Bug 1337101
Summary: | [RFE] enable virtio-rng /dev/urandom by default | |||
---|---|---|---|---|
Product: | [oVirt] ovirt-engine | Reporter: | Michal Skrivanek <michal.skrivanek> | |
Component: | BLL.Virt | Assignee: | jniederm | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Nisim Simsolo <nsimsolo> | |
Severity: | medium | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 4.0.0 | CC: | amit, bugs, djasa, eheftman, jniederm, lbopf, mpoledni, nsimsolo, rgolan, rmohr | |
Target Milestone: | ovirt-4.1.0-alpha | Keywords: | FutureFeature, Performance | |
Target Release: | 4.1.0.2 | Flags: | michal.skrivanek:
ovirt-4.1?
nsimsolo: testing_plan_complete+ michal.skrivanek: planning_ack? michal.skrivanek: devel_ack+ rule-engine: testing_ack+ |
|
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Enhancement | ||
Doc Text: |
With this release, ‘/dev/random’ is now the default random number generator in clusters with a cluster compatibility level of ‘4.0’ and below, and ‘/dev/urandom’ is now the default random number generator in clusters with a cluster compatibility level of ‘4.1’ and above. Because these random number generators are enabled by default, the option to enable them has now been removed from the ‘New Cluster’ and ‘Edit Cluster’ windows. However, you can select the random number generator source for individual virtual machines from the ‘New Virtual Machine’ and ‘Edit Virtual Machine’ windows.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1398560 (view as bug list) | Environment: | ||
Last Closed: | 2017-03-16 14:45:35 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | Virt | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1347669, 1374227, 1419924 | |||
Bug Blocks: | 1398560, 1405032, 1430550 |
Description
Michal Skrivanek
2016-05-18 09:57:43 UTC
it may be handy to enable it at cluster level earlier +1 He already seeing very slow session initiation.
Hot plugging the device helped using this:
```shell
echo "<rng model='virtio'><rate period="2000" bytes="1234"/><backend model='random'>/dev/random</backend
></rng>" > rng.tmp ; virsh attach-device --live hostedEngine rng.tmp
```
(In reply to Roy Golan from comment #2) > +1 He already seeing very slow session initiation. "He" == Hosted Engine Please make /dev/urandom default entropy source. For discussion of safety/security, see bug 1074464#c13 and links there. In oVirt/RHEV setting, use of /dev/random may actually make quality of randomness in VMs _lower_ if enough of them drain it to the point where other VMs have to wait for randomness. /dev/urandom provides no worse randomness (once seeded which is not an issue in virt hosts, according to [1], urandom gets seeded in ~30 seconds after boot) but it provides it at any time the VM needs it. Bug 1347642 requests addition of /dev/urandom among entropy sources for 4.1 [1] http://www.chronox.de/lrng/doc/lrng.pdf , section 3.3 (In reply to David Jaša from comment #4) > ... > Bug 1347642 requests addition of /dev/urandom among entropy sources for 4.1 I's actually bug 1347669, sorry for the noise. (In reply to Roy Golan from comment #2) > +1 He already seeing very slow session initiation. > > Hot plugging the device helped using this: > > ```shell > echo "<rng model='virtio'><rate period="2000" bytes="1234"/><backend > model='random'>/dev/random</backend > ></rng>" > rng.tmp ; virsh attach-device --live hostedEngine rng.tmp > ``` so is it used for HE already? There's no reason why would such change have to wait on this bug let's use bug 1347669 and make it /dev/urandom then It's reasonable to add RNG device by default, but let's keep the checkbox to disable it - if we ever want to create minimal VM, RNG is an additional overhead. renaming, since in bug 1374227 we are changing to /dev/urandom The fix for this issue should be included in oVirt 4.1.0 beta 1 released on December 1st. If not included please move back to modified. Verified: ovirt-engine-4.1.1.4-0.1.el7 qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64 vdsm-4.19.7-1.el7ev.x86_64 libvirt-client-2.0.0-10.el7_3.5.x86_64 sanlock-3.4.0-1.el7.x86_64 |