Set RANDFILE=/dev/null for ipa-server-configure-first.service

OpenSSL requires at least one of HOME or RANDFILE environment variables to be set for it to work. Without this fix, the external CA setup crashes because OpenSSL is unable to write its random state anywhere when it tries to generate a CSR for the external CA to sign.
freeipa · Jan 12, 2018 · bd3a33a · bd3a33a
1 parent 4f45c77
commit bd3a33a
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/ipa-server-configure-first.service b/ipa-server-configure-first.service
@@ -3,6 +3,7 @@ Description=Configure IPA server upon the first start
 
 [Service]
 Type=oneshot
+Environment="RANDFILE=/dev/null"
 ExecStart=/usr/sbin/ipa-server-configure-first
 ExecStartPost=/usr/sbin/ipa-server-status-check
 FailureAction=poweroff