[Freeipa-devel] Entropy aka ipa-server-install failed
Alexander Bokovoy
abokovoy at redhat.com
Fri Feb 28 11:09:23 UTC 2014
On Fri, 28 Feb 2014, Sumit Bose wrote:
>Hi,
>
>I just tried to install FreeIPA on a fresh F20 VM and
>'ipa-server-install --setup-dns' failed to start FreeIPA finally after
>everything was configured.
>
>The reason was that starting named timed out because
>generate-rndc-key.sh was basically blocking because there was no entropy
>for /dev/random left to generate a proper key. I wonder if it would make
>sense to call generate-rndc-key.sh during ipa-server-install if
>--setup-dns is given to avoid this.
Let the administrators solve this problem for their VMs. Qemu provides
virtualization for RNG already that allows you to push entropy from the
host system where you can use hardware generators like in new Intel
systems.
For example, I'm using following hook in oVirt to provide entropy for
my virtual machines:
$ cat /usr/libexec/vdsm/hooks/before_vm_start/99_hwrng
#!/usr/bin/python
import os
import sys
import traceback
import hooking
if True:
try:
domxml = hooking.read_domxml()
domain = domxml.getElementsByTagName('devices')[0]
# Add hugepages to libvirt xml
hwrng = domxml.createElement('rng')
hwrng.setAttribute('model', 'virtio')
rate = domxml.createElement('rate')
rate.setAttribute('period', '8192')
rate.setAttribute('bytes', '8192')
hwrng.appendChild(rate)
backend = domxml.createElement('backend')
backend.setAttribute('model', 'random')
hwrng.appendChild(backend)
domain.appendChild(hwrng)
hooking.write_domxml(domxml)
except:
sys.stderr.write('rng: [unexpected error]: %s\n' %
traceback.format_exc())
sys.exit(2)
See http://wiki.qemu-project.org/Features/VirtIORNG and
http://libvirt.org/formatdomain.html#elementsRng
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list