Expose a hardware RNG device to Nova instances

Expose a hardware RNG device to Nova instancesΒΆ

Warning

This feature is available starting from the MCP 2019.2.3 maintenance update. Before enabling the feature, follow the steps described in Apply maintenance updates.

MCP enables you to define the path to an Random Number Generator (RNG) device that will be used as the source of entropy on the host. The default source of entropy is /dev/urandom. Other available options include /dev/random and /dev/hwrng.

The example structure of the RNG definition in the Nova pillar:

nova:
  controller:
    libvirt:
      rng_dev_path: /dev/random

  compute:
    libvirt:
      rng_dev_path: /dev/random

The procedure included in this section can be used for both existing and new MCP deployments.

To define the path to an RNG device:

  1. Log in to the Salt Master node.

  2. In classes/cluster/<cluster_name>/openstack/control.yml, define the rng_dev_path parameter for nova:contoroller:

    nova:
      controller:
        libvirt:
          rng_dev_path: /dev/random
    
  3. In classes/cluster/<cluster_name>/openstack/compute/init.yml, define the rng_dev_path parameter for nova:compute:

    nova:
      compute:
        libvirt:
          rng_dev_path: /dev/random
    
  4. Apply the changes:

    salt -C 'I@nova:controller' state.sls nova.controller
    salt -C 'I@nova:compute' state.sls nova.compute