From ea93bf550d73e742955d62bfaa66508ddaa403fb Mon Sep 17 00:00:00 2001 From: Aswin K R Date: Fri, 28 Jul 2023 10:46:17 +0530 Subject: [PATCH] unixPB: Install rng-tools to fix low entropy --- .../AdoptOpenJDK_Unix_Playbook/main.yml | 1 + .../roles/rngd/tasks/fedora.yml | 19 ++++++++++++++++ .../roles/rngd/tasks/main.yml | 22 +++++++++++++++++++ .../roles/rngd/tasks/sles.yml | 19 ++++++++++++++++ .../roles/rngd/tasks/ubuntu.yml | 19 ++++++++++++++++ 5 files changed, 80 insertions(+) create mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/fedora.yml create mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/main.yml create mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/sles.yml create mode 100644 ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/ubuntu.yml diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml index 7ac31394a2..fca1f997f6 100644 --- a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml @@ -141,3 +141,4 @@ - role: logs position: "End" tags: always + - rngd diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/fedora.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/fedora.yml new file mode 100644 index 0000000000..9fae7b73ac --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/fedora.yml @@ -0,0 +1,19 @@ +--- +- name: Install the rng-tools package (Fedora) + package: + name: rng-tools + state: latest + +- name: Update the rngd.service file (Fedora) + ini_file: + path: /usr/lib/systemd/system/rngd.service + section: service + option: ExecStart + value: "/sbin/rngd -f -r /dev/urandom -o /dev/random" + backup: yes + +- name: Start and enable "rngd" service (Fedora) + service: + name: rngd + state: started + enabled: yes diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/main.yml new file mode 100644 index 0000000000..5e09a54621 --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/main.yml @@ -0,0 +1,22 @@ +--- +################ +# rng daemon # +################ +- name: Install rng-tools and start service + tags: rngd + block: + - name: Install rng-tools and start rng-tools.service (Ubuntu) + include_tasks: ubuntu.yml + when: + - ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "21" + + - name: Install rng-tools and start rngd (Fedora) + include_tasks: fedora.yml + when: + - (ansible_distribution == "RedHat" and ansible_distribution_major_version <= "8") or + (ansible_distribution == "CentOS" and ansible_distribution_major_version <= "8") + + - name: Install rng-tools and start rng-tools.service (SLES) + include_tasks: sles.yml + when: + - ansible_distribution == "SLES" and ansible_distribution_major_version <= "12" diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/sles.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/sles.yml new file mode 100644 index 0000000000..e82211ac92 --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/sles.yml @@ -0,0 +1,19 @@ +--- +- name: Install the rng-tools package (SLES) + package: + name: rng-tools + state: latest + +- name: Update the rng-tools.service file (SLES) + ini_file: + path: /usr/lib/systemd/system/rng-tools.service + section: service + option: ExecStart + value: "usr/sbin/rngd -f -r /dev/urandom -o /dev/random" + backup: yes + +- name: Start and enable "rng-tools" service (SLES) + service: + name: rng-tools + state: started + enabled: yes diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/ubuntu.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/ubuntu.yml new file mode 100644 index 0000000000..581b048591 --- /dev/null +++ b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/ubuntu.yml @@ -0,0 +1,19 @@ +--- +- name: Install the rng-tools package (Ubuntu) + package: + name: rng-tools + state: latest + +- name: Update the rng-tools defaults file (Ubuntu) + lineinfile: + dest: '/etc/default/rng-tools' + regexp: '^HRNGDEVICE=/dev/urandom' + mode: '0644' + insertafter: '^#HRNGDEVICE=/dev/null' + line: 'HRNGDEVICE=/dev/urandom' + +- name: Start and enable "rngd" service (Ubuntu) + systemd: + name: rng-tools.service + state: started + enabled: yes