I figured it out finally. My initial test system was E3-1230 V2 and that does not seem to have any updated microcode yet from Intel. My newer test systems have E3-1231 v3 and there does seem to be newer Intel microcode which mitigates Variant #2 (Spectre). Here are my notes for CentOS6 and CentOS7 which have different steps.
Feel free to correct any mistakes anyone sees
#############################################################
#CentOS6 E3-1231 v3
#get /sbin/microcode_ctl tool to dynamically load intel microcode on CentOS6
cd /root
yum install microcode_ctl
modprobe microcode
#install microcode to /lib/firmware/intel-ucode/
https://downloadcenter.intel.com/downlo ... -Data-File
transfer (scp) microcode-20180108.tgz to host
mv /home/username/microcode-20180108.tgz /root
tar -zxvf microcode-20180108.tgz
mkdir /lib/firmware/intel-ucode/
rm /lib/firmware/intel-ucode/* -f
cp -v /root/intel-ucode/* /lib/firmware/intel-ucode/
#dynamically reload microcode
microcode_ctl -u /root/microcode.dat
#verify loaded
dmesg
#test
https://access.redhat.com/labs/speculativeexecution/
./spectre_meltdown.sh
#debugfs mount for Redhat checker script
mount -t debugfs nodev /sys/kernel/debug
OR
#add to /etc/fstab for Redhat checker script
nodev /sys/kernel/debug debugfs defaults 0 0
mount -a
https://github.com/speed47/spectre-meltdown-checker
./spectre-meltdown-checker.sh
#make permanent and reboot to test post reboot
dracut -f -v
reboot
#after reboot check
dmesg|grep micro
./spectre_meltdown.sh
./spectre-meltdown-checker.sh
cat /sys/kernel/debug/x86/pti_enabled
cat /sys/kernel/debug/x86/ibpb_enabled
cat /sys/kernel/debug/x86/ibrs_enabled
#result
Variant #1 (Spectre): Mitigated
Variant #2 (Spectre): Mitigated
Variant #3 (Meltdown): Mitigated
#############################################################
#CentOS7 E3-1231 v3
#install microcode to /lib/firmware/intel-ucode/
https://downloadcenter.intel.com/downlo ... -Data-File
transfer (scp) microcode-20180108.tgz to host
cd /root
mv /home/username/microcode-20180108.tgz /root
tar -zxvf microcode-20180108.tgz
mkdir /lib/firmware/intel-ucode/
rm /lib/firmware/intel-ucode/* -f
cp -v /root/intel-ucode/* /lib/firmware/intel-ucode/
#dynamically reload microcode
echo 1 > /sys/devices/system/cpu/microcode/reload
#verify loaded
dmesg
#test
#debugfs mount for Redhat checker script already mounted so nothing needed
https://access.redhat.com/labs/speculativeexecution/
./spectre_meltdown.sh
https://github.com/speed47/spectre-meltdown-checker
./spectre-meltdown-checker.sh
#make permanent and reboot to test post reboot
dracut -f -v
reboot
#after reboot check
dmesg|grep micro
./spectre_meltdown.sh
./spectre-meltdown-checker.sh
cat /sys/kernel/debug/x86/pti_enabled
cat /sys/kernel/debug/x86/ibpb_enabled
cat /sys/kernel/debug/x86/ibrs_enabled
#result
Variant #1 (Spectre): Mitigated
Variant #2 (Spectre): Mitigated
Variant #3 (Meltdown): Mitigated