install: Create OpenSSL CSPRNG seed data for voms-proxy-init.

unibonn / puppet-cobald

Puppet module for COBalD/TARDIS based opportunistic resource management

Apache License 2.0

1 stars 7 forks source link

install: Create OpenSSL CSPRNG seed data for voms-proxy-init. #3

Closed olifre closed 3 years ago

olifre commented 3 years ago

voms-proxy-init tries to open ~/.rnd (via recent openssl libraries) and if this does not exist, the error:

 Cannot open fileFilename=/var/lib/cobald/.rnd
 Function: RAND_load_file

is spammed into the cron log output. While it seems the data is not actually used, best practice to silent the warnings is to seed it with something useful as described here: https://security.stackexchange.com/a/177512

We observe this since the upgrade to CentOS 8.

olifre commented 3 years ago

@wiene , I realized just now that I can't leave an approving review on my own PR, so I am unsure if the "two approving reviews needed" limitation works out for this PR. If it does not, I would propose we use the command line instructions which GitHub links for merging in those cases (better ideas welcome ;-) ).

olifre commented 3 years ago

Thanks for the quick merging! The change is now already in production :rocket: .