Babis Chalios
(Amazon Web Services)
9/12/22, 3:25 PM
short version
When a virtual machine gets cloned, it still contains old data that believes are unique - random number generation seeds, UUIDs, etc. Linux recently included support for VMGenID to reseed its in-kernel PRNG, but all other RNGs and UUIDs are still identical after a clone.
In this session, we will discuss approaches to solve this and reveal experiments on which we worked...
Zbigniew Jędrzejewski-Szmek
(Red Hat)
9/12/22, 5:45 PM
Distributions ship signed kernels, but initrds are generally built locally. Each machine gets a "unique" initrd, which means they cannot be signed by the distro, the QA process is hard, and development of features for the initrd duplicates work done elsewhere.
Systemd has gained "system extensions" (sysexts, runtime...