Bug 1303756 - candlepin uses /dev/random instead of /dev/urandom, leading to slow startup times
candlepin uses /dev/random instead of /dev/urandom, leading to slow startup t...
Status: NEW
Product: Katello
Classification: Community
Component: Installer (Show other bugs)
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Katello Bug Bin
Katello QA List
: Triaged
Depends On:
Blocks: 1435022
  Show dependency treegraph
Reported: 2016-02-01 15:56 EST by Chris Duryee
Modified: 2017-03-22 18:41 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Duryee 2016-02-01 15:56:14 EST
Description of problem:

We are currently in the process of finding items that may impact Satellite performance. We found recently that candlepin makes calls to /dev/random instead of /dev/urandom in some cases.

# lsof /dev/random
java    6465 tomcat   41r   CHR    1,8      0t0 1032 /dev/random
java    6465 tomcat   43r   CHR    1,8      0t0 1032 /dev/random
java    6465 tomcat   44r   CHR    1,8      0t0 1032 /dev/random
java    6465 tomcat  119r   CHR    1,8      0t0 1032 /dev/random

Some users have noted that after increasing their entropy counter via tools like 'haveged', performance increased. However, /dev/urandom should be acceptable to use instead of /dev/random.

Version-Release number of selected component (if applicable): 0.9.51

How reproducible: every time (measured via tomcat startup time)

Steps to Reproduce:

note: I have not tried this on physical HW, only VMs.

1. yum install -y lsof; lsof /dev/random
2. stop rngd service and tomcat, ensure "lsof /dev/random" is empty
3. drain /dev/random: "cat /dev/random > /dev/null", wait a few seconds
4. check "/proc/sys/kernel/random/entropy_avail" and ensure it's a low number (less than 50)
5. start tomcat, check startup time

Actual results: extremely slow startup. This likely affects other areas as well but startup time is the easiest one to check.

Expected results: same startup speed whether or not rngd is running

Additional info: http://www.2uo.de/myths-about-urandom/ has info about /dev/random vs /dev/urandom
Comment 3 Alex Wood 2016-03-07 13:52:38 EST
I think it's fine to switch to /dev/urandom, but it's not something that we control.  The entropy source is either set via a system property (set via tomcat.conf for example) or within $JAVA_HOME/jre/lib/security/java.security.  Neither of those methods are things within the control of the Candlepin RPM.  Configuring the settings in those files is more an issue for the Katello installer, so I'm reassigning to that component.

Be forewarned that are are some issue with JVM's not respecting what's set in java.security.  See


Note You need to log in before you can comment on or make changes to this bug.