Web lists-archives.com

Re: Re: Handling of entropy during boot




Sam Hartman wrote:

"Marco" == Marco d'Itri <md@xxxxxxxx> writes:

    Marco> online.  Is it enough to feed the host side of virtio-rng
    Marco> with /dev/random or should everybody who has virtual machines
    Marco> also install rngd in the host?  Is rngd to be preferred to
    Marco> haveged?

I'd also like to point out that virtio-rng is only a solution for kvm.
I recently discovered that Vmware appears to have no virtual RNG
available to the guest at all.

A buster vmware guest will boot but will be unable to start sshd because
of lack of entropy for typically five minutes or so.
A lot of stuff breaks in that configuration.
virtio-rng doesn't help at all.

You can claim that Vmware is broken all you want, but a lot of people us
it, and we really should produce an operating system that  you can ssh
into when you boot a bunch of instances in a virtual environment.

Another data point: there exist high-profile KVM-based cloud providers that don't give their customers a virtio RNG device in the guest. One particular example is AliYun, also known as Alibaba Cloud. Note that in some locations they provide Xen, not KVM, instances, so try Shanghai if you want to confirm my statement.

--
Alexander E. Patrakov

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature