/dev/urandom is used to generate gpg keys in /roles/basics/tasks/main.yml and /roles/vms/tasks/main.yml. During automated setup of the host and VMs there is no entropy available. And the Hardware RNG from Intels i5 seems to be backdoored: https://en.wikipedia.org/wiki/RdRand.
Options to fix this:
One could use a random source over the network (or a trusted random source from the Internet)
One could generate the keys externally and transport the to machines. How to send them securely over?
bob5ec
commented
5 years ago
/dev/urandom is used to generate gpg keys in /roles/basics/tasks/main.yml and /roles/vms/tasks/main.yml. During automated setup of the host and VMs there is no entropy available. And the Hardware RNG from Intels i5 seems to be backdoored: https://en.wikipedia.org/wiki/RdRand.
Options to fix this: