Declare RANDFILE to avoid issues with unable to write it

Remove error "unable to write 'random state'", cause by default there is no explicit home to set it and remove 'PRNG not seeded' by setting RANDFILE to do it. Also lower dhparam size to avoid 'execution expired' errors. Change-Id: I15993f8971ad0a03e1d8cb4a9ead806ee576925d Closes-Bug: #1536608
2016-01-21 18:11:28 +03:00 · 2016-01-21 18:11:28 +03:00 · 71f877abd5
commit 71f877abd5
parent 35fdff42f7
1 changed files with 4 additions and 3 deletions
--- a/deployment/puppet/nailgun/manifests/nginx_nailgun.pp
+++ b/deployment/puppet/nailgun/manifests/nginx_nailgun.pp
@ -24,9 +24,10 @@ class nailgun::nginx_nailgun(
    $dhparam = '/etc/pki/tls/dhparam.pem'

    exec { 'create new dhparam file':
-      path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
-      command => "openssl dhparam -out ${dhparam} 4096",
-      creates => $dhparam,
+      environment => 'RANDFILE=/root/.rnd',
+      path        => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
+      command     => "openssl dhparam -rand /dev/urandom -out ${dhparam} 2048",
+      creates     => $dhparam,
    }
  }