From 71f877abd5590ef73dcb295781f941bc99ee2b98 Mon Sep 17 00:00:00 2001
From: Stanislaw Bogatkin <sbogatkin@mirantis.com>
Date: Thu, 21 Jan 2016 18:11:28 +0300
Subject: [PATCH] Declare RANDFILE to avoid issues with unable to write it

Remove error "unable to write 'random state'", cause by default
there is no explicit home to set it and remove 'PRNG not seeded'
by setting RANDFILE to do it.

Also lower dhparam size to avoid 'execution expired' errors.

Change-Id: I15993f8971ad0a03e1d8cb4a9ead806ee576925d
Closes-Bug: #1536608
---
 deployment/puppet/nailgun/manifests/nginx_nailgun.pp | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/deployment/puppet/nailgun/manifests/nginx_nailgun.pp b/deployment/puppet/nailgun/manifests/nginx_nailgun.pp
index 544cae72dc..c0be642d3c 100644
--- a/deployment/puppet/nailgun/manifests/nginx_nailgun.pp
+++ b/deployment/puppet/nailgun/manifests/nginx_nailgun.pp
@@ -24,9 +24,10 @@ class nailgun::nginx_nailgun(
     $dhparam = '/etc/pki/tls/dhparam.pem'
 
     exec { 'create new dhparam file':
-      path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
-      command => "openssl dhparam -out ${dhparam} 4096",
-      creates => $dhparam,
+      environment => 'RANDFILE=/root/.rnd',
+      path        => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
+      command     => "openssl dhparam -rand /dev/urandom -out ${dhparam} 2048",
+      creates     => $dhparam,
     }
   }