Version information
This version is compatible with:
- Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 5.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-haveged', '0.4.3'
Learn more about managing modules with a PuppetfileDocumentation
haveged
Table of Contents
- Overview
- Module Description - What does the module do?
- Setup - The basics of getting started with haveged
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Overview
Install and manage the haveged daemon.
Module Description
The haveged daemon provides a random number generator based on the HAVEGE (HArdware Volatile Entropy Gathering and Expansion) algorithm. This module provides a way of installing and setting up the daemon in your environment.
Setup
What haveged affects
Package, service and configuration files for the haveged daemon.
-
On Debian based systems this includes the
/etc/default/haveged
file if aninit
based startup system is used. For systems usingsystemd
the configuration is stored in the/etc/systemd/system/haveged.service.d/opts.conf
file. -
On RHEL 6 systems the configuration is unfortunately hardcoded and no configuration file is used.
-
On RHEL 7 systems the configuration is stored in the
/etc/systemd/system/haveged.service.d/opts.conf
file.
Setup Requirements
This module requires the stdlib
module.
The haveged
package is part of the EPEL yum repository, so this repository must be enabled on Enterprise Linux to be able to install the package.
Beginning with haveged
Declare the haveged class to run the haveged daemon with the default parameters.
include '::haveged'
This installs the haveged package and starts the service using default parameters.
See the following sections for a detailed description of the available configuration options.
Usage
Use a higher threshold of available entropy
class { 'haveged':
write_wakeup_threshold => '2048',
}
Reference
Public Classes
Class: haveged
Main class, includes all other classes.
Parameters for the haveged
class:
buffer_size
Configure the collection buffer size. The value must be a string with a numeric value. It is interpreted as size in KB. Default: 128
data_cache_size
Set the data cache size. The value must be string with a numeric value. It is interpreted as size in KB. The default is 16
instruction_cache_size
Set the instruction cache size. The value must be string with a numeric value. It is interpreted as size in KB. The default is 16
or as determined by the CPUID.
write_wakeup_threshold
Configure the threshold of available entropy. The daemon tries to keep the amount of available entropy above this amount of bits. The value must be a string with a numeric value. Default: 1024
service_name
The name of the service to manage. Normally provided by the haveged::params
class.
service_enable
Whether the haveged service should be enabled to start at boot. Valid options: true
, false
. Default: true
service_ensure
Whether the haveged service should be running. Valid options: stopped
, false
, running
, true
. Default: running
package_name
The name of the package to manage. Normally provided by the haveged::params
class.
package_ensure
The state of the haveged package. Valid options: present
, installed
, absent
, purged
, held
, latest
or a specific package version number. Default: present
Private Classes
Class: haveged::config
Configures the haveged daemon by updating the run time parameters for the daemon.
Class: haveged::package
Installs the package.
Class: haveged::params
Manages operating system specific parameters.
Class: haveged::service
Manages the haveged daemon.
Facts
This module provides the following facts.
Fact: haveged_startup_provider
The startup system used on the node. The implementation uses the process name of PID 1 to resolve the fact. The value is either systemd
or init
.
Limitations
The haveged
module has been tested on
- Debian 6 (Squeeze)
- Debian 7 (Wheezy)
- Debian 8 (Jessie)
- Ubuntu 12.04 (Precise Pangolin)
- Ubuntu 14.04 (Trusty Tahr)
- Ubuntu 15.10 (Wily Werewolf)
- Ubuntu 16.04 (Xenial Xerus)
- CentOS 6
- CentOS 7
Unfortunately the configuration is hardcoded on RHEL 6 systems. Using class parameters to set specific options will have no effect.
Development
Feel free to send pull requests for new features and other operating systems.
- Thu Jul 20 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.4.3-0
- Fix bad 0.4.2 tag. In that tag, the metadata.json was incorrect.
- Thu Jul 20 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.4.2-0
- Fix bad tag. simp-0.4.1 tag was made off of master branch.
- Thu Jul 06 2017 Liz Nemsick lnemsick.simp@gmail.com - 0.4.1-0
- Update puppet dependency in metadata.json
- Remove OBE pe dependency in metadata.json
- Wed Dec 21 2016 Nick Markowski nmarkowski@keywcorp.com - 0.4.0-0
- Updated global catalysts
- Mon Nov 21 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.3-0
- Updated to compliance_markup version 2
- Thu Sep 29 2016 Chris Tessmer chris.tessmer@onyxpoint.com - 0.3.2-0
- Fixed malformed pe dependency in metadata.json
- Fixed syntax to enable publishing to the Forge
- Thu Jul 07 2016 Nick Markowski nmarkowski@keywcorp.com - 0.3.1-0
- Updated module for auto lua spec generation
- Added missing requires file and added dependency on simplib
- Modified module to auto-generate lua spec
- Wed Jun 01 2016 Trevor Vaughan tvaughan@onyxpoint.com
- Massive Refactor
- Refactored the module to use the latest best practices and eliminate issues with doing an 'include' of the individual sub-classes.
- Worked around a bug with the yum provider and the 'purged' parameter
- Fixed some class ordering
- Added acceptance tests for EL6 and EL7
- Updated the rspec tests to properly work around OEL issues with facts
Dependencies
- simp/simplib (>= 3.2.0 < 4.0.0)
- puppetlabs/stdlib (>= 4.13.1 < 5.0.0)
Copyright (c) 2015 Stefan Möding All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.