I’ve written previously about random numbers in virtual machines. KVM still remains the only hypervisor to offer an RNG device to guests.
Quite a lot of exciting changes have landed in the upstream Linux kernel since that last post. I have written an article in the RHEL blog about it: Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy.
That articles talks about the improvements in the recent RHEL 7.1 release. In upstream terms, all the changes written about have landed in kernel 3.17; so Fedora 21 out-of-the-box, and Fedora 20 after updates, have benefited from the additions.
All the benefits listed in the article apply to all Linux guest VMs running under KVM if they have the virtio-rng device enabled, and run kernel 3.17+ in the guest.
When the call for bids for FUDCon APAC 2015 was put out, a few of us huddled together to discuss a bid from India. We had already organised a successful FUDCon in Pune in 2011, so our initial conversations were around which city to host it in. Pune won again, just because the number of volunteers available in Pune are more than any other place in India, and Pune has several technical colleges, which makes hosting the event at one of them easier.
This time around, we’re proposing to host the FUDCon at the MITCOE campus, more details in the bid page.
Continue reading Pune Bidding Again for FUDCon APAC!
I spoke at the CentOS Dojo in Pune yesterday on new features available in CentOS release 7.0 since the 6 release. Slides are available here: What’s New in Virtualization. The event was organized by the Pune GNU/Linux Users Group (PLUG) for the CentOS project.
Continue reading My talk at the CentOS Dojo Pune 2014
It’s been a couple of weeks that I’ve returned from Düsseldorf, Germany, after attending the seventh KVM Forum; an event where developers and users of the Linux virtualization technology gather to discuss the state of the hypervisor and tools around it, and brainstorm on future plans. As with the previous few years, the event was co-located with LinuxCon Europe.
A few observations from the event, in random order:
Continue reading KVM Forum 2014
The 2014 edition of KVM Forum is less than a week away. The schedule of the talks is available at this location. Use this link to add the schedule to your calendar. A few slides have already been uploaded for some of the talks.
As with last year, we’ll live-stream and record all talks, keep an eye on the wiki page for details.
One notable observation about the schedule is that it’s much relaxed from the last few years, and there are far fewer talks in parallel this time around. There’s a lot of time for interaction / networking / socializing. If you’re in Dusseldorf next week, please come by and say ‘hello!’
I participated in the OpenStack Meetup at the Red Hat Pune office a few weekends ago. I have been too caught up on the lower-level KVM/QEMU layers of the virt stack, and know there aren’t too many people involved in those layers in Pune (or even India); and was curious to learn more about OpenStack and also find out more about the OpenStack community in Pune. The event was on a Saturday, which means sacrificing one day of rest and relaxation – but I went along because curiousity got the better of me.
This was a small, informal event where we had a few talks and several hallway discussions. Praveen has already blogged about his experiences, here are my notes about the meetup.
Continue reading OpenStack Pune Meetup
The KVM Forums are a great way to learn and talk about the future of KVM virtualization. The KVM Forum has been co-located with the Linux Foundation’s LinuxCon events for the past several years, and this year too will be held along with LinuxCon EU in Dusseldorf, Germany.
The KVM Forums also are a great documentation resource on several features, and the slides and videos from the past KVM Forums are freely available online. This year’s Forum will be no different, and we’ll have all the material on the KVM wiki.
For a long time various people have been telling me there’s not much information on the low-level / plumbing details of the virt stack on Linux. Especially information related to qemu and its various settings, devices, and so on.
Documentation surely is difficult to come by, but a quick and straightforward solution is to syndicate all of the blog posts that people doing virt development write into a common stream: a planet virt. I started hosting and testing such an instance on openshift, but was quickly pointed to the existing Virt Tools Planet by Rich Jones and Dan Berrange. Dan added the list of people whose blogs I followed for virt development to that instance.
I updated the KVM and QEMU wikis to ensure the Planet gets more visibility, and hope this goes a small way to quell the complaints of not enough available information.
Several applications need random numbers for correct and secure operation. When ssh-server gets installed on a system, public and private key paris are generated. Random numbers are needed for this operation. Same with creating a GPG key pair. Initial TCP sequence numbers are randomized. Process PIDs are randomized. Without such randomization, we’d get a predictable set of TCP sequence numbers or PIDs, making it easy for attackers to break into servers or desktops.
On a system without any special hardware, Linux seeds its entropy pool from sources like keyboard and mouse input, disk IO, network IO, and any other sources whose kernel modules indicate they are capable of adding to the kernel’s entropy pool (i.e .the interrupts they receive are from sufficiently non-deterministic sources). For servers, keyboard and mouse inputs are rare (most don’t even have a keyboard / mouse connected). This makes getting true random numbers difficult: applications requesting random numbers from /dev/random have to wait for indefinite periods to get the randomness they desire (like creating ssh keys, typically during firstboot.).
Continue reading About Random Numbers and Virtual Machines