Hide Forgot
Description of problem: We are currently in the process of finding items that may impact Satellite performance. We found recently that candlepin makes calls to /dev/random instead of /dev/urandom in some cases. # lsof /dev/random COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 6465 tomcat 41r CHR 1,8 0t0 1032 /dev/random java 6465 tomcat 43r CHR 1,8 0t0 1032 /dev/random java 6465 tomcat 44r CHR 1,8 0t0 1032 /dev/random java 6465 tomcat 119r CHR 1,8 0t0 1032 /dev/random Some users have noted that after increasing their entropy counter via tools like 'haveged', performance increased. However, /dev/urandom should be acceptable to use instead of /dev/random. Version-Release number of selected component (if applicable): 0.9.51 How reproducible: every time (measured via tomcat startup time) Steps to Reproduce: note: I have not tried this on physical HW, only VMs. 1. yum install -y lsof; lsof /dev/random 2. stop rngd service and tomcat, ensure "lsof /dev/random" is empty 3. drain /dev/random: "cat /dev/random > /dev/null", wait a few seconds 4. check "/proc/sys/kernel/random/entropy_avail" and ensure it's a low number (less than 50) 5. start tomcat, check startup time Actual results: extremely slow startup. This likely affects other areas as well but startup time is the easiest one to check. Expected results: same startup speed whether or not rngd is running Additional info: http://www.2uo.de/myths-about-urandom/ has info about /dev/random vs /dev/urandom
I think it's fine to switch to /dev/urandom, but it's not something that we control. The entropy source is either set via a system property (set via tomcat.conf for example) or within $JAVA_HOME/jre/lib/security/java.security. Neither of those methods are things within the control of the Candlepin RPM. Configuring the settings in those files is more an issue for the Katello installer, so I'm reassigning to that component. Be forewarned that are are some issue with JVM's not respecting what's set in java.security. See http://bugs.java.com/view_bug.do?bug_id=6202721