[libvirt] [libvirt-tck PATCH] TCK.pm: Define libvirt VMs with an RNG device

Erik Skultety eskultet at redhat.com
Tue Sep 24 10:18:07 UTC 2019


On Tue, Sep 24, 2019 at 12:02:44PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-09-24 at 08:27 +0200, Erik Skultety wrote:
> > On Mon, Sep 23, 2019 at 04:47:06PM -0400, Laine Stump wrote:
> > > On 9/23/19 1:27 PM, Erik Skultety wrote:
> > > > The nwfilter 220-no-ip-spoofing.t test relies on an SSH connection to
> > > > the test VM. However, because the domain definition passed to libvirt
> > > > lacks an RNG device, the SSH server isn't started inside the guest
> > > > (even though that is the default on virt-builder images) and therefore:
> > > >
> > > > "ssh: connect to host 192.168.122.227 port 22: Connection refused"
> > >
> > > Strange that this has never happened to me. Is it perhaps because I'm using
> > > a very old cached image from virt-builder, and had started it up manually at
> > > some time in the past (thus giving it a long enough time to generate the
> > > keys, which are now stored away for posterity)?
> >
> > Btw I always thought that the keys are generated during the package
> > installation rather than first execution of the daemon, clearly I was wrong.
>
> I'm going to go out on a limb and assume virt-builder templates get
> their keys ripped out explicitly as part of the building process,
> because of course you wouldn't want all guests created from the same
> virt-builder template to share a single set of SSH keys, now would
> you? :)

That makes a lot of sense, they do sanitize the images indeed.

(btw I read somewhere that under some circumstances you'd want to share the
server keys in a cluster environment, unfortunately the author of the article
didn't bother explaining, so I'm taking that information with a grain of salt)

Thanks,
Erik




More information about the libvir-list mailing list