca1bd07f945 Mon Sep 17 00:00:00 2001
From: Kienan Stewart <kstewart@efficios.com>
Date: Wed, 26 Jul 2023 10:13:38 -0400
Subject: [PATCH] ansible: Install intel or amd microcode on physical hosts

Change-Id: I097ce36e0cbe1cea7e83876a7d13727120b49f47
---
 .../roles/common/tasks/setup-Debian.yml       | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/automation/ansible/roles/common/tasks/setup-Debian.yml b/automation/ansible/roles/common/tasks/setup-Debian.yml
index 6a3ceb6..62ca401 100644
--- a/automation/ansible/roles/common/tasks/setup-Debian.yml
+++ b/automation/ansible/roles/common/tasks/setup-Debian.yml
@@ -52,3 +52,28 @@
         owner: root
         group: root
         mode: '0644'
+- name: Install microcode for physical hosts
+  when: ansible_virtualization_role == 'host'
+  block:
+    - name: Install AMD microcode
+      when: "'AuthenticAMD' in ansible_processor"
+      ansible.builtin.apt:
+        name: amd64-microcode
+      register: amd64_microcode
+    - name: Install Intel microcode
+      when: "'GenuineIntel' in ansible_processor"
+      ansible.builtin.apt:
+        name: intel-microcode
+      register: intel_microcode
+    - name: Update initramfs
+      when: amd64_microcode.changed or intel_microcode.changed
+      ansible.builtin.command:
+        argv: ['update-initramfs', '-u', '-k', 'all']
+    - name: Set reboot required
+      when: amd64_microcode.changed or intel_microcode.changed
+      ansible.builtin.copy:
+        dest: /var/run/reboot-required
+        content: '*** System restart required ***'
+        owner: root
+        group: root
+        mode: '0644'
-- 
2.34.1