Mount /dev/urandom on Jenkins slaves to avoid issues with entropy
Change-Id: I223179fec136a9d0e86f0ac69c36f5f87e386197
Related-Prod: PROD-30362
diff --git a/docker/swarm/stack/jenkins/slave01.yml b/docker/swarm/stack/jenkins/slave01.yml
index a9643ac..4791fe3 100644
--- a/docker/swarm/stack/jenkins/slave01.yml
+++ b/docker/swarm/stack/jenkins/slave01.yml
@@ -28,6 +28,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ - /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/jenkins/slave02.yml b/docker/swarm/stack/jenkins/slave02.yml
index fb3e6cc..58b5a23 100644
--- a/docker/swarm/stack/jenkins/slave02.yml
+++ b/docker/swarm/stack/jenkins/slave02.yml
@@ -28,6 +28,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ - /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/jenkins/slave03.yml b/docker/swarm/stack/jenkins/slave03.yml
index b10dc66..cc2acbd 100644
--- a/docker/swarm/stack/jenkins/slave03.yml
+++ b/docker/swarm/stack/jenkins/slave03.yml
@@ -28,6 +28,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ - /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
index e710cd2..f1617b4 100644
--- a/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_multi.yml
@@ -41,6 +41,9 @@
- name: docker-sock-volume02
mount: /var/run/docker.sock
read_only: false
+ - name: entropy-volume02
+ mount: /dev/random
+ read_only: true
volume:
jenkins-slave02:
type: glusterfs
@@ -50,6 +53,9 @@
docker-sock-volume02:
type: hostPath
path: /var/run/docker.sock
+ entropy-volume02:
+ type: hostPath
+ path: /dev/urandom
jenkins_slave03:
create: true
service: slave03
@@ -87,6 +93,9 @@
- name: docker-sock-volume03
mount: /var/run/docker.sock
read_only: false
+ - name: entropy-volume03
+ mount: /dev/random
+ read_only: true
volume:
jenkins-slave03:
type: glusterfs
@@ -96,3 +105,6 @@
docker-sock-volume03:
type: hostPath
path: /var/run/docker.sock
+ entropy-volume03:
+ type: hostPath
+ path: /dev/urandom
diff --git a/kubernetes/control/services/drivetrain/jenkins_slave_single.yml b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
index 5cdd32b..ee327dd 100644
--- a/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_slave_single.yml
@@ -42,6 +42,9 @@
- name: docker-sock-volume
mount: /var/run/docker.sock
read_only: false
+ - name: entropy-volume
+ mount: /dev/random
+ read_only: true
volume:
jenkins-slave01:
type: glusterfs
@@ -51,3 +54,6 @@
docker-sock-volume:
type: hostPath
path: /var/run/docker.sock
+ entropy-volume:
+ type: hostPath
+ path: /dev/urandom