Jump to: navigation, search

LibvirtVirtioRng

Revision as of 22:06, 20 January 2014 by Vladik Romanovsky (talk | contribs) (Created page with "= Libvirt: Random number generator device support in Nova = Virtio RNG id a paravirtual random number generator device, allows the host to inject entropy into guests, to fill ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Libvirt: Random number generator device support in Nova

Virtio RNG id a paravirtual random number generator device, allows the host to inject entropy into guests, to fill its entropy pool. /dev/random will be used as a default entropy source on the host, however, a physical HW RNG device could be configured as well.

Flavour configuration

To prevent a single guest from exhausting the host's entropy supply, administrators will have the ability to limit and/or disable the use of this device, using the flavours extra_spects fields. rng_enabled=True rng_rate_bytes - The allowed amount of bytes for the the guest to read from the host’s entropy rng_rate_period - Sets the duration of a read period.

Image properties

A request to enable the Virtio RNG device will be provided as an image metadata property. This is to allow for other hypervisors having their own choice of rng models. However, this request will be ignored in case the flavour disables the use of this device:


# glance image-update \
         --property hw_rng=virtio \
         [image]

Host configuration

HW RNG device could be configured via the nova.conf to override the default use of /dev/random, if the device is present on the host: libvirt_eng_device=/dev/hwrng