[ovirt-users] Re: SSBD issues on live cluster

After re-reading... The primary host determines the CPU base requirements. But in this case the base may be newer than what the canned hosted image for the hosted-engine supports initially (before you update it). So by deactivating the mitigations temporarily via a boot flag on the host, you can keep those features from the requirements list, allowing the installation to go through. Once OS/patches on host and VM are in alignment you can re-activate the mitigations and the baseline on the cluster and reboot the hosted-engine to align everything (or just keep the cluster baseline low, if you don't care about the latest features and patches or want to have several generations of hardware work alongside).