We are sure you are aware of the various OS patching going on to mitigate the Meltdown and Spectre security flaws.
If all your hypervisors support PCID, you can activate this for all your new VMs setting the following in your `/etc/one/vmm_exec/vmm_exec_kvm.conf` file (and restarting OpenNebula afterwards):
RAW = “<cpu mode=’host-passthrough’></cpu>”
Note that this may impair live migrations of VMs between hypervisors with heterogeneous CPUs.
The OpenNebula team is working towards an easier way to define this option on a per-VM basis, as well as support from the scheduler to pick compatible hypervisors. This will be available to the community shortly through a public maintenance release (5.4.6).
Lead Cloud Engineer & Engineering Manager @ OpenNebula