[ https://issues.apache.org/jira/browse/RANGER-2700?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jiayi Liu updated RANGER-2700: ------------------------------ Description: I try to install ranger-2.0.0 on my cluster, however, I try to create a new service in Ranger WebUI, when I click the Add button, I keep stuck in the Please waiting state for a long time, and finally get an error that createService failed. I try to debug through the source code, and found that it stuck on generateBase64EncodedIV() in PasswordUtils.java. It uses SecureRandom.getInstanceStrong() to get the random string. We can find a lot of information showing that this function often blocks and is very slow. SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the thread if there isn't enough randomness available, but /dev/urandom will never block. SecureRandom.getInstanceStrong() is equivalent to SecureRandom.getInstance("NativePRNGBlocking"), and we can use /dev/urandom by replacing ecureRandom.getInstanceStrong() to SecureRandom.getInstance("NativePRNGNonBlocking"). /dev/random and /dev/urandom use the same pool of randomness under the hood, and they are equally secure. was: I try to install ranger-2.0.0 on my cluster, however, I try to create a new service in Ranger WebUI, when I click the Add button, I keep stuck in the Please waiting state for a long time, and finally get an error that createService failed. I try to debug through the source code, and found that it stuck on generateBase64EncodedIV() in PasswordUtils.java. It uses SecureRandom.getInstanceStrong() to get the random byte array. We can find a lot of information showing that this function often blocks and is very slow. SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the thread if there isn't enough randomness available, but /dev/urandom will never block. SecureRandom.getInstanceStrong() is equivalent to SecureRandom.getInstance("NativePRNGBlocking"), and we can use /dev/urandom by replacing ecureRandom.getInstanceStrong() to SecureRandom.getInstance("NativePRNGNonBlocking"). /dev/random and /dev/urandom use the same pool of randomness under the hood, and they are equally secure. > creating service sometimes fails because SecureRandom.getInstanceStrong() is > very slow > -------------------------------------------------------------------------------------- > > Key: RANGER-2700 > URL: https://issues.apache.org/jira/browse/RANGER-2700 > Project: Ranger > Issue Type: Improvement > Components: admin > Affects Versions: ranger-2.0 > Reporter: Jiayi Liu > Priority: Major > > I try to install ranger-2.0.0 on my cluster, however, I try to create a new > service in Ranger WebUI, when I click the Add button, I keep stuck in the > Please waiting state for a long time, and finally get an error that > createService failed. > I try to debug through the source code, and found that it stuck on > generateBase64EncodedIV() in PasswordUtils.java. It uses > SecureRandom.getInstanceStrong() to get the random string. We can find a lot > of information showing that this function often blocks and is very slow. > SecureRandom.getInstanceStrong() uses /dev/random, and /dev/random blocks the > thread if there isn't enough randomness available, but /dev/urandom will > never block. > SecureRandom.getInstanceStrong() is equivalent to > SecureRandom.getInstance("NativePRNGBlocking"), and we can use /dev/urandom > by replacing ecureRandom.getInstanceStrong() to > SecureRandom.getInstance("NativePRNGNonBlocking"). /dev/random and > /dev/urandom use the same pool of randomness under the hood, and they are > equally secure. -- This message was sent by Atlassian Jira (v8.3.4#803005)