unixPB: Install rng-tools to fix low entropy (#3145)

adoptium · Sep 28, 2023 · a2989df · a2989df
1 parent 73c8e04
commit a2989df
Show file tree

Hide file tree

Showing 5 changed files with 80 additions and 0 deletions.
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/main.yml
@@ -141,3 +141,4 @@
     - role: logs
       position: "End"
       tags: always
+    - rngd
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/fedora.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/fedora.yml
@@ -0,0 +1,19 @@
+---
+- name: Install the rng-tools package (Fedora)
+  package:
+    name: rng-tools
+    state: latest
+
+- name: Update the rngd.service file (Fedora)
+  ini_file:
+    path: /usr/lib/systemd/system/rngd.service
+    section: service
+    option: ExecStart
+    value: "/sbin/rngd -f -r /dev/urandom -o /dev/random"
+    backup: yes
+
+- name: Start and enable "rngd" service (Fedora)
+  service:
+    name: rngd
+    state: started
+    enabled: yes
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/main.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+################
+#  rng daemon  #
+################
+- name: Install rng-tools and start service
+  tags: rngd
+  block:
+    - name: Install rng-tools and start rng-tools.service (Ubuntu)
+      include_tasks: ubuntu.yml
+      when:
+        - ansible_distribution == "Ubuntu" and ansible_distribution_major_version < "21"
+
+    - name: Install rng-tools and start rngd (Fedora)
+      include_tasks: fedora.yml
+      when:
+        - (ansible_distribution == "RedHat" and ansible_distribution_major_version <= "8") or
+          (ansible_distribution == "CentOS" and ansible_distribution_major_version <= "8")
+
+    - name: Install rng-tools and start rng-tools.service (SLES)
+      include_tasks: sles.yml
+      when:
+        - ansible_distribution == "SLES" and ansible_distribution_major_version <= "12"
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/sles.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/sles.yml
@@ -0,0 +1,19 @@
+---
+- name: Install the rng-tools package (SLES)
+  package:
+    name: rng-tools
+    state: latest
+
+- name: Update the rng-tools.service file (SLES)
+  ini_file:
+    path: /usr/lib/systemd/system/rng-tools.service
+    section: service
+    option: ExecStart
+    value: "usr/sbin/rngd -f -r /dev/urandom -o /dev/random"
+    backup: yes
+
+- name: Start and enable "rng-tools" service (SLES)
+  service:
+    name: rng-tools
+    state: started
+    enabled: yes
diff --git a/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/ubuntu.yml b/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/rngd/tasks/ubuntu.yml
@@ -0,0 +1,19 @@
+---
+- name: Install the rng-tools package (Ubuntu)
+  package:
+    name: rng-tools
+    state: latest
+
+- name: Update the rng-tools defaults file (Ubuntu)
+  lineinfile:
+    dest: '/etc/default/rng-tools'
+    regexp: '^HRNGDEVICE=/dev/urandom'
+    mode: '0644'
+    insertafter: '^#HRNGDEVICE=/dev/null'
+    line: 'HRNGDEVICE=/dev/urandom'
+
+- name: Start and enable "rngd" service (Ubuntu)
+  systemd:
+    name: rng-tools.service
+    state: started
+    enabled: yes