Difference between revisions of "LibvirtVirtioRng"
(→Host configuration) |
m (→Image properties: hw_rng is not used anywhere in nova code, modify to hw_rng_model) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
= Random number generator device = | = Random number generator device = | ||
| − | Virtio RNG is a paravirtual random number generator device, allows the host to inject entropy into guests, to fill its entropy pool. /dev/random will be used as a default entropy source on the host, however, a physical HW RNG device could be configured as well. | + | Virtio RNG is a paravirtual random number generator device, allows the host to inject entropy into guests, in order to fill its entropy pool. /dev/random will be used as a default entropy source on the host, however, a physical HW RNG device could be configured as well. |
== Flavour configuration == | == Flavour configuration == | ||
To prevent a single guest from exhausting the host's entropy supply, administrators will have the ability to limit and/or disable the use of this device, using the flavours extra_spects fields. | To prevent a single guest from exhausting the host's entropy supply, administrators will have the ability to limit and/or disable the use of this device, using the flavours extra_spects fields. | ||
| − | : | + | :hw_rng:allowed=True |
| − | : | + | :hw_rng:rate_bytes - The allowed amount of bytes for the the guest to read from the host’s entropy per period. |
| − | : | + | :hw_rng:rate_period - Sets the duration of a read period in seconds. |
== Image properties == | == Image properties == | ||
| Line 16: | Line 16: | ||
<pre><nowiki> | <pre><nowiki> | ||
# glance image-update \ | # glance image-update \ | ||
| − | --property | + | --property hw_rng_model=virtio \ |
[image] | [image] | ||
</nowiki></pre> | </nowiki></pre> | ||
| Line 23: | Line 23: | ||
HW RNG device could be configured in the Nova configuration file on a given host (nova.conf) to override the default use of /dev/random, | HW RNG device could be configured in the Nova configuration file on a given host (nova.conf) to override the default use of /dev/random, | ||
if the device is present on the host: | if the device is present on the host: | ||
| − | : | + | :[libvirt] |
| + | :rng_dev_path=/dev/hwrng | ||
Latest revision as of 16:56, 8 January 2017
Contents
Random number generator device
Virtio RNG is a paravirtual random number generator device, allows the host to inject entropy into guests, in order to fill its entropy pool. /dev/random will be used as a default entropy source on the host, however, a physical HW RNG device could be configured as well.
Flavour configuration
To prevent a single guest from exhausting the host's entropy supply, administrators will have the ability to limit and/or disable the use of this device, using the flavours extra_spects fields.
- hw_rng:allowed=True
- hw_rng:rate_bytes - The allowed amount of bytes for the the guest to read from the host’s entropy per period.
- hw_rng:rate_period - Sets the duration of a read period in seconds.
Image properties
A request to enable the Virtio RNG device will be provided as an image metadata property. This is to allow for other hypervisors having their own choice of rng models. However, this request will be ignored in case the flavour disables the use of this device:
# glance image-update \
--property hw_rng_model=virtio \
[image]
Host configuration
HW RNG device could be configured in the Nova configuration file on a given host (nova.conf) to override the default use of /dev/random, if the device is present on the host:
- [libvirt]
- rng_dev_path=/dev/hwrng
