Add RANDFILE for CA generation

haproxytech · Oct 5, 2020 · 5c3661b · 5c3661b
1 parent 66f3b16
commit 5c3661b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/ansible/roles/cloudinit/files/var/lib/vmware/userdata.txt b/ansible/roles/cloudinit/files/var/lib/vmware/userdata.txt
@@ -7,6 +7,7 @@ chpasswd:
 # Generate certificates using pre-seeded entropy provided by haveged.
 runcmd:
     - dd if=/dev/random of=/tmp/.random bs=256 count=1
-    - if true; then /var/lib/vmware/retry.sh "new-ca.sh '{{ ds.meta_data.local_ipv4 }}' /etc/haproxy"; fi
+    - if true; then RANDFILE=/tmp/.random /var/lib/vmware/retry.sh "new-ca.sh '{{ ds.meta_data.local_ipv4 }}' /etc/haproxy"; fi
+    - dd if=/dev/random of=/tmp/.random bs=256 count=1
     - RANDFILE=/tmp/.random /var/lib/vmware/retry.sh "new-cert.sh -1 /etc/haproxy/ca.crt -2 /etc/haproxy/ca.key -3 "127.0.0.1,{{ ds.meta_data.network.interfaces.by_ipv4.keys()|join(',') }}" -4 "localhost" "{{ ds.meta_data.hostname }}" /etc/haproxy" 2>&1 | tee /var/log/vmware/new_cert.log
     - vmware-rpctool "info-set guestinfo.dataplaneapi.cacert $(base64 -w0 /etc/haproxy/ca.crt)"