<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jan 15, 2018 at 6:28 PM, Derek Atkins <span dir="ltr"><<a href="mailto:derek@ihtfp.com" target="_blank">derek@ihtfp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thanks.<br>
<br>
I guess it still boils down to updating to 7.4. :(<br>
<br>
In the short term, will Ovirt 4.0 continue to run in 7.4? Or MUST I<br></blockquote><div><br></div><div>We don't know, but I would assume NO. Every minor release of EL required some small adjustments to expected and unexpected changes in the platform.</div><div>We have worked with 4.1 to support 7.3 and then 7.4, I would not presume 4.0 works with it.</div><div>Y.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
upgrade both the OS and ovirt simultaneously? My time is very short over<br>
the next few weeks (I'm moving) so I'd like to get as much bang for the<br>
buck with as little down time as possible. I can't spend 12 hours of my<br>
time working to repair a botched upgrade from 4.0 to 4.1 or 4.2.<br>
<br>
Thanks again!<br>
<span class="HOEnZb"><font color="#888888"><br>
-derek<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On Mon, January 15, 2018 11:05 am, Arman Khalatyan wrote:<br>
> If you see that after the update of your OS dmesg shows RED alert in<br>
> the spectra check script in the second position then you should follow<br>
> the intel's <a href="http://read.me" rel="noreferrer" target="_blank">read.me</a>.<br>
> As in readme described on Centos 7.4:<br>
> rsync -Pa intel-ucode /lib/firmware/<br>
> On the recent kernels(>2.6.xx) the dd method does not work, dont do that.<br>
> To confirm that microcode loaded:<br>
> dmesg | grep micro<br>
> look for the release dates.<br>
> But I beleve that v4 should be already in the microcode_ctl package of<br>
> the CentOS7.4 ( in my case 2650v2 was not inside, but the v3 and v4<br>
> were there)<br>
> I have a script to enable or disable the protection so you can see the<br>
> performance impact on your case:<br>
> <a href="https://arm2armcos.blogspot.de/2018/01/lustrefs-big-performance-hit-on-lfs.html" rel="noreferrer" target="_blank">https://arm2armcos.blogspot.<wbr>de/2018/01/lustrefs-big-<wbr>performance-hit-on-lfs.html</a><br>
><br>
><br>
><br>
> On Mon, Jan 15, 2018 at 4:28 PM, Derek Atkins <<a href="mailto:derek@ihtfp.com">derek@ihtfp.com</a>> wrote:<br>
>> Arman,<br>
>><br>
>> Thanks for the info... And sorry for taking so long to reply. It's<br>
>> been a busy weekend.<br>
>><br>
>> First, thank you for the links. Useful information.<br>
>><br>
>> However, could you define "recent"? My system is from Q3 2016. Is that<br>
>> considered recent enough to not need a bios updte?<br>
>><br>
>> My /proc/cpuinfo reports:<br>
>> model name : Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz<br>
>><br>
>> I downloaded the microcode.tgz file, which is dated Jan 8. I noticed<br>
>> that the microcode_ctl package in my repo is dated Jan 4, which implies<br>
>> it probably does NOT contain the Jan 8 tgz from Intel. It LOOKS like I<br>
>> can just replace the intel-ucode files with those from the tgz, but I'm<br>
>> not sure what, if anything, I need to do with the microcode.dat file in<br>
>> the tgz?<br>
>><br>
>> Thanks,<br>
>><br>
>> -derek<br>
>><br>
>> Arman Khalatyan <<a href="mailto:arm2arm@gmail.com">arm2arm@gmail.com</a>> writes:<br>
>><br>
>>> if you have recent supermicro you dont need to update the bios,<br>
>>><br>
>>> Some tests:<br>
>>> Crack test:<br>
>>> <a href="https://github.com/IAIK/meltdown" rel="noreferrer" target="_blank">https://github.com/IAIK/<wbr>meltdown</a><br>
>>><br>
>>> Check test:<br>
>>> <a href="https://github.com/speed47/spectre-meltdown-checker" rel="noreferrer" target="_blank">https://github.com/speed47/<wbr>spectre-meltdown-checker</a><br>
>>><br>
>>> the intel microcodes you can find here:<br>
>>> <a href="https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?product=41447" rel="noreferrer" target="_blank">https://downloadcenter.intel.<wbr>com/download/27431/Linux-<wbr>Processor-Microcode-Data-File?<wbr>product=41447</a><br>
>>> good luck.<br>
>>> Arman.<br>
>>><br>
>>><br>
>>><br>
>>> On Thu, Jan 11, 2018 at 4:32 PM, Derek Atkins <<a href="mailto:derek@ihtfp.com">derek@ihtfp.com</a>> wrote:<br>
>>>> Hi,<br>
>>>><br>
>>>> On Thu, January 11, 2018 9:53 am, Yaniv Kaul wrote:<br>
>>>><br>
>>>>> No one likes downtime but I suspect this is one of those serious<br>
>>>>> vulnerabilities that you really really must be protected against.<br>
>>>>> That being said, before planning downtime, check your HW vendor for<br>
>>>>> firmware or Intel for microcode for the host first.<br>
>>>>> Without it, there's not a lot of protection anyway.<br>
>>>>> Note that there are 4 steps you need to take to be fully protected:<br>
>>>>> CPU,<br>
>>>>> hypervisor, guests and guest CPU type - plan ahead!<br>
>>>>> Y.<br>
>>>><br>
>>>> Is there a HOW-To written up somewhere on this? ;)<br>
>>>><br>
>>>> I built the hardware from scratch myself, so I can't go off to Dell or<br>
>>>> someone for this. So which do I need, motherboard firmware or Intel<br>
>>>> microcode? I suppose I need to go to the motherboard manufacturer<br>
>>>> (Supermicro) to look for updated firmware? Do I also need to look at<br>
>>>> Intel? Is this either-or or a "both" situation? Of course I have no<br>
>>>> idea<br>
>>>> how to reflash new firmware onto this motherboard -- I don't have DOS.<br>
>>>><br>
>>>> As you can see, planning I can do. Execution is more challenging ;)<br>
>>>><br>
>>>> Thanks!<br>
>>>><br>
>>>>>> > Y.<br>
>>>><br>
>>>> -derek<br>
>>>><br>
>>>> --<br>
>>>> Derek Atkins <a href="tel:617-623-3745" value="+16176233745">617-623-3745</a><br>
>>>> <a href="mailto:derek@ihtfp.com">derek@ihtfp.com</a> <a href="http://www.ihtfp.com" rel="noreferrer" target="_blank">www.ihtfp.com</a><br>
>>>> Computer and Internet Security Consultant<br>
>>>><br>
>>>> ______________________________<wbr>_________________<br>
>>>> Users mailing list<br>
>>>> <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
>>>> <a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
>>><br>
>>><br>
>><br>
>> --<br>
>> Derek Atkins <a href="tel:617-623-3745" value="+16176233745">617-623-3745</a><br>
>> <a href="mailto:derek@ihtfp.com">derek@ihtfp.com</a> <a href="http://www.ihtfp.com" rel="noreferrer" target="_blank">www.ihtfp.com</a><br>
>> Computer and Internet Security Consultant<br>
><br>
<br>
<br>
--<br>
Derek Atkins <a href="tel:617-623-3745" value="+16176233745">617-623-3745</a><br>
<a href="mailto:derek@ihtfp.com">derek@ihtfp.com</a> <a href="http://www.ihtfp.com" rel="noreferrer" target="_blank">www.ihtfp.com</a><br>
Computer and Internet Security Consultant<br>
<br>
</div></div></blockquote></div><br></div></div>