From ee20acc76736f4e7133cea1dee7c37bc4795fe37 Mon Sep 17 00:00:00 2001 From: nicoo Date: Wed, 5 Feb 2020 22:52:19 +0100 Subject: [PATCH] vm/guest: Make sure haveged is not installed There are no benefits to having it on the guest, since we use virtio-rng to provide entropy from the host. vm_guest_force_haveged is added to support overriding that, in the special case of vex (which doesn't seem to use virtio-rng, probably because its kernel is too ancient) --- ansible/host_vars/vex/main.yml | 2 ++ ansible/roles/vm/guest/tasks/main.yml | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/ansible/host_vars/vex/main.yml b/ansible/host_vars/vex/main.yml index d75df90..0275c73 100644 --- a/ansible/host_vars/vex/main.yml +++ b/ansible/host_vars/vex/main.yml @@ -4,3 +4,5 @@ sshd_allowusers_host: - www - www-data - acme + +vm_guest_force_haveged: yes diff --git a/ansible/roles/vm/guest/tasks/main.yml b/ansible/roles/vm/guest/tasks/main.yml index 2c34699..8cdc0a4 100644 --- a/ansible/roles/vm/guest/tasks/main.yml +++ b/ansible/roles/vm/guest/tasks/main.yml @@ -9,6 +9,12 @@ state: absent purge: yes +- name: Uninstall haveged + when: not (vm_guest_force_haveged | default(False)) + apt: + name: haveged + state: absent + purge: yes - name: Provide a root shell on the VM console [1/2] file: -- 1.7.10.4