It seems your haveged is not working properly. Please perform some more tests:
1. Look for the logs in /var/log/tomcat8/catalina.out for a line similar to /INFO: Creation of SecureRandom instance for session ID generation using // //[SHA1PRNG] took [313,537] milliseconds./ It should read 50,000 or more in your case, which is the time necessary for tomcat8 to generate a random session ID to start replying to requests to geoserver. 2. Change the line "securerandom.source=file:/dev/random" in "/etc/java-8-openjdk/security/java.security" to point to /dev/urandom instead (just add an "u"). 3. Run the test again. If the test time goes down and the catalina.out log no longer shows messages about the creation of session IDs taking a long time, then your problem is with haveged. If the test time does not go down, then some more exploring is needed. If you problem ends up being with haveged, I suggest you try it again on a fresh VM. I double checked it and it should work just fine on Ubuntu 16.04 after "apt-get install haveged" without any need for "update-rc.d haveged defaults" or any intervention to the daemon configuration.If you end up not being able to use haveged, you can still use the "urandom" source. Please understand the security implications before doing that, the decision is not trivial. Best, Daniel Em 31/01/2017 10:48, Ricardo Pinho escreveu: > Hi Daniel, > Thank you for the reply. > > The test was made at home, running the VM on my i7 laptop. > > #Running the VM on the real hypervisor server and network: > service tomcat8 stop && service tomcat8 start && time curl > http://127.0.0.1:8080/geoserver/web > #returns > real 1m5.163s > user 0m0.000s > sys 0m0.024s > > #And: > watch cat /proc/sys/kernel/random/entropy_avail > #returns between: > 445 to 840 > > So 1m for tomcat/geoserver to restart... seems to me an eternity! > When you reported 13s, I became a bit jealous... > > PS. > Sorry, I'm an old fashion guy from ZX Spectrum generation, used to > count bits, and Z80 timestates... ;-) > > > 2017-01-31 12:22 GMT+00:00 Daniel Araujo Miranda > <miranda....@dpf.gov.br <mailto:miranda....@dpf.gov.br>>: > > Hi, Ricardo, > > Your geoserver already starts in a reasonable time. I was > unsettled with my installation because it took six minutes. Since > haveged did not change the time needed to run your test, it seems > geoserver (actually tomcat8) is not limited by entropy on startup. > To make sure you have enough entropy, run the following on the > same machine but on a separate console: > > watch cat /proc/sys/kernel/random/entropy_avail > > Then run the startup test on the original console. The > reported entropy is expected to be over 1000 bits and likely over > 2000 bits. "man random" says the maximum is 4096. If it goes under > 1000 you are "starved" for entropy and haveged is not working > properly. My guess is that your number will be a healthy value > over 2000 bits and you should try a different approach to improve > your startup time, which by the way seems fine to me. > > Best, > Daniel > > > Em 31/01/2017 09:02, Ricardo Pinho escreveu: > > Oi Daniel, > Very interesting! I use VM's a lot and always found geoserver > very slow to start. :( > > On my "Ubuntu 16.04 server minimal VM, clean install", running > on vmware player: > (needed previous: sudo apt install curl) > > sudo su > service tomcat8 stop && service tomcat8 start && time curl > http://127.0.0.1:8080/geoserver/web > <http://127.0.0.1:8080/geoserver/web> > > # returns > real 0m24.487s > user 0m0.000s > sys 0m0.004s > > Then I tried the havegen solution: > > sudo apt install haveged > > #verifydefaults > sudo vi /etc/default/haveged > #contains: checked > DAEMON_ARGS="-w 1024" > > #start havegd at boot > update-rc.d haveged defaults > > sudo reboot > > Run it again: > sudo su > service tomcat8 stop && service tomcat8 start && time curl > http://127.0.0.1:8080/geoserver/web > <http://127.0.0.1:8080/geoserver/web> > <http://127.0.0.1:8080/geoserver/web > <http://127.0.0.1:8080/geoserver/web>> > > #Results > real 0m24.258s > user 0m0.000s > sys 0m0.004s > > The same! :( > > Am I doing this right? > > Thank's > Ricardo > > > > -- > Ricardo Pinho ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
