Added the ability to configuring the path to an RNG device
Unhardcode settings related to rng devices in nova formula.
The path to an RNG (Random Number Generator) device that will be used
as the source of entropy on the host.
Change-Id: Ifaa71e8bc986143004d0f97298d53b290721f4e8
Related-Prod: PROD-26873 (PROD:26873)
(cherry picked from commit d90200853918667aea4620f38b4d0b71bf2db90a)
diff --git a/README.rst b/README.rst
index 8eaa2e2..f89e590 100644
--- a/README.rst
+++ b/README.rst
@@ -718,6 +718,26 @@
libvirt:
cpu_model: IvyBridge
+RNG (Random Number Generator) device path
+----------------------
+
+The path to an RNG (Random Number Generator) device that will be used
+as the source of entropy on the host.
+The recommended source of entropy is /dev/urandom.
+Permitted options are: /dev/random, /dev/urandom or /dev/hwrng.
+Default: /dev/urandom
+
+.. code-block:: yaml
+
+ nova:
+ controller:
+ libvirt:
+ rng_dev_path: /dev/random
+
+ compute:
+ libvirt:
+ rng_dev_path: /dev/random
+
Nova compute workarounds
------------------------
diff --git a/nova/compute.sls b/nova/compute.sls
index 6103c14..697ac1e 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls
@@ -586,4 +586,23 @@
- name: 'systemd-tmpfiles --create'
{%- endif %}
+{%- if compute.get('libvirt', {}).rng_dev_path is defined and compute.libvirt.rng_dev_path == '/dev/hwrng' %}
+create_hwrng_udev_rule_compute:
+ file.managed:
+ - name: /etc/udev/rules.d/90-hwrng.rules
+ - source: salt://nova/files/90-hwrng.rules
+ - user: root
+ - group: root
+ - mode: 0644
+ - onlyif: test -c /dev/hwrng
+
+trigger_hwrng_udev_compute:
+ cmd.run:
+ - name: udevadm trigger /dev/hwrng
+ - onchanges:
+ - file: /etc/udev/rules.d/90-hwrng.rules
+
+{%- endif %}
+
+
{%- endif %}
diff --git a/nova/controller.sls b/nova/controller.sls
index 68a9bb4..2b0a669 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -486,4 +486,23 @@
{%- endif %}
+{%- if controller.get('libvirt', {}).rng_dev_path is defined and controller.libvirt.rng_dev_path == '/dev/hwrng' %}
+create_hwrng_udev_rule_controller:
+ file.managed:
+ - name: /etc/udev/rules.d/90-hwrng.rules
+ - source: salt://nova/files/90-hwrng.rules
+ - user: root
+ - group: root
+ - mode: 0644
+ - onlyif: test -c /dev/hwrng
+
+trigger_hwrng_udev_controller:
+ cmd.run:
+ - name: udevadm trigger /dev/hwrng
+ - onchanges:
+ - file: /etc/udev/rules.d/90-hwrng.rules
+
+{%- endif %}
+
+
{%- endif %}
diff --git a/nova/files/90-hwrng.rules b/nova/files/90-hwrng.rules
new file mode 100644
index 0000000..b817b2b
--- /dev/null
+++ b/nova/files/90-hwrng.rules
@@ -0,0 +1,2 @@
+SUBSYSTEM=="misc", KERNEL=="hw_random", NAME="hwrng", GROUP="kvm", MODE="0660"
+
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index 67bb430..057359d 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -6550,6 +6550,9 @@
# A path to a device that will be used as source of entropy on the host.
# Permitted options are: /dev/random or /dev/hwrng (string value)
#rng_dev_path=<None>
+{%- if compute.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ compute.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index a61c236..3a4a725 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -6525,6 +6525,9 @@
# A path to a device that will be used as source of entropy on the host.
# Permitted options are: /dev/random or /dev/hwrng (string value)
#rng_dev_path=<None>
+{%- if controller.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ controller.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine type per
# host architecture. You can find a list of supported machine types in your
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index 54dfd87..fde4786 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -7144,6 +7144,9 @@
# host. Permitted options are: /dev/random or /dev/hwrng (string
# value)
#rng_dev_path = <None>
+{%- if compute.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ compute.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine
# type per host architecture. You can find a list of supported machine
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index fbf978b..8f8a1ce 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -6991,6 +6991,9 @@
# host. Permitted options are: /dev/random or /dev/hwrng (string
# value)
#rng_dev_path = <None>
+{%- if controller.get('libvirt', {}).rng_dev_path is defined %}
+rng_dev_path={{ controller.libvirt.rng_dev_path }}
+{%- endif %}
# For qemu or KVM guests, set this option to specify a default machine
# type per host architecture. You can find a list of supported machine