Production systems patched, closing the tracker ticket.

@Former user AFAIK, @Gal Ben Haim is working on a fix from OST's side.

Update: bare metals updated yesterday, however this seems to have caused a CPU model change due to an update to libvirt which was released during last week. Now the new model is shown even with an old BIOS on systems with updated microcode, unlike before.

The steps to roll back are:
systemctl stop libvirtd
yum downgrade libvirt*
systemctl start libvirtd

virsh -r capabilities | head
<capabilities>

<host>
<uuid>4c4c4544-0038-4610-8035-b7c04f333832</uuid>
<cpu>
<arch>x86_64</arch>
<model>Haswell-noTSX</model>
<vendor>Intel</vendor>

@Former user @Gal Ben Haim please tell me if you'd like me to do this on all the systems right now or it's better to fix it from lago side today?

Status update:

• all hypervisors patched

• all slave VMs patched

• most production VMs patch with a few exceptions

• baremetals BIOS patching not performed due to issues with lago, but I will update the OS on them anyway

Systems updated except gerrit which failed to boot with the newest kernel so I booted it back with the older one. Opened https://ovirt-jira.atlassian.net/browse/OVIRT-1838#icft=OVIRT-1838 to figure out why that happened as it's a PV guest on AWS (XEN domU) which is something we can't really test in PHX.

Also, updated firmware on ovirt-srv17 and got the desired CPU model which is a step in the right direction:

<cpu>
<arch>x86_64</arch>
<model>Haswell-noTSX-IBRS</model>
<vendor>Intel</vendor>
<microcode version='59'/>
...