kvm: disable kernel mitigations on Intel

Based on instructions in: https://linuxreviews.org/HOWTO_make_Linux_run_blazing_fast_(again)_on_Intel_CPUs We are prioritizing performance over these CPU flaw mitigations.
2 years ago · 4563441c63
parent fd85a9445a
commit 4563441c63
2 changed files with 17 additions and 0 deletions
--- a/roles/kvm/files/grub-mitigations.conf
+++ b/roles/kvm/files/grub-mitigations.conf
@ -0,0 +1 @@
+noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off
--- a/roles/kvm/tasks/main.yml
+++ b/roles/kvm/tasks/main.yml
@ -71,3 +71,19 @@
  notify:
    - reboot
  when: ansible_system_vendor != "QEMU"
+
+
+- name: Disable the kernel's CPU mitigations
+  tasks:
+    - name: Check if CPU is Intel
+      shell: grep -c AMD /proc/cpuinfo
+      register: intel_check
+
+    - name: Install grub config with mitigations off
+      copy:
+        src: grub-mitigations.conf
+        dest: /etc/sysconfig/grub
+        mode: 0644
+      notify:
+        - reboot
+      when: intel_check.stdout != "0"
				`@ -0,0 +1 @@`
				`noibrs noibpb nopti nospectre_v2 nospectre_v1 l1tf=off nospec_store_bypass_disable no_stf_barrier mds=off mitigations=off`