realraum · nbraud · Feb 5, 2020 · Feb 5, 2020 · Feb 5, 2020 · Feb 6, 2020
diff --git a/ansible/host_vars/vex/main.yml b/ansible/host_vars/vex/main.yml
@@ -4,3 +4,5 @@ sshd_allowusers_host:
   - www
   - www-data
   - acme
+
+vm_guest_force_haveged: yes
diff --git a/ansible/roles/base/tasks/02debian.yml b/ansible/roles/base/tasks/02debian.yml
@@ -16,7 +16,6 @@
       - tcpdump
       - debian-goodies
       - lsof
-      - haveged
       - net-tools
       - screen
       - aptitude
@@ -30,6 +29,12 @@
       - lshw
     state: present
 
+- name: Install haveged on physical machines
+  when: "'virtualservers' not in group_names"
+  apt:
+    name: haveged
+    state: present
+
 - name: make sure grml-(etc|scripts)-core is not installed
   apt:
     name:

diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml
@@ -1,28 +1,20 @@
-- name: Install rngd
+- name: Install and configure rngd (on kernel < 3.17)
+  when: ansible_kernel is version('3.17', '<')
+  import_tasks: rngd.yml
+
+- name: Uninstall rngd (on kernel >= 3.17)
+  when: ansible_kernel is version('3.17', '>=')
   apt:
     name: rng-tools
-    state: present
-    force_apt_get: yes
-
-- name: Configure rngd [1/2]
-  lineinfile:
-    path: /etc/default/rng-tools
-    line: '{{ item.key }}={{ item.value }}'
-    regexp: '^#?{{ item.key }}='
-  with_dict: '{{ rngd_config }}'
-  loop_control:
-    label: "{{ item.key }}"
-  notify: restart rngd
+    state: absent
+    purge: yes
 
-- name: Configure rngd [2/2]
-  lineinfile:
-    path: /etc/default/rng-tools
-    regexp: '^{{ item.key }}=(?!{{ item.value }})'
+- name: Uninstall haveged
+  when: not (vm_guest_force_haveged | default(False))
+  apt:
+    name: haveged
     state: absent
-  with_dict: '{{ rngd_config }}'
-  loop_control:
-    label: "{{ item.key }}"
-  notify: restart rngd
+    purge: yes
 
 - name: Provide a root shell on the VM console [1/2]
   file:
@@ -35,4 +27,4 @@
     content: |
       [Service]
       ExecStart=
-      ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host }} %I $TERM
+      ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_install_host }} %I $TERM
diff --git a/ansible/roles/vm/guest/tasks/rngd.yml b/ansible/roles/vm/guest/tasks/rngd.yml
@@ -0,0 +1,25 @@
+- name: Install rngd
+  apt:
+    name: rng-tools
+    state: present
+    force_apt_get: yes
+
+- name: Configure rngd [1/2]
+  lineinfile:
+    path: /etc/default/rng-tools
+    line: '{{ item.key }}={{ item.value }}'
+    regexp: '^#?{{ item.key }}='
+  with_dict: '{{ rngd_config }}'
+  loop_control:
+    label: "{{ item.key }}"
+  notify: restart rngd
+
+- name: Configure rngd [2/2]
+  lineinfile:
+    path: /etc/default/rng-tools
+    regexp: '^{{ item.key }}=(?!{{ item.value }})'
+    state: absent
+  with_dict: '{{ rngd_config }}'
+  loop_control:
+    label: "{{ item.key }}"
+  notify: restart rngd