From: nicoo <nicoo@realraum.at>
Date: Fri, 8 Jun 2018 17:18:27 +0000 (+0200)
Subject: Add vm/guest role for configuring VMs, make it setup rngd
X-Git-Url: https://git.realraum.at/?p=noc.git;a=commitdiff_plain;h=56a484f6c3119b06da3f7065ec3dcbd2009a8d3b

Add vm/guest role for configuring VMs, make it setup rngd
---

diff --git a/ansible/host_playbooks/testvm.yml b/ansible/host_playbooks/testvm.yml
index 261bb7e..58a4868 100644
--- a/ansible/host_playbooks/testvm.yml
+++ b/ansible/host_playbooks/testvm.yml
@@ -5,3 +5,4 @@
   - role: base
   - role: vm/grub
   - role: vm/network
+  - role: vm/guest
diff --git a/ansible/roles/vm/guest/handlers/main.yml b/ansible/roles/vm/guest/handlers/main.yml
new file mode 100644
index 0000000..5b57f3b
--- /dev/null
+++ b/ansible/roles/vm/guest/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart rngd
+  service:
+    name: rng-tools
+    state: restarted
diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml
new file mode 100644
index 0000000..23f4ef4
--- /dev/null
+++ b/ansible/roles/vm/guest/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: Install rngd
+  apt:
+    name: rng-tools
+    state: present
+
+- name: Configure rngd
+  lineinfile:
+    path: /etc/default/rng-tools
+    line: '{{ item.key }}={{ item.value }}'
+    regexp: '^#?{{ item.key }}={{ item.value }}'
+  with_dict:
+    HRNGDEVICE: /dev/hwrng
+    RNGDOPTIONS: '"-s 256 -W 80%"'
+  loop_control:
+    label: "{{ item.key }}"
+  notify: restart rngd
diff --git a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2 b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
index 2bf4b57..c8a2d95 100644
--- a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
+++ b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
@@ -28,6 +28,12 @@
 {% endif %}
   <devices>
     <emulator>/usr/bin/kvm</emulator>
+    <!-- Provide a virtualized RNG to the guest -->
+    <rng model='virtio'>
+      <!-- Allow consuming up to 10kb/s, measured over 2s -->
+      <rate period="2000" bytes="20480"/>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
 
 {% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %}
 {%   for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %}