Bug 1463421
Summary: | [Docs][Planning] Add entropy recommendation for SHE to Planning Guide | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Sam Yangsao <syangsao> |
Component: | Documentation | Assignee: | Tahlia Richardson <trichard> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Byron Gravenorst <bgraveno> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 4.1.2 | CC: | dcadzow, lbopf, lsurette, mperina, rbalakri, srevivo, syangsao, ykaul, ylavi |
Target Milestone: | ovirt-4.1.6 | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-10-06 03:56:35 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Docs | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sam Yangsao
2017-06-20 21:00:34 UTC
Most probably your host/VM where you install engine doesn't have enough entropy, which is needed to encrypt admin@internal password. In case of a VM please check if you enabled /dev/random passthrough using virtio-rng or in case of a physical host you can install haveged service. (In reply to Martin Perina from comment #1) > Most probably your host/VM where you install engine doesn't have enough > entropy, which is needed to encrypt admin@internal password. In case of a VM > please check if you enabled /dev/random passthrough using virtio-rng or in > case of a physical host you can install haveged service. It looks low .. # cat /proc/sys/kernel/random/entropy_avail 157 I think we should probably document this somewhere in our installation guide or at least specify a warning on the engine-setup that this may need to be increased if they are using a VM for the RHV manager during setup. I did install rng-tools and followed this article [1] to increase it on my RHEL 7 VM # cat /proc/sys/kernel/random/entropy_avail 3079 [1] https://access.redhat.com/solutions/1395493 Is it possible to add some note about entropy requirement into RHEVM installation guide? (In reply to Martin Perina from comment #3) > Is it possible to add some note about entropy requirement into RHEVM > installation guide? Hi Martin, Sure, we can raise a docs bug for this; it sounds like it would go well in our upcoming Planning Guide. But we'll need some clearer details first. What is the entropy requirement for the machine hosting RHV-M? (In reply to Lucy Bopf from comment #4) > (In reply to Martin Perina from comment #3) > > Is it possible to add some note about entropy requirement into RHEVM > > installation guide? > > Hi Martin, > > Sure, we can raise a docs bug for this; it sounds like it would go well in > our upcoming Planning Guide. But we'll need some clearer details first. What > is the entropy requirement for the machine hosting RHV-M? Well, we don't have any exact value which is required for RHV, but according to [1] values below 200 are too low, on my system I usually have the value around 3000. [1] https://major.io/2007/07/01/check-available-entropy-in-linux/ (In reply to Martin Perina from comment #5) > (In reply to Lucy Bopf from comment #4) > > (In reply to Martin Perina from comment #3) > > > Is it possible to add some note about entropy requirement into RHEVM > > > installation guide? > > > > Hi Martin, > > > > Sure, we can raise a docs bug for this; it sounds like it would go well in > > our upcoming Planning Guide. But we'll need some clearer details first. What > > is the entropy requirement for the machine hosting RHV-M? > > Well, we don't have any exact value which is required for RHV, but according > to [1] values below 200 are too low, on my system I usually have the value > around 3000. > > > [1] https://major.io/2007/07/01/check-available-entropy-in-linux/ Thanks, Martin. Yaniv, Derek, do you agree with adding this recommendation (entropy value above 200) to the Planning Guide? (In reply to Lucy Bopf from comment #6) > > Thanks, Martin. > > Yaniv, Derek, do you agree with adding this recommendation (entropy value > above 200) to the Planning Guide? Yes, we should, but we will need a recommended path to resolve and generate more entropy. Martin, what are the steps to workaround this? So for the hosted engine VM this should be solved by BZ1413845 and this is much more regular use case (not having enough entropy inside VM). But most of the real hosts have enough entropy (at least I haven't heard of any real hosts entropy issues before this one). Usual solution to add entropy to the host is to install rngd (as mentioned in Comment 2) or install haveged [1]. Please bear in mind I'm not an expert in this area, so there may be other solutions. [1] https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged We also have an RFE [1] to have haveged added as a supported package - would love to have some PM magic added to this RFE :) [1] https://bugzilla.redhat.com/show_bug.cgi?id=1472853 Moving to Documentation. Assigning to Tahlia for review. Tahlia, we should provide the recommendation for entropy, and then link to the RHEL docs for adding entropy if needed. Reviewed and merged. |