Support for haveged

README.rst

@@ -294,7 +294,7 @@ day. Setting custom motd will cleanup existing ones.
               printf "Unauthorized access strictly prohibited.\n"
 
 RHEL / CentOS
-~~~~~~~~~~~~~
+^^^^^^^^^^^^^
 
 Unfortunately ``update-motd`` is currently not available for RHEL so there's
 no native support for dynamic motd.
@@ -308,6 +308,19 @@ You can still set static one, only pillar structure differs:
           This is [company name] network.
           Unauthorized access strictly prohibited.
 
+Haveged
+~~~~~~~
+
+If you are running headless server and are low on entropy, it may be a good
+idea to setup Haveged.
+
+.. code-block:: yaml
+
+    linux:
+      system:
+        haveged:
+          enabled: true
+
 Linux network
 -------------
 

linux/system/haveged.sls

@@ -0,0 +1,18 @@
+{%- from "linux/map.jinja" import system with context %}
+
+{%- if system.haveged.enabled %}
+
+haveged_pkgs:
+  pkg.installed:
+  - name: haveged
+  - watch_in:
+    - service: haveged_service
+
+haveged_service:
+  service.running:
+  - name: haveged
+  - enable: true
+  - require:
+    - pkg: haveged_packages
+
+{%- endif %}

linux/system/init.sls

@@ -54,3 +54,6 @@ include:
 {%- if system.get('policyrcd', [])|length > 0 %}
 - linux.system.policyrcd
 {%- endif %}
+{%- if system.haveged is defined %}
+- linux.system.haveged
+{%- endif %}

tests/pillar/system.sls

@@ -8,6 +8,8 @@ linux:
     environment: prd
     apparmor:
       enabled: false
+    haveged:
+      enabled: true
     console:
       tty0:
         autologin: root