Hello everyone,
TLDR: Change the line "securerandom.source=file:/dev/random" in
"/etc/java-8-openjdk/security/java.security" to point to /dev/urandom
instead to start a clean geoserver install in 13 seconds instead of 6
minutes. Be mindful of security implications.
I have been puzzled by some time why geoserver 2.10 and 2.10.1 took
about 6 minutes to start in a kvm virtual machine, with a newly copied
war file to the tomcat folder (/var/lib/tomcat8/webapps/ in my case).
Nobody else seemed to have that problem and I was unable to identify
meaningful log messages or anything different with my installation to
ask a proper question here. I found out that the random number generator
was not getting enough entropy to even start up a new session in tomcat.
I finally noticed the the following line in
/var/log/tomcat8/catalina.out which exposed the problem:
INFO: Creation of SecureRandom instance for session ID generation using
[SHA1PRNG] took [313,537] milliseconds.
(In my defense, we use the comma as a decimal separator in Brazil, so
the above time seemed to be 0.3 seconds at a glance)
Changing securerandom.source from /dev/random to /dev/urandom in
java.security solved the problem immediately. I decided to exchange a
bit of security for a faster startup. Please BE AWARE OF THE SECURITY
IMPLICATIONS if you do that. My accessment is that it is a reasonable
tradeoff IN MY CASE.
How to test:
-take a fresh ubuntu 16.4 server "minimal virtual machine"
installation in a KVM host
-Install tomcat8
-Download geoserver, jai and jai_imageio
-Unpack everything in their proper places (see
http://docs.geoserver.org/stable/en/user/production/java.html)
-after tomcat stops unpacking the geoserver war, run:
service tomcat8 stop && service tomcat8 start && time curl
-vvhttp://127.0.0.1:8080/geoserver/web
That will take an arbitrary amount of time to complete, depending on how
much entropy your VM has access to. If it is on a busy network and you
type a lot on the console, it may finish sooner, if it is completely
isolated and you are using a virtual terminal instead of ssh, it may
take a long time. In my case it took 6 minutes with very light ssh
console usage and a quiet network. Making more usage of the ssh console
brought the time down to 3 minutes.
Change the entropy source from /dev/random to /dev/urandom and you will
see times for that test around 10 seconds.
Best,
Daniel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
