Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / linux / 8296bb9c02d1e911d891145d1f3fa674ad38b26d^! / .
commit8296bb9c02d1e911d891145d1f3fa674ad38b26d[log] [tgz]
authorFilip Pytloun <filip@pytloun.cz>Fri Feb 19 18:42:09 2016 +0100
committerFilip Pytloun <filip@pytloun.cz>Fri Feb 19 18:42:09 2016 +0100
treeef9eaa61f0b3a05012da1c0c5872f698bf8fbfcb
parentee07210614d4cbe2976159097760efbdd8f0b910 [diff]
Support for haveged

diff --git a/README.rst b/README.rst
index f3819ed..562fd51 100644
--- a/README.rst
+++ b/README.rst

@@ -294,7 +294,7 @@
               printf "Unauthorized access strictly prohibited.\n"
 
 RHEL / CentOS
-~~~~~~~~~~~~~
+^^^^^^^^^^^^^
 
 Unfortunately ``update-motd`` is currently not available for RHEL so there's
 no native support for dynamic motd.
@@ -308,6 +308,19 @@
           This is [company name] network.
           Unauthorized access strictly prohibited.
 
+Haveged
+~~~~~~~
+
+If you are running headless server and are low on entropy, it may be a good
+idea to setup Haveged.
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        haveged:
+          enabled: true
+
 Linux network
 -------------
 

diff --git a/linux/system/haveged.sls b/linux/system/haveged.sls
new file mode 100644
index 0000000..a3042cc
--- /dev/null
+++ b/linux/system/haveged.sls

@@ -0,0 +1,18 @@
+{%- from "linux/map.jinja" import system with context %}
+
+{%- if system.haveged.enabled %}
+
+haveged_pkgs:
+  pkg.installed:
+  - name: haveged
+  - watch_in:
+    - service: haveged_service
+
+haveged_service:
+  service.running:
+  - name: haveged
+  - enable: true
+  - require:
+    - pkg: haveged_packages
+
+{%- endif %}

diff --git a/linux/system/init.sls b/linux/system/init.sls
index 4864f43..92cd0f7 100644
--- a/linux/system/init.sls
+++ b/linux/system/init.sls

@@ -54,3 +54,6 @@
 {%- if system.get('policyrcd', [])|length > 0 %}
 - linux.system.policyrcd
 {%- endif %}
+{%- if system.haveged is defined %}
+- linux.system.haveged
+{%- endif %}

diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index bb27472..71f0f46 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls

@@ -8,6 +8,8 @@
     environment: prd
     apparmor:
       enabled: false
+    haveged:
+      enabled: true
     console:
       tty0:
         autologin: root