Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-haveged', '0.15.0'Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
Overview
Install and manage the HAVEGE daemon, haveged.
By default, the module will configure, but not enable haveged if rngd is
running on the target system. While there is generally no harm in running two
entropy generators, it is not necessary and adds to the overall system load.
If you want to force haveged to run, set
haveged::service::force_if_rngd_running: true in Hiera.
Only systemd-based systems are supported at this time.
Module Description
The HAVEGE daemon provides a random number generator based on the HAVEGE (HArdware Volatile Entropy Gathering and Expansion) algorithm. This module provides a way of installing and setting up the daemon in your environment.
Setup
Setup Requirements
The haveged package is part of the
EPEL yum repository, so this repository
must be enabled on Enterprise Linux to be able to install the package.
Beginning with haveged
Declare the haveged class to run the haveged daemon with the default parameters.
include 'haveged'
This installs the haveged package and starts the service using default parameters.
See the following sections for a detailed description of the available configuration options.
Usage
Use a higher threshold of available entropy
---
haveged::write_wakeup_threshold: 2048
Reference
See REFERENCE.md for additional API documentation.
Facts
This module provides the following facts.
Fact: haveged_startup_provider
The startup system used on the node. The implementation uses the process name
of PID 1 to resolve the fact. The value is either systemd or init.
Fact: haveged__rhgd_enabled
Returns true or false depending on whether or not rngd is enabled on the
target system.
Development
Feel free to send pull requests for new features and other operating systems.
Reference
Table of Contents
Classes
haveged: Manage HAVEGEd == Sample Usage: class { 'haveged': write_wakeup_threshold => 1024, }haveged::config: Manage the HAVEGEd configuration filehaveged::package: Manage the haveged packagehaveged::service: Manage the HAVEGEd service
Classes
haveged
Manage HAVEGEd
== Sample Usage:
class { 'haveged': write_wakeup_threshold => 1024, }
Parameters
The following parameters are available in the haveged class:
buffer_sizedata_cache_sizeinstruction_cache_sizewrite_wakeup_thresholdservice_nameservice_ensureservice_enablepackage_namepackage_ensure
buffer_size
Data type: Optional[Variant[String,Integer]]
The size of the collection buffer in KB
Default value: undef
data_cache_size
Data type: Optional[Variant[String,Integer]]
The data cache size in KB
Default value: undef
instruction_cache_size
Data type: Optional[Variant[String,Integer]]
The instruction cache size in KB. Default is 16 or as determined by cpuid
Default value: undef
write_wakeup_threshold
Data type: Variant[String,Integer]
The haveged daemon generates more data if the number of entropy bits falls below this value
Default value: 1024
service_name
Data type: String[1]
The name of the service to manage
Default value: 'haveged'
service_ensure
Data type: Variant[Boolean,String[1]]
Whether the service should be running
Default value: 'running'
service_enable
Data type: Boolean
Whether the service should be enabled to start at boot time
Default value: true
package_name
Data type: String[1]
The name of the package to manage
Default value: 'haveged'
package_ensure
Data type: Variant[Boolean,Simplib::PackageEnsure]
Ensure parameter passed onto Package resources. Default: 'present'
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
haveged::config
Manage the HAVEGEd configuration file
Parameters
The following parameters are available in the haveged::config class:
buffer_size
Data type: Optional[Variant[Pattern['^[0-9]+$'],Integer]]
The size of the collection buffer in KB
Default value: defined('$haveged::buffer_size') ? { true => getvar('haveged::buffer_size'), default => undef
data_cache_size
Data type: Optional[Variant[Pattern['^[0-9]+$'],Integer]]
The data cache size in KB
Default value: defined('$haveged::data_cache_size') ? { true => getvar('haveged::data_cache_size'), default => undef
instruction_cache_size
Data type: Optional[Variant[Pattern['^[0-9]+$'],Integer]]
The instruction cache size in KB
Default value: defined('$haveged::instruction_cache_size') ? { true => getvar('haveged::instruction_cache_size'), default => undef
write_wakeup_threshold
Data type: Optional[Variant[Pattern['^[0-9]+$'],Integer]]
The haveged daemon generates more data if the number of entropy bits falls below this value
Default value: defined('$haveged::write_wakeup_threshold') ? { true => getvar('haveged::write_wakeup_threshold'), default => undef
haveged::package
Manage the haveged package
Parameters
The following parameters are available in the haveged::package class:
package_name
Data type: String[1]
The name of the package to manage
Default value: defined('$haveged::package_name') ? { true => getvar('haveged::package_name'), default => 'haveged'
package_ensure
Data type: Simplib::PackageEnsure
Ensure parameter passed onto Package resources
Default value: defined('$haveged::_package_ensure') ? { true => getvar('haveged::_package_ensure'), default => 'present'
haveged::service
