- role: base
- role: vm/grub
- role: vm/network
+ - role: vm/guest
--- /dev/null
+rngd_config:
+ HRNGDEVICE: /dev/hwrng
+ RNGDOPTIONS: '"-s 256 -W 80%"'
--- /dev/null
+- name: restart rngd
+ service:
+ name: rng-tools
+ state: restarted
--- /dev/null
+- name: Install rngd
+ apt:
+ name: rng-tools
+ state: present
+
+- name: Configure rngd [1/2]
+ lineinfile:
+ path: /etc/default/rng-tools
+ line: '{{ item.key }}={{ item.value }}'
+ regexp: '^#?{{ item.key }}={{ item.value }}'
+ with_dict: '{{ rngd_config }}'
+ loop_control:
+ label: "{{ item.key }}"
+ notify: restart rngd
+
+- name: Configure rngd [2/2]
+ lineinfile:
+ path: /etc/default/rng-tools
+ regexp: '^{{ item.key }}=(?!{{ item.value }})'
+ state: absent
+ with_dict: '{{ rngd_config }}'
+ loop_control:
+ label: "{{ item.key }}"
+ notify: restart rngd
service:
name: openbsd-inetd
state: restarted
+
+- name: restart haveged
+ service:
+ name: haveged
+ state: restarted
---
-- name: install tftpd and python-libvirt
+- name: install dependencies
apt:
name:
- atftpd
- qemu-kvm
- libvirt-bin
- python-libvirt
+ - haveged
state: present
+- name: configure haveged
+ lineinfile:
+ regexp: "^#?DAEMON_ARGS"
+ line: 'DAEMON_ARGS="-w 3072"'
+ path: /etc/default/haveged
+ notify: restart haveged
+
- name: configure tftpd via inetd
lineinfile:
regexp: "^#?({{ vm_host.network.ip }}:)?tftp"
{% endif %}
<devices>
<emulator>/usr/bin/kvm</emulator>
+ <!-- Provide a virtualized RNG to the guest -->
+ <rng model='virtio'>
+ <!-- Allow consuming up to 10kb/s, measured over 2s -->
+ <rate period="2000" bytes="20480"/>
+ <backend model='random'>/dev/urandom</backend>
+ </rng>
{% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %}
{% for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %}
projects / noc.git / commitdiff