Puppet Class: wls_install::urandomfix
- Defined in:
- manifests/urandomfix.pp
Summary
This class installs the urandom fix for Java.Overview
wls_install::urandomfix
On Linux low entropy can cause certain operations to be very slow. Encryption operations need entropy to ensure randomness. Entropy is generated by the OS when you use the keyboard, the mouse or the disk.
If an encryption operation is missing entropy it will wait until enough is generated. Which can slow down your system.
To fix this, there are three options:
-
use rngd service (this class)
-
set java.security in JDK ( jre/lib/security )
-
set -Djava.security.egd=file:/dev/./urandom param
To use the rng service, just add:
“‘puppet include wls_install::urandomfix “`
to your manifest.
See the file “LICENSE” for the full license governing this code.
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'manifests/urandomfix.pp', line 29
class wls_install::urandomfix () {
$path = '/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:'
if $facts['os']['family'] in ['RedHat','Debian','Suse'] {
case $facts['os']['release']['major'] {
5: { $rng_package = 'rng-utils' }
default: { $rng_package = 'rng-tools' }
}
package { $rng_package:
ensure => present,
}
}
easy_type::debug_evaluation() # Show local variable on extended debug
case $facts['os']['family'] {
'RedHat': {
case $facts['os']['release']['major'] {
'7': {
exec { 'set urandom /lib/systemd/system/rngd.service':
command => "sed -i -e's/ExecStart=\\/sbin\\/rngd -f/ExecStart=\\/sbin\\/rngd -r \\/dev\\/urandom -o \\/dev\\/random -f/g' /lib/systemd/system/rngd.service;systemctl daemon-reload;systemctl restart rngd.service",
unless => "/bin/grep 'ExecStart=/sbin/rngd -r /dev/urandom -o /dev/random -f' /lib/systemd/system/rngd.service",
require => Package[$rng_package],
user => 'root',
path => $path,
}
exec { 'systemctl-daemon-reload':
command => 'systemctl --system daemon-reload',
path => $path,
subscribe => Exec['set urandom /lib/systemd/system/rngd.service'],
refreshonly => true,
notify => Service['rngd'],
}
service { 'rngd':
ensure => 'running',
enable => true,
require => Exec['systemctl-daemon-reload'],
}
}
'6': {
exec { 'set urandom /etc/sysconfig/rngd':
command => "sed -i -e's/EXTRAOPTIONS=\"\"/EXTRAOPTIONS=\"-r \\/dev\\/urandom -o \\/dev\\/random -b\"/g' /etc/sysconfig/rngd",
unless => "/bin/grep '^EXTRAOPTIONS=\"-r /dev/urandom -o /dev/random -b\"' /etc/sysconfig/rngd",
require => Package[$rng_package],
path => $path,
logoutput => true,
user => 'root',
notify => Service['rngd'],
}
service { 'rngd':
ensure => 'running',
enable => true,
require => Exec['set urandom /etc/sysconfig/rngd'],
}
exec { 'chkconfig rngd':
command => 'chkconfig --add rngd',
require => Service['rngd'],
unless => "chkconfig | /bin/grep 'rngd'",
path => $path,
logoutput => true,
user => 'root',
}
}
'5': {
exec { 'enable_entropy_daemon':
command => '/sbin/rngd -r /dev/urandom -t 10',
unless => '/bin/ps -ef | grep urandom | grep -v grep',
require => Package[$rng_package],
}
}
default: {
fail 'unsupported OS version found.'
}
}
}
'Debian','Suse' : {
exec { 'set urandom /etc/default/rng-tools':
command => "sed -i -e's/#HRNGDEVICE=\\/dev\\/null/HRNGDEVICE=\\/dev\\/urandom/g' /etc/default/rng-tools",
unless => "/bin/grep '^HRNGDEVICE=/dev/urandom' /etc/default/rng-tools",
require => Package[$rng_package],
path => $path,
logoutput => true,
user => 'root',
notify => Service['rng-tools'],
}
service { 'rng-tools':
ensure => 'running',
enable => true,
require => Exec['set urandom /etc/default/rng-tools'],
}
}
default: {
fail("Unrecognized osfamily ${facts['os']['family']}, please use it on a Linux host")
}
}
}
|