virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys

This commit is contained in:
Evgeny Egorochkin 2016-03-12 10:09:02 +02:00
parent 73487f4619
commit 7a4684bee1
2 changed files with 38 additions and 0 deletions

View File

@ -0,0 +1,17 @@
--- a/waagent 2016-03-12 09:58:15.728088851 +0200
+++ a/waagent 2016-03-12 09:58:43.572680025 +0200
@@ -6173,10 +6173,10 @@
Log("MAC address: " + ":".join(["%02X" % Ord(a) for a in mac]))
# Consume Entropy in ACPI table provided by Hyper-V
- try:
- SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
- except:
- pass
+ #try:
+ # SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
+ #except:
+ # pass
Log("Probing for Azure environment.")
self.Endpoint = self.DoDhcpWork()

View File

@ -14,6 +14,9 @@ let
rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4"; rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x"; sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
}; };
patches = [ ./azure-agent-entropy.patch ];
buildInputs = [ makeWrapper python pythonPackages.wrapPython ]; buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
nettools # for hostname nettools # for hostname
@ -156,6 +159,24 @@ in
before = [ "sshd.service" ]; before = [ "sshd.service" ];
}; };
systemd.services.consume-hypervisor-entropy =
{ description = "Consume entropy in ACPI table provided by Hyper-V";
wantedBy = [ "sshd.service" "waagent.service" ];
before = [ "sshd.service" "waagent.service" ];
after = [ "local-fs.target" ];
path = [ pkgs.coreutils ];
script =
''
echo "Fetching entropy..."
cat /sys/firmware/acpi/tables/OEM0 > /dev/random
'';
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.StandardError = "journal+console";
serviceConfig.StandardOutput = "journal+console";
};
systemd.services.waagent = { systemd.services.waagent = {
wantedBy = [ "sshd.service" ]; wantedBy = [ "sshd.service" ];