From fe1e1152264fb4b476dc9dd58dc4af66816191d7 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 16 Jun 2021 20:45:42 +0200 Subject: rng-tools5 is now available everywhere --- roles/core/base/tasks/Debian.yml | 15 +++++---------- roles/core/base/vars/Debian.yml | 2 -- roles/core/base/vars/Ubuntu.yml | 2 -- roles/vm/guest/base/defaults/main.yml | 4 ---- roles/vm/guest/base/handlers/main.yml | 5 +++-- roles/vm/guest/base/tasks/main.yml | 36 +++++++++++++++++------------------ 6 files changed, 26 insertions(+), 38 deletions(-) delete mode 100644 roles/core/base/vars/Debian.yml delete mode 100644 roles/core/base/vars/Ubuntu.yml (limited to 'roles') diff --git a/roles/core/base/tasks/Debian.yml b/roles/core/base/tasks/Debian.yml index de14e76b..cdcb529e 100644 --- a/roles/core/base/tasks/Debian.yml +++ b/roles/core/base/tasks/Debian.yml @@ -1,12 +1,4 @@ --- -- name: load distrubtion specific variables - include_vars: "{{ item }}" - with_first_found: - - files: - - "{{ ansible_distribution_release }}.yml" - - "{{ ansible_distribution }}.yml" - skip: true - - name: disable recommends, suggests and pdiffs loop: - 02no-recommends @@ -53,7 +45,7 @@ block: - name: install rngd apt: - name: "{{ base_rngd_package_name }}" + name: rng-tools5 state: present - name: make sure haveged is removed/purged @@ -73,7 +65,10 @@ - name: make sure rngd is removed/purged apt: - name: "{{ base_rngd_package_name }}" + name: + - rng-tools + - rng-tools5 + - rng-tools-debian state: absent purge: yes diff --git a/roles/core/base/vars/Debian.yml b/roles/core/base/vars/Debian.yml deleted file mode 100644 index 96baf89b..00000000 --- a/roles/core/base/vars/Debian.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -base_rngd_package_name: rng-tools5 diff --git a/roles/core/base/vars/Ubuntu.yml b/roles/core/base/vars/Ubuntu.yml deleted file mode 100644 index eb2591da..00000000 --- a/roles/core/base/vars/Ubuntu.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -base_rngd_package_name: rng-tools diff --git a/roles/vm/guest/base/defaults/main.yml b/roles/vm/guest/base/defaults/main.yml index ce072e95..54261f55 100644 --- a/roles/vm/guest/base/defaults/main.yml +++ b/roles/vm/guest/base/defaults/main.yml @@ -1,6 +1,2 @@ --- -vm_guest_rngd_config: - HRNGDEVICE: /dev/hwrng - RNGDOPTIONS: '"-s 256 -W 80%"' - vm_guest_autologin_on_serial: yes diff --git a/roles/vm/guest/base/handlers/main.yml b/roles/vm/guest/base/handlers/main.yml index 2dfdddcb..7c746ae2 100644 --- a/roles/vm/guest/base/handlers/main.yml +++ b/roles/vm/guest/base/handlers/main.yml @@ -3,6 +3,7 @@ command: /usr/sbin/update-grub - name: restart rngd - service: - name: rng-tools + systemd: + name: rngd state: restarted + daemon_reload: yes diff --git a/roles/vm/guest/base/tasks/main.yml b/roles/vm/guest/base/tasks/main.yml index b76ee762..7a383fe1 100644 --- a/roles/vm/guest/base/tasks/main.yml +++ b/roles/vm/guest/base/tasks/main.yml @@ -1,28 +1,28 @@ --- - name: install rngd apt: - name: rng-tools + name: rng-tools5 state: present force_apt_get: yes -- name: configure rngd [1/2] - loop: '{{ vm_guest_rngd_config | dict2items }}' - loop_control: - label: "{{ item.key }}" - lineinfile: - path: /etc/default/rng-tools - line: '{{ item.key }}={{ item.value }}' - regexp: '^#?{{ item.key }}=' - notify: restart rngd +- name: get size of entropy pool + check_mode: no + command: cat /proc/sys/kernel/random/poolsize + changed_when: false + register: entropy_pool_size -- name: configure rngd [2/2] - loop: '{{ vm_guest_rngd_config | dict2items }}' - loop_control: - label: "{{ item.key }}" - lineinfile: - path: /etc/default/rng-tools - regexp: '^{{ item.key }}=(?!{{ item.value }})' - state: absent +- name: create systemd override directory for rngd + file: + path: /etc/systemd/system/rngd.service.d + state: directory + +- name: configure rngd + copy: + content: | + [Service] + ExecStart= + ExecStart=/usr/sbin/rngd -f -r /dev/hwrng -s 256 -W {{ ((entropy_pool_size.stdout_lines | first | int) * 0.8) | int }} + dest: /etc/systemd/system/rngd.service.d/hwrng-device.conf notify: restart rngd -- cgit v1.2.3