conf: libvirt: Make `/dev/urandom` the default for 'rng_dev_path'

Since libvirt 1.3.4, any RNG (Random Number Generator) device path (that
returns random numbers when read!) is accepted.  However, the
recommended source of entropy is `/dev/urandom` (it is non-blocking; and
doesn't have the same limitations of `dev/random`, which is a legacy
interface).

Therefore, make `/dev/urandom` the default RNG for 'rng_dev_path' config
attribute; adjust the relevant tests.  Also update the documention to
reflect this change.

Change-Id: Ia39402a045ffb1943463b5741655d84071613e8c
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
Reported-by: Daniel P. Berrangé <berrange@redhat.com>

nova/conf/libvirt.py

@@ -661,9 +661,19 @@ Possible cache modes:
   mode in production environments.
 """),
     cfg.StrOpt('rng_dev_path',
-               help='A path to a device that will be used as source of '
-                    'entropy on the host. Permitted options are: '
-                    '/dev/random or /dev/hwrng'),
+               default='/dev/urandom',
+               help="""
+The path to an RNG (Random Number Generator) device that will be used as
+the source of entropy on the host.  Since libvirt 1.3.4, any path (that
+returns random numbers when read) is accepted.  The recommended source
+of entropy is ``/dev/urandom`` -- it is non-blocking, therefore
+relatively fast; and avoids the limitations of ``/dev/random``, which is
+a legacy interface.  For more details (and comparision between different
+RNG sources), refer to the "Usage" section in the Linux kernel API
+documentation for ``[u]random``:
+http://man7.org/linux/man-pages/man4/urandom.4.html and
+http://man7.org/linux/man-pages/man7/random.7.html.
+"""),
     cfg.ListOpt('hw_machine_type',
                 help='For qemu or KVM guests, set this option to specify '
                      'a default machine type per host architecture. '

nova/tests/unit/virt/libvirt/test_config.py

@@ -3271,7 +3271,7 @@ class LibvirtConfigGuestRngTest(LibvirtConfigBaseTest):
 
     def test_config_rng_driver_with_rate(self):
         obj = config.LibvirtConfigGuestRng()
-        obj.backend = '/dev/random'
+        obj.backend = '/dev/urandom'
         obj.rate_period = '12'
         obj.rate_bytes = '34'
 
@@ -3279,7 +3279,7 @@ class LibvirtConfigGuestRngTest(LibvirtConfigBaseTest):
         self.assertXmlEqual(xml, """
 <rng model='virtio'>
     <rate period='12' bytes='34'/>
-    <backend model='random'>/dev/random</backend>
+    <backend model='random'>/dev/urandom</backend>
 </rng>""")
 
 

nova/tests/unit/virt/libvirt/test_driver.py

@@ -5348,7 +5348,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
                               vconfig.LibvirtConfigMemoryBalloon)
 
         self.assertEqual(cfg.devices[6].model, 'random')
-        self.assertIsNone(cfg.devices[6].backend)
+        self.assertEqual(cfg.devices[6].backend, '/dev/urandom')
         self.assertIsNone(cfg.devices[6].rate_bytes)
         self.assertIsNone(cfg.devices[6].rate_period)
 
@@ -5422,7 +5422,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
                             vconfig.LibvirtConfigMemoryBalloon)
 
         self.assertEqual(cfg.devices[6].model, 'random')
-        self.assertIsNone(cfg.devices[6].backend)
+        self.assertEqual(cfg.devices[6].backend, '/dev/urandom')
         self.assertEqual(cfg.devices[6].rate_bytes, 1024)
         self.assertEqual(cfg.devices[6].rate_period, 2)
 

releasenotes/notes/urandom-as-default-for-rng_dev_path-150a76b0ea74cbc2.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The default value of the configuration attribute
+    ``[libvirt]/rng_dev_path`` is now set to ``/dev/urandom``.  Refer to
+    the documentation of ``rng_dev_path`` for details.