From 94171f104c441f8aea4f8cfadddbb6f0964b09a4 Mon Sep 17 00:00:00 2001 From: Julia Kreger Date: Tue, 15 Feb 2022 10:50:37 -0800 Subject: [PATCH] Create random character devices so systemd does not crash Systemd, depending on the version and the configuration, can attempt to open urandom when a ramdisk boots, before the udevd is launched to handle the devices. In particular in FIPS mode, this can result in the ramdisk crashing. In order to handle this, we pre-create the chracter device files which can be statically used in the early start sequence to allow the agent to boot and deploy. Change-Id: I587e66a0d6b652c4aeca6fc211602d999d4641e8 --- .../cleanup.d/99-ramdisk-create | 14 ++++++++++++++ ...te-ramdisk-random-devices-263f78a2ef40dbe2.yaml | 9 +++++++++ 2 files changed, 23 insertions(+) create mode 100644 releasenotes/notes/create-ramdisk-random-devices-263f78a2ef40dbe2.yaml diff --git a/dib/ironic-ramdisk-base/cleanup.d/99-ramdisk-create b/dib/ironic-ramdisk-base/cleanup.d/99-ramdisk-create index 1efa1c8..cd45aec 100755 --- a/dib/ironic-ramdisk-base/cleanup.d/99-ramdisk-create +++ b/dib/ironic-ramdisk-base/cleanup.d/99-ramdisk-create @@ -24,6 +24,20 @@ echo "#disabled" > ./tmp/fstab.new sudo mv ./tmp/fstab.new ./etc/fstab sudo ln -s ./sbin/init ./ +# NOTE(TheJulia): Make a random and urandom entry to handle +# long standing systemd bug cases where it may, depending on +# underlying OS config/version, try to open the random number +# generator before initializing. +# This class of issue has appeared frquently with systemd, +# https://github.com/systemd/systemd/issues/4167 is a commonly +# referenced example of this behavior. +if ! [ -a ./dev/random ]; then + sudo mknod ./dev/random c 1 8 +fi +if ! [ -a ./dev/urandom ]; then + sudo mknod ./dev/urandom c 1 9 +fi + # Note(JayF): to anyone trying to make this more configurable in the future, # there are significant hurdles around shell quoting if you try to put these # find commands into variables for making them more configurable. diff --git a/releasenotes/notes/create-ramdisk-random-devices-263f78a2ef40dbe2.yaml b/releasenotes/notes/create-ramdisk-random-devices-263f78a2ef40dbe2.yaml new file mode 100644 index 0000000..7dba980 --- /dev/null +++ b/releasenotes/notes/create-ramdisk-random-devices-263f78a2ef40dbe2.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Fixes issues with ramdisks potentially crashing when starting due to + systemd attempting to access a random number generator before udevd has + been launched. Depending on the mode of operation and underlying + and configuration, i.e. in FIPS mode, the system could have crashed as + a result. We will now always create the character devices devices, which + can be used early in the boot sequence.