From 54bec263a04897cbe70d2d5234aae2c1bc9f57ff Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Wed, 3 Apr 2019 19:40:56 -0400 Subject: [PATCH] Add haveged role to bootstrap It is helpful to install haveged so we don't run out of entropy. Change-Id: I6c89b9d618a53f822ae8a9edb0528ac710f19da7 Signed-off-by: Paul Belanger --- .../roles/haveged/defaults/main.yaml | 26 +++++++++++++++ .../roles/haveged/tasks/install.yaml | 19 +++++++++++ .../bootstrap/roles/haveged/tasks/main.yaml | 18 ++++++++++ .../roles/haveged/tasks/service.yaml | 33 +++++++++++++++++++ playbooks/bootstrap/site.yaml | 4 +++ 5 files changed, 100 insertions(+) create mode 100644 playbooks/bootstrap/roles/haveged/defaults/main.yaml create mode 100644 playbooks/bootstrap/roles/haveged/tasks/install.yaml create mode 100644 playbooks/bootstrap/roles/haveged/tasks/main.yaml create mode 100644 playbooks/bootstrap/roles/haveged/tasks/service.yaml diff --git a/playbooks/bootstrap/roles/haveged/defaults/main.yaml b/playbooks/bootstrap/roles/haveged/defaults/main.yaml new file mode 100644 index 0000000..24e1b8d --- /dev/null +++ b/playbooks/bootstrap/roles/haveged/defaults/main.yaml @@ -0,0 +1,26 @@ +# Copyright 2019 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +--- +# tasks/main.yaml +haveged_task_manager: + - install + - service + +haveged_package_name: haveged + +haveged_service_haveged_daemon_reload: true +haveged_service_haveged_enabled: true +haveged_service_haveged_manage: true +haveged_service_haveged_name: haveged +haveged_service_haveged_state: started diff --git a/playbooks/bootstrap/roles/haveged/tasks/install.yaml b/playbooks/bootstrap/roles/haveged/tasks/install.yaml new file mode 100644 index 0000000..9615f26 --- /dev/null +++ b/playbooks/bootstrap/roles/haveged/tasks/install.yaml @@ -0,0 +1,19 @@ +# Copyright 2010 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +--- +- name: Install haveged from package + become: true + package: + name: "{{ haveged_package_name }}" + state: present diff --git a/playbooks/bootstrap/roles/haveged/tasks/main.yaml b/playbooks/bootstrap/roles/haveged/tasks/main.yaml new file mode 100644 index 0000000..2aa8734 --- /dev/null +++ b/playbooks/bootstrap/roles/haveged/tasks/main.yaml @@ -0,0 +1,18 @@ +# Copyright 2019 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +--- +- include: "{{ haveged_task }}.yaml" + with_items: "{{ haveged_task_manager }}" + loop_control: + loop_var: haveged_task diff --git a/playbooks/bootstrap/roles/haveged/tasks/service.yaml b/playbooks/bootstrap/roles/haveged/tasks/service.yaml new file mode 100644 index 0000000..2170124 --- /dev/null +++ b/playbooks/bootstrap/roles/haveged/tasks/service.yaml @@ -0,0 +1,33 @@ +# Copyright 2015 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +--- +- name: Enable haveged service + become: true + systemd: + daemon_reload: "{{ haveged_service_haveged_daemon_reload }}" + enabled: "{{ haveged_service_haveged_enabled }}" + name: "{{ haveged_service_haveged_name }}" + register: haveged_service_haveged + when: haveged_service_haveged_manage + +- name: Set haveged service state + become: true + systemd: + daemon_reload: "{{ haveged_service_haveged_daemon_reload }}" + name: "{{ haveged_service_haveged_name }}" + state: "{{ haveged_service_haveged_state }}" + register: haveged_service_haveged_state_info + when: + - haveged_service_haveged_manage + - haveged_service_haveged_state in ['reloaded', 'restarted', 'started', 'stopped'] diff --git a/playbooks/bootstrap/site.yaml b/playbooks/bootstrap/site.yaml index 4bf0d5e..679da70 100644 --- a/playbooks/bootstrap/site.yaml +++ b/playbooks/bootstrap/site.yaml @@ -36,6 +36,10 @@ include_role: name: swap + - name: Setup haveged role + include_role: + name: haveged + - name: Setup postfix role include_role: name: postfix