I found this page has a good explanation, but you have to scroll past the
initial image. It almost put me off the page, but I found the information good:
https://calomel.org/entropy_random_number_generators.html
Some additional sources I used:
http://stackoverflow.com/questions/28201794/slow-startup-on-tomcat-7-0-57-because-of-securerandom
http://security.stackexchange.com/questions/89/feeding-dev-random-entropy-pool
Chris Snider
Senior Software Engineer
Intelligent Software Solutions, Inc.
[Description: Description: Description: cid:image001.png@01CA1F1F.CBC93990]
From: Jody Garnett [mailto:jody.garn...@gmail.com]
Sent: Friday, January 27, 2017 2:19 PM
To: Daniel Araujo Miranda <miranda....@dpf.gov.br>
Cc: geoserver-users@lists.sourceforge.net
Subject: Re: [Geoserver-users] Quick tip: geoserver startup in 13s instead of
6min
What is random number entropy?
--
Jody Garnett
On 27 January 2017 at 05:15, Daniel Araujo Miranda
<miranda....@dpf.gov.br<mailto:miranda....@dpf.gov.br>> wrote:
Hello everyone,
TLDR: Change the line "securerandom.source=file:/dev/random" in
"/etc/java-8-openjdk/security/java.security" to point to /dev/urandom
instead to start a clean geoserver install in 13 seconds instead of 6
minutes. Be mindful of security implications.
I have been puzzled by some time why geoserver 2.10 and 2.10.1 took
about 6 minutes to start in a kvm virtual machine, with a newly copied
war file to the tomcat folder (/var/lib/tomcat8/webapps/ in my case).
Nobody else seemed to have that problem and I was unable to identify
meaningful log messages or anything different with my installation to
ask a proper question here. I found out that the random number generator
was not getting enough entropy to even start up a new session in tomcat.
I finally noticed the the following line in
/var/log/tomcat8/catalina.out which exposed the problem:
INFO: Creation of SecureRandom instance for session ID generation using
[SHA1PRNG] took [313,537] milliseconds.
(In my defense, we use the comma as a decimal separator in Brazil, so
the above time seemed to be 0.3 seconds at a glance)
Changing securerandom.source from /dev/random to /dev/urandom in
java.security solved the problem immediately. I decided to exchange a
bit of security for a faster startup. Please BE AWARE OF THE SECURITY
IMPLICATIONS if you do that. My accessment is that it is a reasonable
tradeoff IN MY CASE.
How to test:
-take a fresh ubuntu 16.4 server "minimal virtual machine"
installation in a KVM host
-Install tomcat8
-Download geoserver, jai and jai_imageio
-Unpack everything in their proper places (see
http://docs.geoserver.org/stable/en/user/production/java.html)
-after tomcat stops unpacking the geoserver war, run:
service tomcat8 stop && service tomcat8 start && time curl
-vvhttp://127.0.0.1:8080/geoserver/web<http://127.0.0.1:8080/geoserver/web>
That will take an arbitrary amount of time to complete, depending on how
much entropy your VM has access to. If it is on a busy network and you
type a lot on the console, it may finish sooner, if it is completely
isolated and you are using a virtual terminal instead of ssh, it may
take a long time. In my case it took 6 minutes with very light ssh
console usage and a quiet network. Making more usage of the ssh console
brought the time down to 3 minutes.
Change the entropy source from /dev/random to /dev/urandom and you will
see times for that test around 10 seconds.
Best,
Daniel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net<mailto:Geoserver-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geoserver-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
