Pārlūkot izejas kodu

virtng: add random device by default

* Salt minion is unable unencrypt the messages from master during boot
    because of lack of entropy, throwing the exception:

    File "/usr/lib/python2.7/dist-packages/salt/utils/rsax931.py", line 146, in sign
    raise SSLError('Unable to encrypt message')
    SSLError: Unable to encrypt message:
    error:80064191:lib(128):osrandom_init:getrandom() initialization failed with EAGAIN. Most likely Kernel CPRNG is not se
    error:80065190:lib(128):osrandom_rand_bytes:getrandom() initialization failed.
    error:04088003:rsa routines:RSA_setup_blinding:BN lib
    error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error

    After node has been booted up, and /dev/random device collected some
    extra entropy, salt-minion could start.

    This patch configures libvirt vms to use /dev/urandom for faster
    entropy regeneration

Change-Id: I470166b4424752d24ac4bb2cb87d9f99cd14752e
Co-Authored-By: Oleksandr Savatieiev <osavatieiev@mirantis.com>
Prod-Related: PROD-19711
pull/73/head
azvyagintsev pirms 6 gadiem
vecāks
revīzija
a4e802dc4c
1 mainītis faili ar 2 papildinājumiem un 1 dzēšanām
  1. +2
    -1
      _modules/virtng.py

+ 2
- 1
_modules/virtng.py Parādīt failu

@@ -550,7 +550,7 @@ def init(name,
start=True, # pylint: disable=redefined-outer-name
disk='default',
saltenv='base',
rng={},
rng=None,
**kwargs):
'''
Initialize a new vm
@@ -563,6 +563,7 @@ def init(name,
salt 'hypervisor' virt.init vm_name 4 512 nic=profile disk=profile
'''

rng = rng or {'backend':'/dev/urandom'}
hypervisor = __salt__['config.get']('libvirt:hypervisor', hypervisor)

nicp = _nic_profile(nic, hypervisor, **kwargs)

Notiek ielāde…
Atcelt
Saglabāt