How can I customize rngd service startup?

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux (RHEL) 7 and 8

Issue

  • The rngd service fails at startup on a virtual server as an entropy device is not available.

Resolution

  • With Red Hat Enterprise Linux 7 and 8, rngd does not have a configuration file which can be altered. Because systemd is used, it is possible to enable changing default settings by overriding those by following these steps:

    1. cp /usr/lib/systemd/system/rngd.service /etc/systemd/system
    2. Edit the file - setting the required runtime options or any other options available with systemd
    3. systemctl daemon-reload # make systemd aware of the changes
    4. systemctl start rngd.service

  • As an example, in the /etc/systemd/system/rngd.service file modify the execution line 

      from: `ExecStart=/sbin/rngd -f `
  to:   `ExecStart=/sbin/rngd -f -r /dev/urandom -o /dev/random`

Root Cause

  • Trusted Platform Module (TPM) is not available for the system
  • No option to use environment variables to customize rngd service.

Diagnostic Steps

  • Check the status:

      # service rngd status -l
  Redirecting to /bin/systemctl status  rngd.service
  rngd.service - Hardware RNG Entropy Gatherer Daemon
     Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled)
     Active: failed (Result: exit-code) since Thu 2015-03-12 15:32:29 IST; 11min ago
    Process: 13105 ExecStart=/sbin/rngd -f (code=exited, status=1/FAILURE)
   Main PID: 13105 (code=exited, status=1/FAILURE)
  
  Mar 12 15:32:29 illin3097 systemd[1]: Started Hardware RNG Entropy Gatherer Daemon.
  Mar 12 15:32:29 illin3097 rngd[13105]: Unable to open file: /dev/tpm0
  Mar 12 15:32:29 illin3097 rngd[13105]: can't open any entropy source
  Mar 12 15:32:29 illin3097 rngd[13105]: Maybe RNG device modules are not loaded
  Mar 12 15:32:29 illin3097 systemd[1]: rngd.service: main process exited, code=exited, status=1/FAILURE
  Mar 12 15:32:29 illin3097 systemd[1]: Unit rngd.service entered failed state.
SBR
Product(s)
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.