-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add VritIO RNG device #195
add VritIO RNG device #195
Conversation
I need help: From the Proxmox PVE API documentation:
I am not presenting Tests and Docs because I do not know if solving this part requires changing some part of the Code. |
b4827ee
to
40426cd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @mabeett,
Thanks for the initial code, much appreciated! I did a quick review, but I'll wait until the PR is in a ready state before doing a more thorough review.
Regarding your question about max_bytes
, I'm not sure I understand the concern, but setting max_bytes
to 0
if undefined might be a solution, it's not recommended for limited sources of entropy like /dev/random
, but it will (presumably) work the same, although this may take some time to gather enough entropy for the data.
In the comment you left, you mentioned that max_bytes
MUST be set to 0 if undefined, is it a requirement of the API? As in the attribute cannot be left out of the payload?
Alternatively, we could do either:
- Decide a default, non-zero, value: if the
max_bytes
attribute is not set, its value will be 0, and in this case we can fallback on1024
for example. Same for the period, if undefined, we can pick a default value for this (we could go for1000
as shown in the screenshot shared by @modem7 in the linked issue). - Make the attribute mandatory: if defining a virtRNG for the VM, we can make
max_bytes
a mandatory attribute, in which case the problem of the value being undefined goes away, and we only have to check that it's>= 0
, and include it in the payload to the server. You can specify that in the tags for mapstructure, i.e.:mapstructure:"max_bytes" required:"true"
.
Let me know if one solution garners your interest, and if you need a hand coming up with the code, I can probably help.
Hello @lbajolet-hashicorp , Definitely I did not express myself clearly. I am sorry for the misunderstandings. :(
None of both =( . Maybe with the documentation from the Proxmox PVE API[0] is simpler to explain: json doc from the API Viewer{
"description": "Configure a VirtIO-based Random Number Generator.",
"format": {
"max_bytes": {
"default": 1024,
"description": "Maximum bytes of entropy allowed to get injected into the guest every 'period' milliseconds. Prefer a lower value when using '/dev/random' as source. Use `0` to disable limiting (potentially dangerous!).",
"optional": 1,
"type": "integer"
},
"period": {
"default": 1000,
"description": "Every 'period' milliseconds the entropy-injection quota is reset, allowing the guest to retrieve another 'max_bytes' of entropy.",
"optional": 1,
"type": "integer"
},
"source": {
"default_key": 1,
"description": "The file on the host to gather entropy from. In most cases '/dev/urandom' should be preferred over '/dev/random' to avoid entropy-starvation issues on the host. Using urandom does *not* decrease security in any meaningful way, as it's still seeded from real entropy, and the bytes provided will most likely be mixed with real entropy on the guest as well. '/dev/hwrng' can be used to pass through a hardware RNG from the host.",
"enum": [
"/dev/urandom",
"/dev/random",
"/dev/hwrng"
],
"type": "string"
}
},
"optional": 1,
"type": "string",
"typetext": "[source=]</dev/urandom|/dev/random|/dev/hwrng> [,max_bytes=<integer>] [,period=<integer>]"
} So,
IMO the expected behavior should be:
In the WebUI when the user leaves the default From my side I've also checked to call the API excluding the optional keys and (as expected) it works normally. I propose this because I consider the plugin should admit leaving implicit/undefined the API keys which admit it, plus the potential future not-match of default values plugin-packer versus server. I hope this make sense
[0]: The apivewer on the server is engined via javascript, soy we may get the same info via as json format: curl -s -k https://${myserver}:8006/pve-docs/api-viewer/apidoc.js \
| sed -e 's/const apiSchema = //g' \
|tr -d '\n' | sed 's/;let method2cm.*$//g' \
| jq --indent 1 '.[1].children[0].children[0].children[0].children[4].info.PUT.parameters.properties.rng0 ' -r |
The latest main for the proxmox-api-go project includes RNG device creation. Return value for proxmox.ConfigQemu.CreateQemuEfiParams() have changed ( Telmate/proxmox-api-go#255 )
40426cd
to
a4f1283
Compare
I think I understand, so the problem would be the default value for In this case it's a bit tricky, since there's no way to distinguish the two AFAICT from a language perspective, so for this option at least, I would consider making it mandatory, and state in the docs that the recommended value be Regarding Would that be acceptable? |
Exactly. That is the case.
OK. I understand. I don't know how to refer as mandatory this option. Could you help with an snippet in this plugin or a similar one? Thanks a lot.
Yes, I've just checked, proxmox API accepts
Yes, indeed. Regarding the documentation I was going to edit docs/builders/clone.mdx and docs/builders/iso.mdx. Let me know if the is a way documenting in the go sourcecode. |
You can add a You can refer to https://github.com/hashicorp/packer-plugin-proxmox/blob/main/builder/proxmox/clone/config.go#L23 as an example for this, let me know if you need more assistance on that front. Regarding the docs, if you write documentation on the attributes or the encompassing structure, they will get compiled into the You can find similar use-cases in some other plugins, Amazon for example: https://github.com/hashicorp/packer-plugin-amazon/blob/main/docs/builders/ebs.mdx?plain=1#L50 Again for the docs, let me know if you need help with those, I can chime in if need be. Thanks! |
a4f1283
to
5ec52a9
Compare
I' ve just pushed the changes according we agreed . There might be one or more errors. |
9e73824
to
7745177
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @mabeett,
I took a look at the changes, overall I think we're near good-to-go on that PR. I left a suggestion to fix the failing test, feel free to adapt it however you see fit, and I'll let you iterate on them to get them all to pass.
I also left a suggestion regarding docs so they're clearer for users of the plugin.
Once you've addressed my latest comments, I think we'll be ready to merge this in, thanks for the continued updates on this!
7745177
to
3e66773
Compare
Hello, regards, |
Hi @mabeett, Sorry I didn't take another look at your PR, I was away on vacation for a few weeks and it slipped out of my mind, apologies for that. I'll take a look at your PR this week and let you know if there are some more changes I can think of, and if it's good, we'll merge this in. Thanks for the reminder! |
Period and max_bytes had similar error conditions and different phrasing when an invalid value was set, so we harmonize the two as they are functionally similar.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @mabeett,
In the current state I'm confident we can merge this! I've allowed myself to push a small nit regarding an error message, but aside from that, it looks good to me, so I'll wait until tests are green, and then trigger the merge.
Sorry for making you wait for this, and thanks again for submitting this PR and following up on it, we appreciate that!
There is no problem!. I was considering proposing a PR changing the place on which is written the documentation: The idea is -when possible- moving the texts from the mdx files to the Clang-related code when possible (as in this PR) . On t his way future contributors should see easier/more natural adding the info directly to the code. What do you think? |
Hi @mabeett, Regarding your last message, I'm not sure what you mean by If so, yes very much so! I considered doing this myself when I have time for it, but still haven't found that just yet, so if you wanted to do this, please feel free to do so, and let me know if you need some help at any point in the process. |
Hi! |
I've just left the PR #214 . (now it is a draft) |
Adds RNG device
Closes #126