From 56a484f6c3119b06da3f7065ec3dcbd2009a8d3b Mon Sep 17 00:00:00 2001
From: nicoo <nicoo@realraum.at>
Date: Fri, 8 Jun 2018 19:18:27 +0200
Subject: [PATCH] Add vm/guest role for configuring VMs, make it setup rngd

---
 ansible/host_playbooks/testvm.yml                      |    1 +
 ansible/roles/vm/guest/handlers/main.yml               |    4 ++++
 ansible/roles/vm/guest/tasks/main.yml                  |   16 ++++++++++++++++
 .../roles/vm/install/templates/libvirt-domain.xml.j2   |    6 ++++++
 4 files changed, 27 insertions(+)
 create mode 100644 ansible/roles/vm/guest/handlers/main.yml
 create mode 100644 ansible/roles/vm/guest/tasks/main.yml

diff --git a/ansible/host_playbooks/testvm.yml b/ansible/host_playbooks/testvm.yml
index 261bb7e..58a4868 100644
--- a/ansible/host_playbooks/testvm.yml
+++ b/ansible/host_playbooks/testvm.yml
@@ -5,3 +5,4 @@
   - role: base
   - role: vm/grub
   - role: vm/network
+  - role: vm/guest
diff --git a/ansible/roles/vm/guest/handlers/main.yml b/ansible/roles/vm/guest/handlers/main.yml
new file mode 100644
index 0000000..5b57f3b
--- /dev/null
+++ b/ansible/roles/vm/guest/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: restart rngd
+  service:
+    name: rng-tools
+    state: restarted
diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml
new file mode 100644
index 0000000..23f4ef4
--- /dev/null
+++ b/ansible/roles/vm/guest/tasks/main.yml
@@ -0,0 +1,16 @@
+- name: Install rngd
+  apt:
+    name: rng-tools
+    state: present
+
+- name: Configure rngd
+  lineinfile:
+    path: /etc/default/rng-tools
+    line: '{{ item.key }}={{ item.value }}'
+    regexp: '^#?{{ item.key }}={{ item.value }}'
+  with_dict:
+    HRNGDEVICE: /dev/hwrng
+    RNGDOPTIONS: '"-s 256 -W 80%"'
+  loop_control:
+    label: "{{ item.key }}"
+  notify: restart rngd
diff --git a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2 b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
index 2bf4b57..c8a2d95 100644
--- a/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
+++ b/ansible/roles/vm/install/templates/libvirt-domain.xml.j2
@@ -28,6 +28,12 @@
 {% endif %}
   <devices>
     <emulator>/usr/bin/kvm</emulator>
+    <!-- Provide a virtualized RNG to the guest -->
+    <rng model='virtio'>
+      <!-- Allow consuming up to 10kb/s, measured over 2s -->
+      <rate period="2000" bytes="20480"/>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
 
 {% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %}
 {%   for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %}
-- 
1.7.10.4