from hak on slack 2022.01.05

pages/rng-on-ganeti.md

@@ -0,0 +1,39 @@
+# Hardware RNG into a Ganeti Instance
+
+On ganeti node:
+
+    gnt-instance modify -H kvm_extra="-device virtio-rng" foo.rg.net
+
+You'll need to activate the change by restarting the hypervisor from
+ganeti cli: gnt-instance stop foo && gnt-instance start foo
+
+Inside foo.rg.net:
+
+    apt install rng-tools
+
+That creates /dev/hwrng which is the KVM pass-thru for virtio-rng.
+
+    systemctl status rng-tools.service
+
+     rng-tools.service - Add entropy to /dev/random 's pool a hardware RNG
+     Loaded: loaded (/lib/systemd/system/rng-tools.service; enabled; vendor preset: enabled)
+     Active: active (running) since Thu 2022-01-06 03:42:52 UTC; 59s ago
+   Main PID: 909 (rngd)
+      Tasks: 1 (limit: 2274)
+     Memory: 188.0K
+     CGroup: /system.slice/rng-tools.service
+             └─909 /usr/sbin/rngd -r /dev/hwrng -f
+
+Note the last line that shows rng-tools found /dev/hwrng.
+
+N.B.: I haven't run rngtest or done any other test atm to check the
+randomness, but it seems to work.
+
+If you want to do this for all guests, you can do 'gnt-cluster modify'
+instead and set kvm_extra there.
+
+    gnt-cluster modify -H kvm:kvm_extra="-device virtio-rng"
+
+I just wanted to demo how to do this for a single guest.
+
+tada!