vm/guest: Make sure haveged is not installed

There are no benefits to having it on the guest, since we use virtio-rng
to provide entropy from the host.

vm_guest_force_haveged is added to support overriding that, in the special
case of vex (which doesn't seem to use virtio-rng, probably because its
kernel is too ancient)

diff --git a/ansible/host_vars/vex/main.yml b/ansible/host_vars/vex/main.yml
index d75df90..0275c73 100644 (file)
--- a/ansible/host_vars/vex/main.yml
+++ b/ansible/host_vars/vex/main.yml
@@ -4,3 +4,5 @@ sshd_allowusers_host:
   - www
   - www-data
   - acme
+
+vm_guest_force_haveged: yes

diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml
index 2c34699..8cdc0a4 100644 (file)
--- a/ansible/roles/vm/guest/tasks/main.yml
+++ b/ansible/roles/vm/guest/tasks/main.yml
@@ -9,6 +9,12 @@
     state: absent
     purge: yes
 
+- name: Uninstall haveged
+  when: not (vm_guest_force_haveged | default(False))
+  apt:
+    name: haveged
+    state: absent
+    purge: yes
 
 - name: Provide a root shell on the VM console [1/2]
   file: