Version information
This version is compatible with:
- Puppet Enterprise 3.2.x
- Puppet 3.x
- , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'stm-haveged', '0.2.0'
Learn more about managing modules with a PuppetfileDocumentation
haveged
Table of Contents
- Overview
- Module Description - What does the module do?
- Setup - The basics of getting started with haveged
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Overview
Install and manage the haveged daemon.
Module Description
The haveged daemon provides a random number generator based on the HAVEGE (HArdware Volatile Entropy Gathering and Expansion) algorithm. This module provides a way of installing and setting up the daemon in your environment.
Setup
What haveged affects
Package, service and configuration files for the haveged daemon.
-
On Debian based systems this includes the
/etc/default/haveged
file if aninit
based startup system is used. For systems usingsystemd
the configuration is stored in the/etc/systemd/system/haveged.service.d/opts.conf
file. -
On RHEL 6 systems the configuration is unfortunately hardcoded and no configuration file is used.
-
On RHEL 7 systems the configuration is stored in the
/etc/systemd/system/haveged.service.d/opts.conf
file.
Setup Requirements
The haveged module requires the Puppetlabs modules stdlib
.
The haveged
package is part of the EPEL yum repository, so this must be enabled on Enterprise Linux.
Beginning with haveged
Declare the haveged class to install and run the haveged daemon with the default parameters.
class { 'haveged': }
This installs the haveged package and starts the service.
See the next sections for a detailed description of the available configuration options.
Usage
Use a higher threshold of available entropy
class { 'haveged':
write_wakeup_threshold => '2048',
}
Reference
Classes
Public Classes
haveged
: The basic setup of the haveged daemon.
Private Classes
haveged::config
: Configures the haveged daemon by updating the run time parameters for the daemon.haveged::package
: Installs the package.haveged::params
: Manages the parametershaveged::service
: Manages the haveged daemon.
Class: haveged
Main class, includes all other classes.
Parameters (all optional)
-
buffer_size
: Configure the collection buffer size. The value must be a string with a numeric value. It is interpreted as size in KB. Default: '128' -
data_cache_size
: Set the data cache size. The value must be string with a numeric value. It is interpreted as size in KB. The default is '16' or as determined by the CPUID. -
instruction_cache_size
: Set the instruction cache size. The value must be string with a numeric value. It is interpreted as size in KB. The default is '16'* or as determined by the CPUID. -
write_wakeup_threshold
: Configure the threshold of available entropy. The daemon tries to keep the amount of available entropy below this amount of bits. The value must be string with a numeric value. Default: '1024' -
service_name
: The name of the service to manage. Normally provided by thehaveged::params
class. -
service_enable
: Whether the haveged service should be enabled to start at boot. Valued options: 'true', 'false'. Default: 'true' -
service_ensure
: Whether the haveged service should be running. Valid options: 'stopped', 'false', 'running', 'true'. Default: 'running' -
package_name
: The name of the package to manage. Normally provided by thehaveged::params
class. -
package_ensure
: The state of the haveged package. Valid options: 'present', 'installed', 'absent', 'purged', 'held', 'latest' or a specific package version number. Default: 'present'
Facts
This module provides the following facts:
haveged_startup_provider
: The startup system used on the node. The value of the fact can either besystemd
orinit
.
Limitations
Unfortunately the configuration is hardcoded on RHEL 6 systems. Using class parameters to set specific options will have no effect.
The haveged
module has been tested on
- Debian 6 (Squeeze)
- Debian 7 (Wheezy)
- Debian 8 (Jessie)
- Ubuntu 12.04 (Precise Pangolin)
- Ubuntu 14.04 (Trusty Tahr)
- Ubuntu 15.04 (Vivid Vervet)
- CentOS 6
- CentOS 7
Development
Feel free to send pull requests for new features and other operating systems.
Dependencies
- puppetlabs/stdlib (4.x)
Copyright (c) 2015, Stefan Möding All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.