From 9252ebc1d79017637f3cae5dc304c9d5b6181819 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Mon, 28 Feb 2022 11:08:28 +0530
Subject: [PATCH 1/5] Install qemu-kvm-ev and update kernel

---
 Ansible/roles/kvm/tasks/centos.yml    | 23 ++++++++++++++++++++++-
 Ansible/templates/CentOS-Base.repo.j2 |  8 ++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/Ansible/roles/kvm/tasks/centos.yml b/Ansible/roles/kvm/tasks/centos.yml
index 569d82749b3..705a022ad9f 100644
--- a/Ansible/roles/kvm/tasks/centos.yml
+++ b/Ansible/roles/kvm/tasks/centos.yml
@@ -72,6 +72,7 @@
     - rpcbind
     - parted
     - vim
+    - wget
   tags:
     - kvm
 
@@ -122,6 +123,26 @@
     - kvm
     - kvm-agent
 
+- name: Install centos-release
+  shell: /usr/bin/wget http://10.0.3.122/centos-release/{{ item }} -P /tmp
+  with_items:
+    - centos-release-7-9.2009.0.el7.centos.x86_64.rpm
+
+- name: Cleanup old repos
+  shell: rm /etc/yum.repos.d/CentOS- -f; rpm -ivh --replacepkgs --replacefiles /tmp/centos-release-7-9.2009.0.el7.centos.x86_64.rpm
+
+- name: ensure yum cache is cleared
+  shell: command="yum clean all"      
+
+- name: Ensure centos-release-qemu-ev is installed
+  yum: name=centos-release-qemu-ev state=present
+
+- name: Ensure qemu-kvm-ev is installed
+  yum: name=qemu-kvm-ev state=present
+
+- name: Remove centos-release-qemu-ev
+  shell: "yum remove centos-release-qemu-ev -y"
+
 - name: Update /etc/sysconfig/libvirtd - LIBVIRTD_ARGS
   lineinfile: dest=/etc/sysconfig/libvirtd regexp='LIBVIRTD_ARGS' line='LIBVIRTD_ARGS="--listen"' state=present
   tags:
@@ -199,6 +220,6 @@
   shell: "echo {{ kvm_password }} | passwd {{ kvm_username }} --stdin"
 
 - include: ./centos_elrepokernel.yml
-  when: kvm_install_elrepo_kernel 
+  #when: kvm_install_elrepo_kernel
   tags:
     - kvm
\ No newline at end of file
diff --git a/Ansible/templates/CentOS-Base.repo.j2 b/Ansible/templates/CentOS-Base.repo.j2
index 204e1566d23..6c298d008c7 100644
--- a/Ansible/templates/CentOS-Base.repo.j2
+++ b/Ansible/templates/CentOS-Base.repo.j2
@@ -26,3 +26,11 @@ baseurl={{ os_repo }}/centos/$releasever/updates/$basearch/
 gpgcheck=0
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-$releasever
 enabled = {{ update_repo_enabled | default(1) }}
+
+[extras]
+name=CentOS-$releasever - Extras
+mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
+#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+enabled = {{ update_repo_enabled | default(1) }}
\ No newline at end of file

From 8fc055d07b0ff959d48181bf426636cfe8d48b9f Mon Sep 17 00:00:00 2001
From: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>
Date: Tue, 26 Apr 2022 18:00:52 +0530
Subject: [PATCH 2/5] Install cryptsetup to support encryption

---
 Ansible/roles/kvm/tasks/centos.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Ansible/roles/kvm/tasks/centos.yml b/Ansible/roles/kvm/tasks/centos.yml
index 705a022ad9f..aa201f24270 100644
--- a/Ansible/roles/kvm/tasks/centos.yml
+++ b/Ansible/roles/kvm/tasks/centos.yml
@@ -222,4 +222,11 @@
 - include: ./centos_elrepokernel.yml
   #when: kvm_install_elrepo_kernel
   tags:
-    - kvm
\ No newline at end of file
+    - kvm
+
+- name: Install cryptsetup to support encryption
+  yum: name={{ item }} state=present enablerepo=base
+  with_items:
+    - cryptsetup
+  tags:
+    - kvm

From dd4f983cbfb8a596da7278269132311e04b3620c Mon Sep 17 00:00:00 2001
From: Suresh Kumar Anaparti <Suresh.Anaparti@shapeblue.com>
Date: Tue, 31 May 2022 15:19:21 +0530
Subject: [PATCH 3/5] Add rng-tools to support entropy (#154)

