openstack
/
nova
Code Issues Proposed changes
nova/nova
History
Kashyap Chamarthy de512f2c02 libvirt: Add a default VirtIO-RNG device to guests 
tl;dr: We're adding the default VirtIO-RNG device to ensure guests are
       not starved of entropy (and thus not hang) during boot time.

Background
----------

From Nova Git history, commit b94550f419 ("libvirt: configuration
element for a random number generator device") _did_ add a default RNG
device (but with its entropy source to the undesirable '/dev/random').
However, the default RNG device was immediately removed in another
commit (605677c -- "libvirt: remove explicit /dev/random rng default"),
with this rationale:

    libvirt (or rather qemu) will default to /dev/random if no rng device
    path is specified [...]

    It's preferable for us to not duplicate this default to allow for a
    future where libvirt or the hypervisor needs to make more intelligent
    decisions about the default device to use.

The above reasoning doesn't hold up, because:

(a) libvirt does not make "policy" decisions, such as choosing an
    entropy source (or any other such).  Therefore Nova, as a management
    application, should make the decision here.

(b) More importantly, when QEMU exposes a VirtIO-RNG device to the
    guest, that device needs a source of entropy; and QEMU by default
    uses the legacy and problematic `/dev/random` as the source —
    instead of the preferred `/dev/urandom`.  So QEMU's default for
    VirtIO-RNG devices is not sufficient, and Nova should not rely on
    it.  (Discussion[+] on 'qemu-devel' list to consider changing QEMU's
    default.)

                    * * *

In this patch:

  - Make Nova configure a VirtIO-RNG device by default for guests.
    (Which will be using `/dev/urandom` as the default entropy source.)
    This will also work for Windows guests, when using VirtIO-Win
    drivers[*] on the Linux host.

  - The 'hw_rng_model' image metadata property is now rendered
    (temporarily) useless -- as it's not used anywhere outside the
    _add_rng_device() method.  But we don't want to deprecate it yet, as
    we may extend it (see code comment for details); docucment that.

[*] https://docs.pagure.org/docs-fedora/create-windows-vms-using-virtio.html
[+] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
    -- "[RFC] Virtio RNG: Consider changing the default entropy source to
    /dev/urandom?"

Closes-Bug: #1789868

Change-Id: I28e66c9640c38d23b8c0dbd0b05f5260bfcf6d30
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
 		2020-01-23 13:24:52 +01:00
..
api Merge "nova-net: Remove 'MetadataManager'" 2020-01-15 01:55:56 +00:00
cmd Merge "Print help if nova-manage subcommand is not specified" 2020-01-15 01:55:37 +00:00
compute Merge "nova-net: Remove final references to nova-network" 2020-01-15 01:55:49 +00:00
conductor Merge "Create instance action when burying in cell0" 2020-01-06 20:13:52 +00:00
conf Merge "nova-net: Kill it" 2020-01-15 02:12:31 +00:00
console Remove 'nova-xvpvncproxy' 2019-12-23 14:20:28 +00:00
db nova-net: Kill it 2020-01-14 21:25:56 +00:00
hacking nova-net: Remove final references to nova-network 2020-01-08 13:54:12 +00:00
image Improve error log when snapshot fails 2019-11-06 22:54:05 +00:00
keymgr
locale Imported Translations from Zanata 2019-12-09 06:44:38 +00:00
network nova-net: Kill it 2020-01-14 21:25:56 +00:00
notifications DRY: Build ImageMetaPropsPayload from ImageMetaProps 2019-12-13 19:46:12 +00:00
objects libvirt: Add a default VirtIO-RNG device to guests 2020-01-23 13:24:52 +01:00
pci support pci numa affinity policies in flavor and image 2019-12-11 14:39:12 +00:00
policies Merge "Introduce scope_types in Admin Actions" 2019-12-26 06:48:34 +00:00
privsep nova-net: Kill it 2020-01-14 21:25:56 +00:00
scheduler Merge "Use Placement 1.35 (root_required)" 2020-01-10 02:44:45 +00:00
servicegroup Handle ServiceNotFound in DbDriver._report_state 2019-12-04 09:50:17 -05:00
tests libvirt: Add a default VirtIO-RNG device to guests 2020-01-23 13:24:52 +01:00
virt libvirt: Add a default VirtIO-RNG device to guests 2020-01-23 13:24:52 +01:00
volume Fix exception translation when creating volume 2019-10-10 02:38:33 +00:00
__init__.py Eventlet monkey patching should be as early as possible 2019-03-22 09:27:16 +00:00
availability_zones.py Always pass HostAPI to get_availability_zones 2019-04-26 15:30:48 -04:00
baserpc.py
block_device.py hacking: Resolve W605 (invalid escape sequence) 2019-06-24 14:24:06 -05:00
cache_utils.py
config.py Rename 'nova.common.config' module to 'nova.middleware' 2019-08-16 00:53:03 +01:00
context.py Revert "Log CellTimeout traceback in scatter_gather_cells" 2019-10-22 17:12:28 -04:00
crypto.py
debugger.py
exception.py Merge "FUP for in-place numa rebuild" 2019-12-20 11:41:55 +00:00
exception_wrapper.py
filters.py filters: Stop handling cells v1 2019-06-12 16:09:46 +01:00
hooks.py
i18n.py
loadables.py trivial: Remove dead code 2019-12-12 10:55:02 +00:00
manager.py
middleware.py Rename 'nova.common.config' module to 'nova.middleware' 2019-08-16 00:53:03 +01:00
monkey_patch.py Bump to hacking 1.1.0 2019-04-12 16:23:49 +01:00
policy.py Fix the suppress of policy deprecation warnings 2020-01-07 17:58:09 +00:00
profiler.py
quota.py nova-net: Remove 'networks' quota 2019-11-22 16:49:31 +00:00
rpc.py Remove unnecessary wrapper 2019-05-29 17:14:13 +01:00
safe_utils.py
service.py nova-net: Remove 'MetadataManager' 2020-01-08 13:54:12 +00:00
service_auth.py
test.py nova-net: Kill it 2020-01-14 21:25:56 +00:00
utils.py nova-net: Kill it 2020-01-14 21:25:56 +00:00
version.py
weights.py
wsgi.py