Browse Source
virtng: add random device by default
* Salt minion is unable unencrypt the messages from master during boot
because of lack of entropy, throwing the exception:
File "/usr/lib/python2.7/dist-packages/salt/utils/rsax931.py", line 146, in sign
raise SSLError('Unable to encrypt message')
SSLError: Unable to encrypt message:
error:80064191:lib(128):osrandom_init:getrandom() initialization failed with EAGAIN. Most likely Kernel CPRNG is not se
error:80065190:lib(128):osrandom_rand_bytes:getrandom() initialization failed.
error:04088003:rsa routines:RSA_setup_blinding:BN lib
error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error
After node has been booted up, and /dev/random device collected some
extra entropy, salt-minion could start.
This patch configures libvirt vms to use /dev/urandom for faster
entropy regeneration
Change-Id: I470166b4424752d24ac4bb2cb87d9f99cd14752e
Co-Authored-By: Oleksandr Savatieiev <osavatieiev@mirantis.com>
Prod-Related: PROD-19711
pull/73/head
azvyagintsev
6 years ago
1 changed files with 2 additions and 1 deletions
+ 2
- 1
_modules/virtng.py
View File
| start=True, # pylint: disable=redefined-outer-name | start=True, # pylint: disable=redefined-outer-name | ||||
| disk='default', | disk='default', | ||||
| saltenv='base', | saltenv='base', | ||||
| rng={}, | |||||
| rng=None, | |||||
| **kwargs): | **kwargs): | ||||
| ''' | ''' | ||||
| Initialize a new vm | Initialize a new vm | ||||
| salt 'hypervisor' virt.init vm_name 4 512 nic=profile disk=profile | salt 'hypervisor' virt.init vm_name 4 512 nic=profile disk=profile | ||||
| ''' | ''' | ||||
| rng = rng or {'backend':'/dev/urandom'} | |||||
| hypervisor = __salt__['config.get']('libvirt:hypervisor', hypervisor) | hypervisor = __salt__['config.get']('libvirt:hypervisor', hypervisor) | ||||
| nicp = _nic_profile(nic, hypervisor, **kwargs) | nicp = _nic_profile(nic, hypervisor, **kwargs) |
Loading…