[
https://issues.apache.org/jira/browse/SOLR-6254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065631#comment-14065631
]
Steve Rowe commented on SOLR-6254:
----------------------------------
bq. Is it really that, Steve? It would seem very odd to have ssl connections
just stall like that – think of any web server or something... how does it work
there?
I don't know - see SOLR-5776 for more info about SSL-related test failures on
Jenkins.
All of the recent TestCloudSchemaless failures on Jenkins were stuck reading
SSL sockets, so if it's not entropy depletion, it's something related to SSL
sockets. (We'll see in a day or two if TestCloudSchemaless stops failing
regularly; I added the {{@SuppressSSL}} annotation to it.)
More FreeBSD-specific entropy info:
# FreeBSD's /dev/urandom is symlinked to /dev/random:
\\
{noformat}
sarowe@lucene[867]$ ls -ld /dev/random /dev/urandom
crw-rw-rw- 1 root wheel 0, 13 Jul 17 18:38 /dev/random
lrwxr-xr-x 1 root wheel 6 Jun 18 23:22 /dev/urandom -> random
{noformat}
# FreeBSD's /dev/random blocks when there is insufficient entropy; from
[http://www.freebsd.org/cgi/man.cgi?format=html&query=random(4)]:
\\
{quote}
The kern.random.sys.seeded variable indicates whether or not the random
device is in an acceptably secure state as a result of reseeding. If set
to 0, the device will block (on read) until the next reseed (which can be
from an explicit write, or as a result of entropy harvesting). A reseed
will set the value to 1 (non-blocking).
{quote}
\\
and from [https://wiki.freebsd.org/201308DevSummit/Security/DevRandom]:
{quote}
How /dev/random works today: The primary source of randomness is the [Yarrow
PRNG|http://www.schneier.com/yarrow.html].
\[...]
Yarrow \[...] need\[s] to accumulate a certain amount of entropy before \[it]
can start generating random numbers. Until that happens, reads from /dev/random
will block.
{quote}
\\
More info about randomness sources at
[https://wiki.freebsd.org/201308DevSummit/Security/DevRandom].
> Failing tests due to timeouts caused by SSL depleting random entropy on
> Jenkins
> -------------------------------------------------------------------------------
>
> Key: SOLR-6254
> URL: https://issues.apache.org/jira/browse/SOLR-6254
> Project: Solr
> Issue Type: Task
> Components: Tests
> Reporter: Steve Rowe
>
> Tests using SSL can block on Jenkins when random entropy is depleted, causing
> timeouts that trigger test failures.
> I found some info about /dev/random problems on FreeBSD here:
> [https://wiki.freebsd.org/201308DevSummit/Security/DevRandom], which lead me
> to /etc/rc.d/iinitrandom, which gets around the limited entropy by cat'ing a
> bunch of shit to /dev/random:
> {code}
> ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
> | dd of=/dev/random bs=8k 2>/dev/null
> cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
> {code}
> I think we should try the same strategy in a crontab every X minutes, to see
> if that addresses the test failures.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
