nova/releasenotes at de512f2c025429b72ade5a5ec38a6f1bde60af3c - nova

History

Kashyap Chamarthy de512f2c02 libvirt: Add a default VirtIO-RNG device to guests tl;dr: We're adding the default VirtIO-RNG device to ensure guests are not starved of entropy (and thus not hang) during boot time. Background ---------- From Nova Git history, commit `b94550f419` ("libvirt: configuration element for a random number generator device") _did_ add a default RNG device (but with its entropy source to the undesirable '/dev/random'). However, the default RNG device was immediately removed in another commit (`605677c` -- "libvirt: remove explicit /dev/random rng default"), with this rationale: libvirt (or rather qemu) will default to /dev/random if no rng device path is specified [...] It's preferable for us to not duplicate this default to allow for a future where libvirt or the hypervisor needs to make more intelligent decisions about the default device to use. The above reasoning doesn't hold up, because: (a) libvirt does not make "policy" decisions, such as choosing an entropy source (or any other such). Therefore Nova, as a management application, should make the decision here. (b) More importantly, when QEMU exposes a VirtIO-RNG device to the guest, that device needs a source of entropy; and QEMU by default uses the legacy and problematic `/dev/random` as the source — instead of the preferred `/dev/urandom`. So QEMU's default for VirtIO-RNG devices is not sufficient, and Nova should not rely on it. (Discussion[+] on 'qemu-devel' list to consider changing QEMU's default.) * * * In this patch: - Make Nova configure a VirtIO-RNG device by default for guests. (Which will be using `/dev/urandom` as the default entropy source.) This will also work for Windows guests, when using VirtIO-Win drivers[] on the Linux host. - The 'hw_rng_model' image metadata property is now rendered (temporarily) useless -- as it's not used anywhere outside the _add_rng_device() method. But we don't want to deprecate it yet, as we may extend it (see code comment for details); docucment that. [] https://docs.pagure.org/docs-fedora/create-windows-vms-using-virtio.html [+] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html -- "[RFC] Virtio RNG: Consider changing the default entropy source to /dev/urandom?" Closes-Bug: #1789868 Change-Id: I28e66c9640c38d23b8c0dbd0b05f5260bfcf6d30 Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>	2020-01-23 13:24:52 +01:00
..
notes	libvirt: Add a default VirtIO-RNG device to guests	2020-01-23 13:24:52 +01:00
source	Keep pre-commit inline with hacking and fix whitespace	2019-12-12 14:56:39 +00:00

Kashyap Chamarthy de512f2c02 libvirt: Add a default VirtIO-RNG device to guests

tl;dr: We're adding the default VirtIO-RNG device to ensure guests are
       not starved of entropy (and thus not hang) during boot time.

Background
----------

From Nova Git history, commit b94550f419 ("libvirt: configuration
element for a random number generator device") _did_ add a default RNG
device (but with its entropy source to the undesirable '/dev/random').
However, the default RNG device was immediately removed in another
commit (605677c -- "libvirt: remove explicit /dev/random rng default"),
with this rationale:

    libvirt (or rather qemu) will default to /dev/random if no rng device
    path is specified [...]

    It's preferable for us to not duplicate this default to allow for a
    future where libvirt or the hypervisor needs to make more intelligent
    decisions about the default device to use.

The above reasoning doesn't hold up, because:

(a) libvirt does not make "policy" decisions, such as choosing an
    entropy source (or any other such).  Therefore Nova, as a management
    application, should make the decision here.

(b) More importantly, when QEMU exposes a VirtIO-RNG device to the
    guest, that device needs a source of entropy; and QEMU by default
    uses the legacy and problematic `/dev/random` as the source —
    instead of the preferred `/dev/urandom`.  So QEMU's default for
    VirtIO-RNG devices is not sufficient, and Nova should not rely on
    it.  (Discussion[+] on 'qemu-devel' list to consider changing QEMU's
    default.)

                    * * *

In this patch:

  - Make Nova configure a VirtIO-RNG device by default for guests.
    (Which will be using `/dev/urandom` as the default entropy source.)
    This will also work for Windows guests, when using VirtIO-Win
    drivers[*] on the Linux host.

  - The 'hw_rng_model' image metadata property is now rendered
    (temporarily) useless -- as it's not used anywhere outside the
    _add_rng_device() method.  But we don't want to deprecate it yet, as
    we may extend it (see code comment for details); docucment that.

[*] https://docs.pagure.org/docs-fedora/create-windows-vms-using-virtio.html
[+] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
    -- "[RFC] Virtio RNG: Consider changing the default entropy source to
    /dev/urandom?"

Closes-Bug: #1789868

Change-Id: I28e66c9640c38d23b8c0dbd0b05f5260bfcf6d30
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>

2020-01-23 13:24:52 +01:00

notes libvirt: Add a default VirtIO-RNG device to guests 2020-01-23 13:24:52 +01:00

source Keep pre-commit inline with hacking and fix whitespace 2019-12-12 14:56:39 +00:00