Don't install the haveged entropy daemon.

It's not really needed on our metal hosts, and our KVM guests use
virtio-rng.

2 files changed, 0 insertions, 9 deletions

diff --git a/roles/common/tasks/haveged.yml b/roles/common/tasks/haveged.yml
deleted file mode 100644
index 3f03a28..0000000
--- a/roles/common/tasks/haveged.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Install haveged
-  apt: pkg=haveged
-
-- name: Start haveged
-  service: name=haveged state=started
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 33a2c39..49ff1ad 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -17,44 +17,40 @@
   tags: stunnel
   when: "'webmail' in group_names and 'LDAP-provider' not in group_names"
 - import_tasks: auditd.yml
   tags: auditd
 - import_tasks: unbound.yml
   tags:
     - unbound
     - dns
   when: "ansible_processor[1] is search('^(Genuine)?Intel.*') and not ansible_virtualization_role == 'guest'"
 - import_tasks: rkhunter.yml
   tags: rkhunter
 - import_tasks: clamav.yml
   tags: clamav
 - import_tasks: fail2ban.yml
   tags: fail2ban
 - import_tasks: smart.yml
   tags:
     - smartmontools
     - smart
   when: "not ansible_virtualization_role == 'guest'"
-- import_tasks: haveged.yml
-  tags:
-    - haveged
-    - entropy
 - name: Copy genkeypair.sh and gendhparam.sh
   copy: src=usr/local/bin/{{ item }}
         dest=/usr/local/bin/{{ item }}
         owner=root group=staff
         mode=0755
   tags: genkey
   with_items:
     - genkeypair.sh
     - gendhparam.sh
 - name: Generate DH parameters
   command: gendhparam.sh /etc/ssl/dhparams.pem 2048
            creates=/etc/ssl/dhparams.pem
   tags: genkey
 - import_tasks: ipsec.yml
   tags:
     - strongswan
     - ipsec
   when: "groups.all | length > 1"
 - import_tasks: logging.yml
   tags: logging