Newer GnuTLS versions (>= 3.3.0) use a library constructor for
initialization and open /dev/urandom on library load, way before we
fork(). Closing /dev/urandom on fork causes a failure to re-seed GnuTLS's
random number generator during the first ganeti.http.client request, which
in turn causes the process to silently abort(3).

For more background on this behavior, see this thread at the GnuTLS
mailing list:

http://lists.gnupg.org/pipermail/gnutls-help/2014-April/003429.html



Note that calling pycurl.global_init() at the correct place (as we do) is not
enough, as it does not cause a re-initialization of the GnuTLS library.

As we cannot reliably detect neither the GnuTLS version, nor the socket, we
work our way around this by keeping all fds referring to /dev/urandom open
after fork. We do so using the /proc/self/fd interface.

This fixes issues #961 and #964.

Note that this would not affect the Haskell daemons using cURL + GnuTLS,
because we don't close all file descriptors on fork there.

Signed-off-by: Apollon Oikonomopoulos <apoikos@gmail.com>
Reviewed-by: Helga Velroyen <helgav@google.com>