Add haveged role to bootstrap

It is helpful to install haveged so we don't run out of entropy.

Change-Id: I6c89b9d618a53f822ae8a9edb0528ac710f19da7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2019-04-03 19:40:56 -04:00
parent c51aed035e
commit 54bec263a0
5 changed files with 100 additions and 0 deletions

View File

@ -0,0 +1,26 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
# tasks/main.yaml
haveged_task_manager:
- install
- service
haveged_package_name: haveged
haveged_service_haveged_daemon_reload: true
haveged_service_haveged_enabled: true
haveged_service_haveged_manage: true
haveged_service_haveged_name: haveged
haveged_service_haveged_state: started

View File

@ -0,0 +1,19 @@
# Copyright 2010 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Install haveged from package
become: true
package:
name: "{{ haveged_package_name }}"
state: present

View File

@ -0,0 +1,18 @@
# Copyright 2019 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- include: "{{ haveged_task }}.yaml"
with_items: "{{ haveged_task_manager }}"
loop_control:
loop_var: haveged_task

View File

@ -0,0 +1,33 @@
# Copyright 2015 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
---
- name: Enable haveged service
become: true
systemd:
daemon_reload: "{{ haveged_service_haveged_daemon_reload }}"
enabled: "{{ haveged_service_haveged_enabled }}"
name: "{{ haveged_service_haveged_name }}"
register: haveged_service_haveged
when: haveged_service_haveged_manage
- name: Set haveged service state
become: true
systemd:
daemon_reload: "{{ haveged_service_haveged_daemon_reload }}"
name: "{{ haveged_service_haveged_name }}"
state: "{{ haveged_service_haveged_state }}"
register: haveged_service_haveged_state_info
when:
- haveged_service_haveged_manage
- haveged_service_haveged_state in ['reloaded', 'restarted', 'started', 'stopped']

View File

@ -36,6 +36,10 @@
include_role: include_role:
name: swap name: swap
- name: Setup haveged role
include_role:
name: haveged
- name: Setup postfix role - name: Setup postfix role
include_role: include_role:
name: postfix name: postfix