Add vm/guest role for configuring VMs, make it setup rngd

author nicoo <nicoo@realraum.at>

Fri, 8 Jun 2018 17:18:27 +0000 (19:18 +0200)

committer nicoo <nicoo@realraum.at>

Fri, 8 Jun 2018 19:14:01 +0000 (21:14 +0200)
author nicoo <nicoo@realraum.at>
Fri, 8 Jun 2018 17:18:27 +0000 (19:18 +0200)
committer nicoo <nicoo@realraum.at>
Fri, 8 Jun 2018 19:14:01 +0000 (21:14 +0200)
diff --git a/ansible/host_playbooks/testvm.yml b/ansible/host_playbooks/testvm.yml

index 261bb7e..58a4868 100644 (file)
--- a/ansible/host_playbooks/testvm.yml
+++ b/ansible/host_playbooks/testvm.yml
@@ -5,3 +5,4 @@
    - role: base
    - role: vm/grub
    - role: vm/network
+  - role: vm/guest
diff --git a/ansible/roles/vm/guest/handlers/main.yml b/ansible/roles/vm/guest/handlers/main.yml

new file mode 100644 (file)

index 0000000..5b57f3b
--- /dev/null
+++ b/ansible/roles/vm/guest/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart rngd
+  service:
+    name: rng-tools
+    state: restarted
diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml

new file mode 100644 (file)

index 0000000..23f4ef4
--- /dev/null
+++ b/ansible/roles/vm/guest/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: Install rngd
+  apt:
+    name: rng-tools
+    state: present
+
+- name: Configure rngd
+  lineinfile:
+    path: /etc/default/rng-tools
+    line: '{{ item.key }}={{ item.value }}'
+    regexp: '^#?{{ item.key }}={{ item.value }}'
+  with_dict:
+    HRNGDEVICE: /dev/hwrng
+    RNGDOPTIONS: '"-s 256 -W 80%"'
+  loop_control:
+    label: "{{ item.key }}"
+  notify: restart rngd
diff --git a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2 b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2

index 2bf4b57..c8a2d95 100644 (file)
--- a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
+++ b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
@@ -28,6 +28,12 @@
  {% endif %}
    <devices>
      <emulator>/usr/bin/kvm</emulator>
+    <!-- Provide a virtualized RNG to the guest -->
+    <rng model='virtio'>
+      <!-- Allow consuming up to 10kb/s, measured over 2s -->
+      <rate period="2000" bytes="20480"/>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
  
  {% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %}
  {%   for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %}
author	nicoo <nicoo@realraum.at>
	Fri, 8 Jun 2018 17:18:27 +0000 (19:18 +0200)
committer	nicoo <nicoo@realraum.at>
	Fri, 8 Jun 2018 19:14:01 +0000 (21:14 +0200)
ansible/host_playbooks/testvm.yml		patch \| blob \| history
ansible/roles/vm/guest/handlers/main.yml	[new file with mode: 0644]	patch \| blob
ansible/roles/vm/guest/tasks/main.yml	[new file with mode: 0644]	patch \| blob
ansible/roles/vm/install/templates/libvirt-domain.xml.j2		patch \| blob \| history