Sam Hartman wrote:
"Marco" == Marco d'Itri <md@Linux.IT> writes:Marco> online. Is it enough to feed the host side of virtio-rng Marco> with /dev/random or should everybody who has virtual machines Marco> also install rngd in the host? Is rngd to be preferred to Marco> haveged? I'd also like to point out that virtio-rng is only a solution for kvm. I recently discovered that Vmware appears to have no virtual RNG available to the guest at all. A buster vmware guest will boot but will be unable to start sshd because of lack of entropy for typically five minutes or so. A lot of stuff breaks in that configuration. virtio-rng doesn't help at all. You can claim that Vmware is broken all you want, but a lot of people us it, and we really should produce an operating system that you can ssh into when you boot a bunch of instances in a virtual environment.
Another data point: there exist high-profile KVM-based cloud providers that don't give their customers a virtio RNG device in the guest. One particular example is AliYun, also known as Alibaba Cloud. Note that in some locations they provide Xen, not KVM, instances, so try Shanghai if you want to confirm my statement.
-- Alexander E. Patrakov
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature