Ok, checked on Ubuntu 16.04 server "minimal VM": *The service starts immediately after installing the package. *The service restarts upon reboot. *The geoserver test below runs on 12s upon reboot. *I also looked at some package internals (init.d/systemd configuration, ps -A ux, apparmor profile) and found no surprises.
It seems haveged is properly packaged on Ubuntu and it just works. Best, Daniel Em 27/01/2017 20:33, Chris Snider escreveu: > Don't forget to ensure the service starts by default. Otherwise the entropy > will not be generated on a reboot as expected. > > Chris Snider > Senior Software Engineer > Intelligent Software Solutions, Inc. > > > > -----Original Message----- > From: Daniel Araujo Miranda [mailto:miranda....@dpf.gov.br] > Sent: Friday, January 27, 2017 12:26 PM > To: Chris Snider <chris.sni...@issinc.com> > Subject: Re: [Geoserver-users] Quick tip: geoserver startup in 13s instead of > 6min > > That is a better solution! > > Thanks for the awesome tip. > > Problem solved with "apt install haveged". > > > Best, > > Daniel Miranda > > Forensics Expert > > Brazilian Federal Police > > > > Em 27/01/2017 13:35, Chris Snider escreveu: >> Hi, >> >> I had a similar issue on an old CentOS 5.x box. The tomcat instance running >> our GeoServer was taking a long time to start. I found this page that has a >> Linux service that can be installed to generate entropy. >> >> https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged >> >> I was able to keep our securerandom.source on /dev/random. >> >> Chris Snider >> Senior Software Engineer >> Intelligent Software Solutions, Inc. >> >> >> -----Original Message----- >> From: Daniel Araujo Miranda [mailto:miranda....@dpf.gov.br] >> Sent: Friday, January 27, 2017 6:16 AM >> To: geoserver-users@lists.sourceforge.net >> Subject: [Geoserver-users] Quick tip: geoserver startup in 13s instead of >> 6min >> >> Hello everyone, >> >> TLDR: Change the line "securerandom.source=file:/dev/random" in >> "/etc/java-8-openjdk/security/java.security" to point to /dev/urandom >> instead to start a clean geoserver install in 13 seconds instead of 6 >> minutes. Be mindful of security implications. >> >> I have been puzzled by some time why geoserver 2.10 and 2.10.1 took >> about 6 minutes to start in a kvm virtual machine, with a newly copied >> war file to the tomcat folder (/var/lib/tomcat8/webapps/ in my case). >> Nobody else seemed to have that problem and I was unable to identify >> meaningful log messages or anything different with my installation to >> ask a proper question here. I found out that the random number generator >> was not getting enough entropy to even start up a new session in tomcat. >> I finally noticed the the following line in >> /var/log/tomcat8/catalina.out which exposed the problem: >> >> INFO: Creation of SecureRandom instance for session ID generation using >> [SHA1PRNG] took [313,537] milliseconds. >> >> (In my defense, we use the comma as a decimal separator in Brazil, so >> the above time seemed to be 0.3 seconds at a glance) >> >> Changing securerandom.source from /dev/random to /dev/urandom in >> java.security solved the problem immediately. I decided to exchange a >> bit of security for a faster startup. Please BE AWARE OF THE SECURITY >> IMPLICATIONS if you do that. My accessment is that it is a reasonable >> tradeoff IN MY CASE. >> >> How to test: >> >> -take a fresh ubuntu 16.4 server "minimal virtual machine" >> installation in a KVM host >> >> -Install tomcat8 >> >> -Download geoserver, jai and jai_imageio >> >> -Unpack everything in their proper places (see >> http://docs.geoserver.org/stable/en/user/production/java.html) >> >> -after tomcat stops unpacking the geoserver war, run: >> >> service tomcat8 stop && service tomcat8 start && time curl >> -vvhttp://127.0.0.1:8080/geoserver/web >> >> That will take an arbitrary amount of time to complete, depending on how >> much entropy your VM has access to. If it is on a busy network and you >> type a lot on the console, it may finish sooner, if it is completely >> isolated and you are using a virtual terminal instead of ssh, it may >> take a long time. In my case it took 6 minutes with very light ssh >> console usage and a quiet network. Making more usage of the ssh console >> brought the time down to 3 minutes. >> >> Change the entropy source from /dev/random to /dev/urandom and you will >> see times for that test around 10 seconds. >> >> Best, >> Daniel >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Geoserver-users mailing list >> Geoserver-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/geoserver-users >> > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