* Install rng-tools to support entropy

* Review changes
---
 Ansible/roles/kvm/tasks/centos.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Ansible/roles/kvm/tasks/centos.yml b/Ansible/roles/kvm/tasks/centos.yml
index aa201f24270..543eeed7ce7 100644
--- a/Ansible/roles/kvm/tasks/centos.yml
+++ b/Ansible/roles/kvm/tasks/centos.yml
@@ -224,9 +224,13 @@
   tags:
     - kvm
 
-- name: Install cryptsetup to support encryption
+- name: Install cryptsetup and rng-tools to support encryption and entropy respectively
   yum: name={{ item }} state=present enablerepo=base
   with_items:
     - cryptsetup
+    - rng-tools
   tags:
     - kvm
+
+- name: Start rng service
+  shell: "systemctl start rngd"

From 8549b158f4fb4b2836c1a570e0f5a86a67e17020 Mon Sep 17 00:00:00 2001
From: Suresh Kumar Anaparti <suresh.anaparti@shapeblue.com>
Date: Wed, 1 Jun 2022 17:07:32 +0530
Subject: [PATCH 4/5] Start haveged service in management server for entropy
 support

---
 Ansible/roles/cloudstack-manager/tasks/centos.yml  |  8 +++++++-
 Ansible/roles/cloudstack-manager/tasks/centos8.yml | 10 ++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/Ansible/roles/cloudstack-manager/tasks/centos.yml b/Ansible/roles/cloudstack-manager/tasks/centos.yml
index 6f29018da15..4a336ba2c53 100644
--- a/Ansible/roles/cloudstack-manager/tasks/centos.yml
+++ b/Ansible/roles/cloudstack-manager/tasks/centos.yml
@@ -26,9 +26,15 @@
 - name: Ensure CA Certs are latest
   yum: name=ca-certificates state=latest enablerepo=base
 
-- name: install rng-tools to get entropy
+- name: install haveged to get entropy
   yum: name=haveged state=present
 
+- name: start haveged for entropy
+  service:
+    name: haveged
+    state: started
+    enabled: yes
+
 - name: update lvm2 as fix for bugzilla.redhat.com/show_bug.cgi?id=1294128
   yum: name=lvm2 state=latest
 
diff --git a/Ansible/roles/cloudstack-manager/tasks/centos8.yml b/Ansible/roles/cloudstack-manager/tasks/centos8.yml
index 7dc1d5ea46f..b7cae306daa 100644
--- a/Ansible/roles/cloudstack-manager/tasks/centos8.yml
+++ b/Ansible/roles/cloudstack-manager/tasks/centos8.yml
@@ -66,9 +66,15 @@
 - name: Ensure CA Certs are latest
   dnf: name=ca-certificates state=latest enablerepo=base
 
-- name: install rng-tools to get entropy
+- name: install haveged to get entropy
   dnf: name=haveged state=present
 
+- name: start haveged for entropy
+  service:
+    name: haveged
+    state: started
+    enabled: yes
+
 - name: determine number of db hosts
   set_fact: num_xen_hosts="{{ groups['xenserver_hosts'] | length }}"
 
@@ -132,4 +138,4 @@
   shell: "dnf install -y {{ sb_repo }}/ipmi/{{ ipmitool_binary }}"
 
 - name: Upgrade gcrypt library on CentOS 8 MS
-  dnf: name=libgcrypt state=present
\ No newline at end of file
+  dnf: name=libgcrypt state=present

From a0608d1eaf0fd76bc11a4feb1b17fbb63eab0bf0 Mon Sep 17 00:00:00 2001
From: Suresh Kumar Anaparti <Suresh.Anaparti@shapeblue.com>
Date: Mon, 27 Jun 2022 13:26:16 +0530
Subject: [PATCH 5/5] packages to support volume encryption in el8 (#155)

* Install cryptsetup and rng-tools, to support encryption and entropy respectively in EL8

* Review changes
---
 Ansible/roles/kvm/tasks/centos8.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/Ansible/roles/kvm/tasks/centos8.yml b/Ansible/roles/kvm/tasks/centos8.yml
index da83b58f0fc..45adf6292a4 100644
--- a/Ansible/roles/kvm/tasks/centos8.yml
+++ b/Ansible/roles/kvm/tasks/centos8.yml
@@ -213,3 +213,14 @@
 # when: kvm_install_elrepo_kernel
   tags:
     - kvm
+
+- name: Install cryptsetup and rng-tools to support encryption and entropy respectively
+  dnf: name={{ item }} state=present enablerepo=base
+  with_items:
+    - cryptsetup
+    - rng-tools
+  tags:
+    - kvm
+
+- name: Start rng service
+  shell: "systemctl start rngd"