Bug 1303756 - candlepin uses /dev/random instead of /dev/urandom, leading to slow startup times
Summary: candlepin uses /dev/random instead of /dev/urandom, leading to slow startup t...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Katello
Classification: Retired
Component: Installer
Version: 2.0
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Katello Bug Bin
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: 1435022
TreeView+ depends on / blocked
 
Reported: 2016-02-01 20:56 UTC by Chris Duryee
Modified: 2020-03-27 19:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-27 19:41:44 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Chris Duryee 2016-02-01 20:56:14 UTC 
Description of problem:

We are currently in the process of finding items that may impact Satellite performance. We found recently that candlepin makes calls to /dev/random instead of /dev/urandom in some cases.

# lsof /dev/random
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
java    6465 tomcat   41r   CHR    1,8      0t0 1032 /dev/random
java    6465 tomcat   43r   CHR    1,8      0t0 1032 /dev/random
java    6465 tomcat   44r   CHR    1,8      0t0 1032 /dev/random
java    6465 tomcat  119r   CHR    1,8      0t0 1032 /dev/random

Some users have noted that after increasing their entropy counter via tools like 'haveged', performance increased. However, /dev/urandom should be acceptable to use instead of /dev/random.

Version-Release number of selected component (if applicable): 0.9.51


How reproducible: every time (measured via tomcat startup time)

Steps to Reproduce:

note: I have not tried this on physical HW, only VMs.

1. yum install -y lsof; lsof /dev/random
2. stop rngd service and tomcat, ensure "lsof /dev/random" is empty
3. drain /dev/random: "cat /dev/random > /dev/null", wait a few seconds
4. check "/proc/sys/kernel/random/entropy_avail" and ensure it's a low number (less than 50)
5. start tomcat, check startup time

Actual results: extremely slow startup. This likely affects other areas as well but startup time is the easiest one to check.

Expected results: same startup speed whether or not rngd is running


Additional info: http://www.2uo.de/myths-about-urandom/ has info about /dev/random vs /dev/urandom
Comment 3 Alex Wood 2016-03-07 18:52:38 UTC 
I think it's fine to switch to /dev/urandom, but it's not something that we control.  The entropy source is either set via a system property (set via tomcat.conf for example) or within $JAVA_HOME/jre/lib/security/java.security.  Neither of those methods are things within the control of the Candlepin RPM.  Configuring the settings in those files is more an issue for the Katello installer, so I'm reassigning to that component.

Be forewarned that are are some issue with JVM's not respecting what's set in java.security.  See

http://bugs.java.com/view_bug.do?bug_id=6202721
Note You need to log in before you can comment on or make changes to this bug.