Re: How to make Tomcat do not use /dev/random?
Problems with /dev/random relate to waiting to generate enough entropy after restart of the OS. Does this slow start up happen only after the machine has been restarted or does it happen every time Tomcat is started? If the latter, then it is unlikely to be associated with /dev/random and much more likely to be something like an unresolved IP address causing a network timeout. As Juha suggests, get a thread dump and work out exactly what the problem is. Mohamed Mohamedin wrote: Dear All, I am facing a problem with tomcat which make it start very slowly. I found while searching that Tomcat reading from /dev/random to get random numbers may be the cause. So I am asking How to prevent that? Or if there is another cause please tell me. Thanks a lot !DSPAM:47b837c3258241839419991! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to make Tomcat do not use /dev/random?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan, Alan Chaney wrote: | Problems with /dev/random relate to waiting to generate enough entropy | after restart of the OS. Does this slow start up happen only after the | machine has been restarted or does it happen every time Tomcat is | started? It is not really related to either... whenever the buffer of randomness is exhausted, readers will block waiting for more. The keyboard tends to be a good place (at least, on Linux systems) to get randomness so if you have physical access to a machine, consider pounding on the keyboard a bit. | If the latter, then it is unlikely to be associated with | /dev/random and much more likely to | be something like an unresolved IP address causing a network timeout. Always a possibility. | As Juha suggests, get a thread dump and work out exactly what the | problem is. Always good advice. If the problem /does/ turn out to be /dev/random, you can change your JVMs source of randomness by editing $JAVA_HOME/jre/lib/security/java.security and changing the value of the securerandom.source property. The aforementioned file includes in-text documentation to help you with that. It also suggests the name of a system property that can be used to the same effect. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfEU8IACgkQ9CaO5/Lv0PD7iwCdEQUhIHh1uwcZQx102bmKxBnH 8XIAoLNu7exb6nQeWC3XxJ4ULvGbMdkm =nqt4 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to make Tomcat do not use /dev/random?
Mohamed Mohamedin wrote: I am facing a problem with tomcat which make it start very slowly. I found while searching that Tomcat reading from /dev/random to get random numbers may be the cause. So I am asking How to prevent that? Or if there is another cause please tell me. Is this just Tomcat, without any applications installed yet -- or does it already have webapps or other add-on code installed? I'd like to know, because this might help in classifying the problem as either concerning Tomcat or one of the installed applications. Also, when Tomcat is hanging, could you take a thread dump on what is running, to show the call stack for the thread waiting for random numbers. This would be a great help in pinpointing the actual piece of code responsible for the delay. As for actual help, it looks like Java on Linux uses /dev/random as source of randomness when a piece of code requires SecureRandom numbers. /dev/random, by definition, will block until there is enough entropy (randomness) available to satisfy the application requirements -- and on a lightly used machines this may take quite a time. The solutions are to either change the application to use regular java.util.Random instead of java.security.SecureRandom -- or to degrade the random source provided by Linux from /dev/random to /dev/urandom. This can be done either through changing the java.security file provided with the Sun Java distribution (documentation is within the file), or -which I would consider a better practice- by setting the less random random source just for the JVM running Tomcat with -Djava.security.egd=file:/dev/urandom command line parameter. Hope this helps -- but please don't jump right to changing the random source; try to pinpoint first where (in Tomcat code or application code) the access to /dev/random happens. -- ..Juha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]