Merge "Added the ability to configuring the path to an RNG device"
diff --git a/README.rst b/README.rst
index 147f12a..7bb9581 100644
--- a/README.rst
+++ b/README.rst
@@ -751,6 +751,26 @@
libvirt:
cpu_model: IvyBridge
+RNG (Random Number Generator) device path
+----------------------
+
+The path to an RNG (Random Number Generator) device that will be used
+as the source of entropy on the host.
+The recommended source of entropy is /dev/urandom.
+Permitted options are: /dev/random, /dev/urandom or /dev/hwrng.
+Default: /dev/urandom
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ libvirt:
+ rng_dev_path: /dev/random
+
+ compute:
+ libvirt:
+ rng_dev_path: /dev/random
+
Nova compute workarounds
------------------------
diff --git a/nova/compute.sls b/nova/compute.sls
index 2bce682..fb622c2 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls
@@ -606,4 +606,23 @@
- name: 'systemd-tmpfiles --create'
{%- endif %}
+{%- if compute.get('libvirt', {}).rng_dev_path is defined and compute.libvirt.rng_dev_path == '/dev/hwrng' %}
+create_hwrng_udev_rule_compute:
+ file.managed:
+ - name: /etc/udev/rules.d/90-hwrng.rules
+ - source: salt://nova/files/90-hwrng.rules
+ - user: root
+ - group: root
+ - mode: 0644
+ - onlyif: test -c /dev/hwrng
+
+trigger_hwrng_udev_compute:
+ cmd.run:
+ - name: udevadm trigger /dev/hwrng
+ - onchanges:
+ - file: /etc/udev/rules.d/90-hwrng.rules
+
+{%- endif %}
+
+
{%- endif %}
diff --git a/nova/controller.sls b/nova/controller.sls
index 6e9a4cb..013f40d 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -487,4 +487,23 @@
{%- endif %}
-{%- endif %}
\ No newline at end of file
+{%- if controller.get('libvirt', {}).rng_dev_path is defined and controller.libvirt.rng_dev_path == '/dev/hwrng' %}
+create_hwrng_udev_rule_controller:
+ file.managed:
+ - name: /etc/udev/rules.d/90-hwrng.rules
+ - source: salt://nova/files/90-hwrng.rules
+ - user: root
+ - group: root
+ - mode: 0644
+ - onlyif: test -c /dev/hwrng
+
+trigger_hwrng_udev_controller:
+ cmd.run:
+ - name: udevadm trigger /dev/hwrng
+ - onchanges:
+ - file: /etc/udev/rules.d/90-hwrng.rules
+
+{%- endif %}
+
+
+{%- endif %}
diff --git a/nova/files/90-hwrng.rules b/nova/files/90-hwrng.rules
new file mode 100644
index 0000000..b817b2b
--- /dev/null
+++ b/nova/files/90-hwrng.rules
@@ -0,0 +1,2 @@
+SUBSYSTEM=="misc", KERNEL=="hw_random", NAME="hwrng", GROUP="kvm", MODE="0660"
+
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index f4c233e..3b6166e 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -6558,6 +6558,9 @@
# A path to a device that will be used as source of entropy on the host.
# Permitted options are: /dev/random or /dev/hwrng (string value)
#rng_dev_path=<None>
+{%- if compute.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ compute.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index 29a99c1..4fe70a6 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -6529,6 +6529,9 @@
# A path to a device that will be used as source of entropy on the host.
# Permitted options are: /dev/random or /dev/hwrng (string value)
#rng_dev_path=<None>
+{%- if controller.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ controller.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index 631d0a2..fe57510 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -7069,6 +7069,9 @@
# host. Permitted options are: /dev/random or /dev/hwrng (string
# value)
#rng_dev_path = <None>
+{%- if compute.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ compute.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine
# type per host architecture. You can find a list of supported machine
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index bf97955..23b22df 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -6922,6 +6922,9 @@
# host. Permitted options are: /dev/random or /dev/hwrng (string
# value)
#rng_dev_path = <None>
+{%- if controller.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ controller.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine
# type per host architecture. You can find a list of supported machine
diff --git a/nova/files/rocky/nova-compute.conf.Debian b/nova/files/rocky/nova-compute.conf.Debian
index b7cd838..3ea1db1 100644
--- a/nova/files/rocky/nova-compute.conf.Debian
+++ b/nova/files/rocky/nova-compute.conf.Debian
@@ -6247,6 +6247,9 @@
# http://man7.org/linux/man-pages/man7/random.7.html.
# (string value)
#rng_dev_path = /dev/urandom
+{%- if compute.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ compute.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your
diff --git a/nova/files/rocky/nova-controller.conf.Debian b/nova/files/rocky/nova-controller.conf.Debian
index 52efddd..8eead70 100644
--- a/nova/files/rocky/nova-controller.conf.Debian
+++ b/nova/files/rocky/nova-controller.conf.Debian
@@ -5997,6 +5997,9 @@
# http://man7.org/linux/man-pages/man7/random.7.html.
# (string value)
#rng_dev_path = /dev/urandom
+{%- if controller.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ controller.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your