Uploaded image for project: 'Bigtop'
  1. Bigtop
  2. BIGTOP-1347

Support better entropy performance on vagrant VMs

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 0.7.0
    • Fix Version/s: 0.8.0
    • Component/s: deployment
    • Labels:
      None

      Description

      Currently the vagrant-puppet deployment use Virtualbox as VM provider. The visualized hardware in Virtualbox does not have good performance on entropy generation since such randomness often collected from hardware sources.
      The poor entropy performance directly impact the use in cryptography or use that required random data, which in our case is kerberos. In order to test our code snipes for real world usage instead of suffering on virtual machines, we can improve the entropy performance on VMs using rng-tools when provisioning those test VMs.

        Issue Links

          Activity

          Hide
          rvs Roman Shaposhnik added a comment -

          +1. jay vyas any chance you can test this with the other vagrant patch and commit both? Would be very much appreciated!

          Show
          rvs Roman Shaposhnik added a comment - +1. jay vyas any chance you can test this with the other vagrant patch and commit both? Would be very much appreciated!
          Hide
          jayunit100 jay vyas added a comment -

          Yup ! I'll do both the vagrant patches.

          Show
          jayunit100 jay vyas added a comment - Yup ! I'll do both the vagrant patches.
          Hide
          jayunit100 jay vyas added a comment -

          Commited ! Thanks Evans Ye – on to the next vagrant (kerberos) patch .

          Show
          jayunit100 jay vyas added a comment - Commited ! Thanks Evans Ye – on to the next vagrant (kerberos) patch .
          Hide
          jeid Julien Eid added a comment -

          Copying here, accidentally sent an email to dev instead of commenting on the ticket.

          I'm confused by the inclusion of rng-tools into the Vagrant VM. Is your intent to expose the hardware RNG on the host machine to the VM and use rng-tools daemon to seed the entropy pool using that hardware RNG from the host?

          If your hypervisor doesn't support passthorugh of a hardware RNG or your server doesn't have one, you can use http://www.issihosts.com/haveged/ to generate entropy to be used in VM's.

          Show
          jeid Julien Eid added a comment - Copying here, accidentally sent an email to dev instead of commenting on the ticket. I'm confused by the inclusion of rng-tools into the Vagrant VM. Is your intent to expose the hardware RNG on the host machine to the VM and use rng-tools daemon to seed the entropy pool using that hardware RNG from the host? If your hypervisor doesn't support passthorugh of a hardware RNG or your server doesn't have one, you can use http://www.issihosts.com/haveged/ to generate entropy to be used in VM's.
          Hide
          evans_ye Evans Ye added a comment -

          Hi Julien Eid, actually haveged is the first tool I tried to solve this and it also works well during my test.
          But after doing some investigation I found that rng-tools have less setup steps and is more common than haveged, for example, rng-tools is built-in in our default vagrant box.
          Since the intention of this Jira is to move the blocking rock out of the road when we're going to test our puppet recipes or providing a sample hadoop environment. So I would say that keeping things simpler is better.
          Another thought in my mind is that the we don't know when will the download link of haveged out of available in the future, and since haveged is in GPL license, we probably can not store it as one of our provisioning library.
          Please feel free to correct me if I get anything wrong

          Show
          evans_ye Evans Ye added a comment - Hi Julien Eid , actually haveged is the first tool I tried to solve this and it also works well during my test. But after doing some investigation I found that rng-tools have less setup steps and is more common than haveged, for example, rng-tools is built-in in our default vagrant box. Since the intention of this Jira is to move the blocking rock out of the road when we're going to test our puppet recipes or providing a sample hadoop environment. So I would say that keeping things simpler is better. Another thought in my mind is that the we don't know when will the download link of haveged out of available in the future, and since haveged is in GPL license, we probably can not store it as one of our provisioning library. Please feel free to correct me if I get anything wrong

            People

            • Assignee:
              evans_ye Evans Ye
              Reporter:
              evans_ye Evans Ye
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development