From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Craven Subject: Re: 'guix system vm' questions Date: Sun, 3 Jul 2016 18:09:09 +0200 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36752) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJjxP-0006Oj-5J for help-guix@gnu.org; Sun, 03 Jul 2016 12:09:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bJjxK-0007HX-8o for help-guix@gnu.org; Sun, 03 Jul 2016 12:09:18 -0400 Received: from mail-yw0-x22f.google.com ([2607:f8b0:4002:c05::22f]:35138) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bJjxJ-0007HG-16 for help-guix@gnu.org; Sun, 03 Jul 2016 12:09:14 -0400 Received: by mail-yw0-x22f.google.com with SMTP id l125so24010413ywb.2 for ; Sun, 03 Jul 2016 09:09:11 -0700 (PDT) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: help-guix@gnu.org @myglc2 the simplest workaround to this issue is to add -device virtio-rng-pci to your qemu flags and patch lsh to use /dev/hwrng in the /bin/lsh-make-seed file I linked to in a previous reply. On Sun, Jul 3, 2016 at 6:00 PM, wrote: > Send Help-Guix mailing list submissions to > help-guix@gnu.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.gnu.org/mailman/listinfo/help-guix > or, via email, send a message with subject or body 'help' to > help-guix-request@gnu.org > > You can reach the person managing the list at > help-guix-owner@gnu.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Help-Guix digest..." > > > Today's Topics: > > 1. Re: 'guix system vm' questions (myglc2) > 2. Re: 'guix system vm' questions (myglc2) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 03 Jul 2016 09:47:42 -0400 > From: myglc2 > To: help-guix@gnu.org > Subject: Re: 'guix system vm' questions > Message-ID: <86mvly6dfl.fsf@gmail.com> > Content-Type: text/plain; charset=utf-8 > > ludo@gnu.org (Ludovic Court?s) writes: > >> myglc2 skribis: >> >>> Leo Famulari writes: >>> >>>> On Wed, Jun 29, 2016 at 10:10:35AM -0400, Thompson, David wrote: >>>>> On Wed, Jun 29, 2016 at 2:57 AM, myglc2 wrote: >>>>> > I have a headless server running Guix/Debian 8.3 on which I would like >>>>> > to run some guix vms. So far, I have a script (see mkvm.sh, attached) >>>>> > that runs a single vm. It has some issues: >>>>> > >>>>> > 1) lsh-service hangs waiting for keystrokes on the QEMU console >>>>> >>>>> LSH needs to be initialized with a key on first boot, which is why you >>>>> need to type to create entropy. This sucks for automation, so I would >>>>> recommend OpenSSH instead, but we don't have an openssh-service yet. >>>> >>>> In your operating system configuration, you can pass 'initialize? #f' to >>>> lsh-service to skip the SSH seed and host-key initialization. You will >>>> need to initialize the LSH service later, before you can use it. >>> >>> I tried that and ... lsh spun looking for a seed file advising me to run >>> 'lsh-make-seed', and then stopped. >> >> Yeah this is expected: lshd won?t start if it cannot find a seed; >> eventually, the Shepherd? >> >>> Service SSH-daemeon has started. >>> No seed file. Please create on by running >>> lwh-make-seed -o "/var/spool/lsh/yarrow-seed-file". >>> lshd: No rendomness generator available. >>> Service ssh-daemon has been disabled. >>> (Respawning too fast.) >> >> ? disables it. >> >>> v1 login: root >>> root@v1 ~# lsh-make-seed >>> -bash: lsh-make-seed: command not found >> >> I guess ?lsh-service-type? should be changed to extend >> ?profile-service-type? such that this command is available. WDYT? > > Well I can't see how it will help in my use case. I can't think of why > it would be useful in practice, since lsh-make-seed is already being > called with --sloppy by 'ssh-service initialize? #t'. > > The only reasons I can think of are ... > > - to enable a user at the console to manually reproduce what > 'ssh-service initialize? #t' does, and > > - to avoid it being reported as a bug > > ... which is why I didn't report it as a bug. > > Re my use case, am I correct in believing that the only way to address > it is to enhance lsh-service with an alternative initialization scheme > that does not require console input? > > If so, maybe we should rename the current initialize to ... > > INITIALIZE-REQUIRING-CONSOLE-INPUT? > > ... and add a new one named ... > > INITIALIZE-UNATTENDED? > > WDYT? - George > > > > > > > > > > ------------------------------ > > Message: 2 > Date: Sun, 03 Jul 2016 09:53:28 -0400 > From: myglc2 > To: help-guix@gnu.org > Subject: Re: 'guix system vm' questions > Message-ID: <86inwm6d5z.fsf@gmail.com> > Content-Type: text/plain > > David Craven writes: > >> So I packaged rng-tools and created a shepherd service, but I realized >> that the service needs to be started before the activation part of the >> lsh service. What's the best way to do this? >> >> https://git.lysator.liu.se/lsh/lsh/blob/master/src/lsh-make-seed.c#L1075 >> >> On Wed, Jun 29, 2016 at 8:23 PM, David Craven wrote: >>> HW_RANDOM_VIRTIO is enabled in the default kernel. >>> >>> Starting the vm like this enables the hwrng: >>> /gnu/store/3rqbwx34kfa789jbywfbxl90nids08cf-run-vm.sh -device virtio-rng-pci >>> and it works as can be verified by >>> cat /dev/hwrng >>> >>> The only missing components from what I can tell is packaging rng-tools >>> and adding a service to add /dev/hwrng to the entropy pool on boot. >>> >>> https://git.kernel.org/cgit/utils/kernel/rng-tools/rng-tools.git/ >>> >>>> We should look into QEMU's VirtIO RNG, which could help here: >>>> http://wiki.qemu-project.org/Features-Done/VirtIORNG > > This sounds great. I see you submitted patches. Am I correct in thinking > that the next step is to add an lsh-option option that uses rmg-tools > instead of lsh-make-seed to set the yarrow seed? > > TIA - George > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Help-Guix mailing list > Help-Guix@gnu.org > https://lists.gnu.org/mailman/listinfo/help-guix > > > ------------------------------ > > End of Help-Guix Digest, Vol 8, Issue 4 > ***************************************