Merge "conf: libvirt: Make /dev/urandom the default for 'rng_dev_path'"

2018-06-29 07:18:49 +00:00 · 2018-06-29 07:18:49 +00:00 · b2760300b8
commit b2760300b8
parent 4c9f63463a 814bfd9372
4 changed files with 23 additions and 7 deletions
--- a/nova/conf/libvirt.py
+++ b/nova/conf/libvirt.py
@ -661,9 +661,19 @@ Possible cache modes:
  mode in production environments.
 """),
    cfg.StrOpt('rng_dev_path',
-               help='A path to a device that will be used as source of '
-                    'entropy on the host. Permitted options are: '
-                    '/dev/random or /dev/hwrng'),
+               default='/dev/urandom',
+               help="""
+The path to an RNG (Random Number Generator) device that will be used as
+the source of entropy on the host.  Since libvirt 1.3.4, any path (that
+returns random numbers when read) is accepted.  The recommended source
+of entropy is ``/dev/urandom`` -- it is non-blocking, therefore
+relatively fast; and avoids the limitations of ``/dev/random``, which is
+a legacy interface.  For more details (and comparision between different
+RNG sources), refer to the "Usage" section in the Linux kernel API
+documentation for ``[u]random``:
+http://man7.org/linux/man-pages/man4/urandom.4.html and
+http://man7.org/linux/man-pages/man7/random.7.html.
+"""),
    cfg.ListOpt('hw_machine_type',
                help='For qemu or KVM guests, set this option to specify '
                     'a default machine type per host architecture. '
--- a/nova/tests/unit/virt/libvirt/test_config.py
+++ b/nova/tests/unit/virt/libvirt/test_config.py
@ -3271,7 +3271,7 @@ class LibvirtConfigGuestRngTest(LibvirtConfigBaseTest):

    def test_config_rng_driver_with_rate(self):
        obj = config.LibvirtConfigGuestRng()
-        obj.backend = '/dev/random'
+        obj.backend = '/dev/urandom'
        obj.rate_period = '12'
        obj.rate_bytes = '34'

@ -3279,7 +3279,7 @@ class LibvirtConfigGuestRngTest(LibvirtConfigBaseTest):
        self.assertXmlEqual(xml, """
 <rng model='virtio'>
    <rate period='12' bytes='34'/>
-    <backend model='random'>/dev/random</backend>
+    <backend model='random'>/dev/urandom</backend>
 </rng>""")


--- a/nova/tests/unit/virt/libvirt/test_driver.py
+++ b/nova/tests/unit/virt/libvirt/test_driver.py
@ -5369,7 +5369,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
                              vconfig.LibvirtConfigMemoryBalloon)

        self.assertEqual(cfg.devices[6].model, 'random')
-        self.assertIsNone(cfg.devices[6].backend)
+        self.assertEqual(cfg.devices[6].backend, '/dev/urandom')
        self.assertIsNone(cfg.devices[6].rate_bytes)
        self.assertIsNone(cfg.devices[6].rate_period)

@ -5443,7 +5443,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
                            vconfig.LibvirtConfigMemoryBalloon)

        self.assertEqual(cfg.devices[6].model, 'random')
-        self.assertIsNone(cfg.devices[6].backend)
+        self.assertEqual(cfg.devices[6].backend, '/dev/urandom')
        self.assertEqual(cfg.devices[6].rate_bytes, 1024)
        self.assertEqual(cfg.devices[6].rate_period, 2)

--- a/releasenotes/notes/urandom-as-default-for-rng_dev_path-150a76b0ea74cbc2.yaml
+++ b/releasenotes/notes/urandom-as-default-for-rng_dev_path-150a76b0ea74cbc2.yaml
@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The default value of the configuration attribute
+    ``[libvirt]/rng_dev_path`` is now set to ``/dev/urandom``.  Refer to
+    the documentation of ``rng_dev_path`` for details.