Manage the HAVEGEd service
Parameters
The following parameters are available in the haveged::service class:
service_name
Data type: String[1]
The name of the service to manage
Default value: defined('$haveged::service_name') ? { true => getvar('haveged::service_name'), default => 'haveged'
service_ensure
Data type: String[1]
Whether the service should be running
Default value: defined('$haveged::_service_ensure') ? { true => getvar('haveged::_service_ensure'), default => 'running'
service_enable
Data type: Boolean
Whether the service should be enabled to start at boot time
Default value: defined('$haveged::_service_enable') ? { true => getvar('haveged::_service_enable'), default => true
force_if_rngd_running
Data type: Boolean
Will force haveged to start even though RNGD is already running
- While this should not harm your system in most cases, it is also adding an unnecessary process running on the system
Default value: false
- Fri Sep 13 2024 Steven Pritchard steve@sicura.us - 0.15.0
- [puppetsync] Update module dependencies to support simp-iptables 7.x
- Mon Oct 23 2023 Steven Pritchard steve@sicura.us - 0.14.0
- [puppetsync] Add EL9 support
- Wed Oct 11 2023 Steven Pritchard steve@sicura.us - 0.13.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
- These updates may include the following:
- Mon Jun 12 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 0.12.0
- Add RockyLinux 8 support
- Sun Dec 18 2022 Trevor Vaughan trevor@sicura.us - 0.11.0
- Added:
- The module now supports Alma Linux 8 and Rocky Linux 8
- Sun Sep 25 2022 Trevor Vaughan trevor@sicura.us - 0.10.0
- Added:
- The module now supports Amazon Linux 2
- Changed:
- Added a
.rubocop.yml - Rubocop'd the Ruby
- Added a
- Mon Jun 06 2022 Chris Tessmer chris.tessmer@onyxpoint.com - 0.9.1
- Fixed:
- Remove deprecated
daemon_reloadparameter fromsystemd::dropin_file
- Remove deprecated
- Fri Jun 03 2022 Chris Tessmer chris.tessmer@onyxpoint.com - 0.9.0
- Update from camptocamp/systemd to puppet/systemd
- Wed Jun 23 2021 Trevor Vaughan tvaughan@onyxpoint.com - 0.8.0
- Updated the README
- Tue Jun 15 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 0.8.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Wed May 26 2021 Trevor Vaughan tvaughan@onyxpoint.com - 0.7.1
- Fixed
- Mask the service when disabling for rngd compatibility so that it is not restarted on reboot
- Changed
- Support puppetlabs/stdlib 7.X
- Updated REFERENCE.md
- Wed Feb 03 2021 Trevor Vaughan tvaughan@onyxpoint.com - 0.7.0
- Ensure that haveged does not start by default if rngd is running
- Add
haveged__rngd_enabledfact - Remove all remaining EL6 code
- Migrate all capabilities to systemd
- Update parameter documentation and generate REFERENCE.md
- Add support for Puppet 7
- Fix spec tests
- Thu Dec 17 2020 Chris Tessmer chris.tessmer@onyxpoint.com - 0.7.0
- Removed EL6 support
- Mon Dec 16 2019 Trevor Vaughan tvaughan@onyxpoint.com - 0.6.0-0
- Add EL 8 support
- Fri Aug 02 2019 Liz Nemsick lnemsick.simp@gmail.com - 0.5.0-0
- Remove Puppet 4 support
- Add Puppet 6 support
- Add puppetlabs-stdlib 6 support
- Maintenance: removed OBE build/rpm_metadata/requires
- Thu Mar 07 2019 Liz Nemsick lnemsick.simp@gmail.com - 0.4.7-0
- Update the upper bound of stdlib to < 6.0.0
- Thu Nov 01 2018 Jeanne Greulich jeanne.greulich@onyxpoint.com - 0.4.6-0
- static asset updates for puppet 5
- Thu Mar 08 2018 Trevor Vaughan tvaughan@onyxpoint.com - 0.4.5-0
- Add support for OracleLinux 6 and 7
- Test against Puppet 5
- Thu Aug 17 2017 Trevor Vaughan tvaughan@onyxpoint.com - 0.4.4-0
- Update the README with the new badges and improve formatting
- Thu Jul 20 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.4.3-0
- Fix bad 0.4.2 tag. In that tag, the metadata.json was incorrect.
- Thu Jul 20 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.4.2-0
- Fix bad tag. simp-0.4.1 tag was made off of master branch.
- Thu Jul 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.4.1-0
- Update puppet dependency in metadata.json
- Remove OBE pe dependency in metadata.json
- Wed Dec 21 2016 Nick Markowski nmarkowski@keywcorp.com - 0.4.0-0
- Updated global catalysts
- Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.3-0
- Updated to compliance_markup version 2
- Thu Sep 29 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.2-0
- Fixed malformed pe dependency in metadata.json
- Fixed syntax to enable publishing to the Forge
- Thu Jul 07 2016 Nick Markowski nmarkowski@keywcorp.com - 0.3.1-0
- Updated module for auto lua spec generation
- Added missing requires file and added dependency on simplib
- Modified module to auto-generate lua spec
- Wed Jun 01 2016 Trevor Vaughan tvaughan@onyxpoint.com
- Massive Refactor
- Refactored the module to use the latest best practices and eliminate issues with doing an 'include' of the individual sub-classes.
- Worked around a bug with the yum provider and the 'purged' parameter
- Fixed some class ordering
- Added acceptance tests for EL6 and EL7
- Updated the rspec tests to properly work around OEL issues with facts
Dependencies
- puppet/systemd (>= 4.0.2 < 8.0.0)
- simp/simplib (>= 4.9.0 < 5.0.0)
- puppetlabs/stdlib (>= 8.0.0 < 10.0.0)
Copyright (c) 2015 Stefan Möding All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.