From 814bfd937238cbd211ea30805c36ae682cfd7b48 Mon Sep 17 00:00:00 2001 From: Kashyap Chamarthy Date: Fri, 22 Jun 2018 12:11:56 +0200 Subject: [PATCH] conf: libvirt: Make `/dev/urandom` the default for 'rng_dev_path' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since libvirt 1.3.4, any RNG (Random Number Generator) device path (that returns random numbers when read!) is accepted. However, the recommended source of entropy is `/dev/urandom` (it is non-blocking; and doesn't have the same limitations of `dev/random`, which is a legacy interface). Therefore, make `/dev/urandom` the default RNG for 'rng_dev_path' config attribute; adjust the relevant tests. Also update the documention to reflect this change. Change-Id: Ia39402a045ffb1943463b5741655d84071613e8c Signed-off-by: Kashyap Chamarthy Reported-by: Daniel P. Berrangé --- nova/conf/libvirt.py | 16 +++++++++++++--- nova/tests/unit/virt/libvirt/test_config.py | 4 ++-- nova/tests/unit/virt/libvirt/test_driver.py | 4 ++-- ...efault-for-rng_dev_path-150a76b0ea74cbc2.yaml | 6 ++++++ 4 files changed, 23 insertions(+), 7 deletions(-) create mode 100644 releasenotes/notes/urandom-as-default-for-rng_dev_path-150a76b0ea74cbc2.yaml diff --git a/nova/conf/libvirt.py b/nova/conf/libvirt.py index 6316d0c4b99b..94c52e318c5e 100644 --- a/nova/conf/libvirt.py +++ b/nova/conf/libvirt.py @@ -661,9 +661,19 @@ Possible cache modes: mode in production environments. """), cfg.StrOpt('rng_dev_path', - help='A path to a device that will be used as source of ' - 'entropy on the host. Permitted options are: ' - '/dev/random or /dev/hwrng'), + default='/dev/urandom', + help=""" +The path to an RNG (Random Number Generator) device that will be used as +the source of entropy on the host. Since libvirt 1.3.4, any path (that +returns random numbers when read) is accepted. The recommended source +of entropy is ``/dev/urandom`` -- it is non-blocking, therefore +relatively fast; and avoids the limitations of ``/dev/random``, which is +a legacy interface. For more details (and comparision between different +RNG sources), refer to the "Usage" section in the Linux kernel API +documentation for ``[u]random``: +http://man7.org/linux/man-pages/man4/urandom.4.html and +http://man7.org/linux/man-pages/man7/random.7.html. +"""), cfg.ListOpt('hw_machine_type', help='For qemu or KVM guests, set this option to specify ' 'a default machine type per host architecture. ' diff --git a/nova/tests/unit/virt/libvirt/test_config.py b/nova/tests/unit/virt/libvirt/test_config.py index b68af754aabe..3a1a38a6d336 100644 --- a/nova/tests/unit/virt/libvirt/test_config.py +++ b/nova/tests/unit/virt/libvirt/test_config.py @@ -3271,7 +3271,7 @@ class LibvirtConfigGuestRngTest(LibvirtConfigBaseTest): def test_config_rng_driver_with_rate(self): obj = config.LibvirtConfigGuestRng() - obj.backend = '/dev/random' + obj.backend = '/dev/urandom' obj.rate_period = '12' obj.rate_bytes = '34' @@ -3279,7 +3279,7 @@ class LibvirtConfigGuestRngTest(LibvirtConfigBaseTest): self.assertXmlEqual(xml, """ - /dev/random + /dev/urandom """) diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py index 8f1678ead8ad..24deda295423 100644 --- a/nova/tests/unit/virt/libvirt/test_driver.py +++ b/nova/tests/unit/virt/libvirt/test_driver.py @@ -5348,7 +5348,7 @@ class LibvirtConnTestCase(test.NoDBTestCase, vconfig.LibvirtConfigMemoryBalloon) self.assertEqual(cfg.devices[6].model, 'random') - self.assertIsNone(cfg.devices[6].backend) + self.assertEqual(cfg.devices[6].backend, '/dev/urandom') self.assertIsNone(cfg.devices[6].rate_bytes) self.assertIsNone(cfg.devices[6].rate_period) @@ -5422,7 +5422,7 @@ class LibvirtConnTestCase(test.NoDBTestCase, vconfig.LibvirtConfigMemoryBalloon) self.assertEqual(cfg.devices[6].model, 'random') - self.assertIsNone(cfg.devices[6].backend) + self.assertEqual(cfg.devices[6].backend, '/dev/urandom') self.assertEqual(cfg.devices[6].rate_bytes, 1024) self.assertEqual(cfg.devices[6].rate_period, 2) diff --git a/releasenotes/notes/urandom-as-default-for-rng_dev_path-150a76b0ea74cbc2.yaml b/releasenotes/notes/urandom-as-default-for-rng_dev_path-150a76b0ea74cbc2.yaml new file mode 100644 index 000000000000..2867f0fd24ad --- /dev/null +++ b/releasenotes/notes/urandom-as-default-for-rng_dev_path-150a76b0ea74cbc2.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The default value of the configuration attribute + ``[libvirt]/rng_dev_path`` is now set to ``/dev/urandom``. Refer to + the documentation of ``rng_dev_path`` for details.