From: nicoo Date: Wed, 5 Feb 2020 21:52:19 +0000 (+0100) Subject: vm/guest: Make sure haveged is not installed X-Git-Url: https://git.realraum.at/?a=commitdiff_plain;h=ee20acc76736f4e7133cea1dee7c37bc4795fe37;p=noc.git vm/guest: Make sure haveged is not installed There are no benefits to having it on the guest, since we use virtio-rng to provide entropy from the host. vm_guest_force_haveged is added to support overriding that, in the special case of vex (which doesn't seem to use virtio-rng, probably because its kernel is too ancient) --- diff --git a/ansible/host_vars/vex/main.yml b/ansible/host_vars/vex/main.yml index d75df90..0275c73 100644 --- a/ansible/host_vars/vex/main.yml +++ b/ansible/host_vars/vex/main.yml @@ -4,3 +4,5 @@ sshd_allowusers_host: - www - www-data - acme + +vm_guest_force_haveged: yes diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml index 2c34699..8cdc0a4 100644 --- a/ansible/roles/vm/guest/tasks/main.yml +++ b/ansible/roles/vm/guest/tasks/main.yml @@ -9,6 +9,12 @@ state: absent purge: yes +- name: Uninstall haveged + when: not (vm_guest_force_haveged | default(False)) + apt: + name: haveged + state: absent + purge: yes - name: Provide a root shell on the VM console [1/2] file: