Update to Linux 4.14.46 #1322
Update to Linux 4.14.46 #1322
Conversation
|
I've done a rough smoke test by building this and running it in QEMU, but that doesn't test anything to do with VMware, Parallels, Xen, etc. 😅 |
|
Hi @tianon , To recap: by some reason the Docker daemon starts there with a big delay, so provisioning step times out. That happens only on the VM restart, but not on first time when VM is created and started. This doesn't happen with the current upstream version of boot2docker - @romankulikov, do you know - could it be caused by some compatibility issue between current version of Parallels Tools(13.3.0-43321) and Linux kernel v4.14.46 ? The boot2docker ISO which I built from this branch and used in my tests, could be downloaded here: https://www.dropbox.com/s/24txhj8e47ys9rt/boot2docker_4-14-46.iso |
|
Friendly ping @romankulikov ❤️ |
|
Hi there! As to my understanding timeouts are caused the hang of Is said above not a complete nonsense? If it isn't we need to think of doing something from the virtualisation side to make the guest kernel gather entropy faster and/or modify boot2docker start up procedure not to eat entropy so fast. |
|
Does |
|
No, Parallels Desktop doesn't virtualise any RNG devices at the moment. |
|
@romankulikov Thanks for your input! Now it's clear what's actually happening there. But anyway, I just to notice: there is a lightweight daemon for generating an entropy: |
I doubt that only on certain versions. This should be accidental and may occur on every kernel version.
I don't know weather there's something related to RNG in their tools but different virtualisation engines may produce, for example, more virtual hardware interrupts during guest OS boot. This may result in more gathered entropy in the guest kernel.
I guess |
|
I've made a test with using |
When running boot2docker on Parallels Desktop for Mac dockerd hangs during system start-up in `getrandom(2)` syscall because there's no much entropy in `/dev/random` at that moment. This commit is a dirty "proof of concept" fix by utilizing `rngd` from `rng-tools` suite to add entropy in `/dev/random` from `/dev/urandom`. Final solution surely should use better source of randomness. For example a bunch of bytes from host's `/dev/random`. In scope of boot2docker#1322.
|
Kernel change https://lkml.org/lkml/2018/4/12/711 The crng_init variable has three states: 0: The CRNG is not initialized at all The crng_ready() function should only return true once we are in the Just Everything requiring crypto and strong entropy during boot. Behaviour exhibited running on Virtualbox and VMWare Fusion also. The addition of rng-tools fixes this. The 4.9.x branch was changed here as well (4.4.96) So all Linux kernels after April 12th 2018 once back ported will exhibit the behaviour. |
|
Excellent detective work! 👍 ❤️ That's a real shame -- is there a reliable way we can determine whether a system has enough entropy by itself (like QEMU's |
|
Some interesting discussion: https://news.ycombinator.com/item?id=16972827 Built a new image with this change: So generating activity while the boot process is happening seems to work. The VM didn't block as long when Docker started and no docker-machine timeout "detecting the provisioner". Only lightly tested under Virtualbox 5.2.16 and I'm running Kernel 4.14.55-boot2docker, Boot2Docker version 18.06.0-ce, DockerToolbox-18.06.0-ce on windows. As far as I can tell other hypervisors don't have the equivalent of a virtio-rng-pci device. I'll keep digging. |
Interesting! So perhaps it would be sufficient to check for that one device, and launch an entropy generator otherwise? Or perhaps there's a particular level of entropy we could check for and assume that if it's high enough at the time of our check that starting up a generator is unnecessary? Perhaps some of our other Hypervisor liaisons could chime in regarding entropy? 😇 |
|
From what I can tell from reading various articles, if we see /dev/hwrng we launch rngd from rng-tools and use it to feed entropy from the /dev/hwrng device. Current kernel config options i'm using. CONFIG_HW_RANDOM=y So whether it's Virtio or and intel / AMD / Via HW random device they all show up as /dev/hwrng rngd --list shows this under Virtualbox windows 7 host Intel CPU Entropy sources that are available but disabled and we have a and things work. Under VMWare fusion macOS X 10.13.x host Intel CPU [ianm@ianm-centos7 ianm]# ls -al /dev/hwrng I think installling rng-tools at this point is the way to move forward and evaluate other options as we discover them. |
|
Well, my host doesn't have I think if we've got I was thinking maybe we should use |
|
Anybody wanting to play with what I'm working on it's here https://github.com/kaosagnt/boot2docker/tree/kernel-4.14 Kernel 4.14.60, aufs4.14.56+, Virtualbox 5.2.16, VMWare tools stable-10.3.0, rng-tools v6.3.1, Parallels 13.3.2-43368, Xen v7.10.0, qemu tools, Docker v18.06.0-ce |
|
See #1326 for a relevant discussion / decision that makes this slightly simpler for future releases (removing the AUFS part of the problem entirely). |
|
(I'm still not 100% sold on the QEMU guest agent -- can we please keep that discussion / implementation separate? #1319) |
|
Any body interested in TCL 9.x or XFS filesystem support can find it apart of |
|
I've done a little more testing on this today and it turns out gating on I think we'll also need to test I'm leaning more towards |
|
Ok, this is being replaced by #1332. 👍 |
The latest 4.9.x release doesn't patch cleanly with AUFS and 4.14.x is currently better supported there (http://aufs.sourceforge.net/).
cc @legal90 @frapposelli @phusl -- anything that this might cause issues with that you're aware of?