Merge "Added the ability to configuring the path to an RNG device" into release/2019.2.0
diff --git a/README.rst b/README.rst
index 8eaa2e2..f89e590 100644
--- a/README.rst
+++ b/README.rst
@@ -718,6 +718,26 @@
libvirt:
cpu_model: IvyBridge
+RNG (Random Number Generator) device path
+----------------------
+
+The path to an RNG (Random Number Generator) device that will be used
+as the source of entropy on the host.
+The recommended source of entropy is /dev/urandom.
+Permitted options are: /dev/random, /dev/urandom or /dev/hwrng.
+Default: /dev/urandom
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ libvirt:
+ rng_dev_path: /dev/random
+
+ compute:
+ libvirt:
+ rng_dev_path: /dev/random
+
Nova compute workarounds
------------------------
diff --git a/nova/compute.sls b/nova/compute.sls
index 6103c14..697ac1e 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls
@@ -586,4 +586,23 @@
- name: 'systemd-tmpfiles --create'
{%- endif %}
+{%- if compute.get('libvirt', {}).rng_dev_path is defined and compute.libvirt.rng_dev_path == '/dev/hwrng' %}
+create_hwrng_udev_rule_compute:
+ file.managed:
+ - name: /etc/udev/rules.d/90-hwrng.rules
+ - source: salt://nova/files/90-hwrng.rules
+ - user: root
+ - group: root
+ - mode: 0644
+ - onlyif: test -c /dev/hwrng
+
+trigger_hwrng_udev_compute:
+ cmd.run:
+ - name: udevadm trigger /dev/hwrng
+ - onchanges:
+ - file: /etc/udev/rules.d/90-hwrng.rules
+
+{%- endif %}
+
+
{%- endif %}
diff --git a/nova/controller.sls b/nova/controller.sls
index 68a9bb4..2b0a669 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -486,4 +486,23 @@
{%- endif %}
+{%- if controller.get('libvirt', {}).rng_dev_path is defined and controller.libvirt.rng_dev_path == '/dev/hwrng' %}
+create_hwrng_udev_rule_controller:
+ file.managed:
+ - name: /etc/udev/rules.d/90-hwrng.rules
+ - source: salt://nova/files/90-hwrng.rules
+ - user: root
+ - group: root
+ - mode: 0644
+ - onlyif: test -c /dev/hwrng
+
+trigger_hwrng_udev_controller:
+ cmd.run:
+ - name: udevadm trigger /dev/hwrng
+ - onchanges:
+ - file: /etc/udev/rules.d/90-hwrng.rules
+
+{%- endif %}
+
+
{%- endif %}
diff --git a/nova/files/90-hwrng.rules b/nova/files/90-hwrng.rules
new file mode 100644
index 0000000..b817b2b
--- /dev/null
+++ b/nova/files/90-hwrng.rules
@@ -0,0 +1,2 @@
+SUBSYSTEM=="misc", KERNEL=="hw_random", NAME="hwrng", GROUP="kvm", MODE="0660"
+
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index b76fd4b..fdc531d 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -6554,6 +6554,9 @@
# A path to a device that will be used as source of entropy on the host.
# Permitted options are: /dev/random or /dev/hwrng (string value)
#rng_dev_path=<None>
+{%- if compute.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ compute.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index a61c236..3a4a725 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -6525,6 +6525,9 @@
# A path to a device that will be used as source of entropy on the host.
# Permitted options are: /dev/random or /dev/hwrng (string value)
#rng_dev_path=<None>
+{%- if controller.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ controller.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index e71d7b4..22ba3f3 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -7148,6 +7148,9 @@
# host. Permitted options are: /dev/random or /dev/hwrng (string
# value)
#rng_dev_path = <None>
+{%- if compute.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ compute.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine
# type per host architecture. You can find a list of supported machine
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index 9ee396e..7ccaf52 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -6995,6 +6995,9 @@
# host. Permitted options are: /dev/random or /dev/hwrng (string
# value)
#rng_dev_path = <None>
+{%- if controller.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ controller.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine
# type per host architecture. You can find a list of supported machine