+++ This bug was initially created as a clone of Bug #1347669 +++ Description of problem: /dev/urandom is perfectly fine source of randomness once seeded (see bug 1074464#c13 for discussion and references) and from 7.3 on, libvirt won't refuse it as a source of randomness (see blocking bugs). oVirt/RHEV should therefore enable it as a backend for virtio-rng from 4.1 on at latest. Version-Release number of selected component (if applicable): 4.0 How reproducible: always Steps to Reproduce: 1. try to use /dev/urandom as a randomnes source in Edit VM -> Random generator 2. 3. Actual results: only /dev/random and /dev/hwrng are available Expected results: /dev/urandom is available to choose as well Additional info: --- Additional consideration for ovirt-engine Currently, VDSM can report up to 2 sources: random and hwrng. New source cannot be added due to 1374216, therefore current implementation of VDSM doesn't report new source but changes semantics of "random" source. The semantics are now as follows: "random" RNG source means support of "random" and "urandom" sources "urandom" is the source engine should send to VDSM when "random" checkbox is ticked.
Bug tickets must have version flags set prior to targeting them to a release. Please ask maintainer to set the correct version flags and only then set the target milestone.
I'm missing something here. Wouldn't it make more sense to do a simple change in VDSM only - if it's supported, use 'urandom'. Otherwise, use 'random'. Why do we need Engine changes, for example?
IIUIC the problem with such vdsm only change might be that user will not be able to find out what RNG source is actually used. The UI would always show 'random'. Plus it would introduce an inconsistency between VM descriptor that is being send on VM startup from engine to vdsm and the actual VM configuration. And both 'random' and 'urandom' are present on almost all linux systems so it would also mean that after upgrade 4.0 -> 4.1 even VMs in 4.0 clusters will get 'urandom' (despite expecting 'random').
(In reply to jniederm from comment #3) > IIUIC the problem with such vdsm only change might be that user will not be > able to find out what RNG source is actually used. The UI would always show > 'random'. Plus it would introduce an inconsistency between VM descriptor > that is being send on VM startup from engine to vdsm and the actual VM > configuration. > And both 'random' and 'urandom' are present on almost all linux systems so > it would also mean that after upgrade 4.0 -> 4.1 even VMs in 4.0 clusters > will get 'urandom' (despite expecting 'random'). Understood - but keep in mind that it's a libvirt issue of not supporting 'urandom' - until 7.3. You need to make sure that all hosts support it (for migration, for example). I thought the best path would have been to hide this detail from everyone as much as possible.
This is now failing CI: http://jenkins.ovirt.org/view/experimental%20jobs/job/test-repo_ovirt_experimental_master/3562/\ While running log-collector, this error shows: ERROR: _get_hypervisors_from_api: urandom is not a valid RngSource
The fix for this issue should be included in oVirt 4.1.0 beta 1 released on December 1st. If not included please move back to modified.
*** Bug 1347271 has been marked as a duplicate of this bug. ***
Verification builds: ovirt-engine-4.1.1.3-0.1.el7 vdsm-4.19.7-1.el7ev.x86_64 libvirt-client-2.0.0-10.el7_3.5.x86_64 qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64 sanlock-3.4.0-1.el7.x86_64
Removing the doc text and setting requires_doc_text to '-', as this change is already described in bug 1337101.