Hey Arnaud, Andy's solution is definitely the right answer for Java applications in general (on docker or in vm or anywhere with more limited entropy).
A more general way to take care of entropy issues in docker containers (applicable beyond NiFi) is to mount the host's /dev/random or /dev/urandom as the container's /dev/random. [1] If you want to use the host's /dev/random, the host machine will likely have significantly more entropy: -v /dev/random:/dev/random If you just want to force the container to use your host's /dev/urandom so it will never block for entropy (should be fine in the majority of cases [2]): -v /dev/urandom:/dev/random [1] http://stackoverflow.com/questions/26021181/not-enough-entropy-to-support-dev-random-in-docker-containers-running-in-boot2d#answer-26024403 [2] http://www.2uo.de/myths-about-urandom/ On Wed, Feb 15, 2017 at 5:15 AM, Andy LoPresto <alopre...@apache.org> wrote: > Glad this fixed it and sorry it happened in the first place. This one is a > personal antagonist of mine and I’ll be happy when it’s fixed for everyone. > Good luck using the project. > > Andy LoPresto > alopre...@apache.org > *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Feb 15, 2017, at 2:09 AM, Arnaud G <greatpat...@gmail.com> wrote: > > Hi Andy, > > Thank you very much, and indeed it seems that you pointed the right > problem. The docker is running in a VM and it seems that I had a lack of > entroy. > > I changed the entropy source to /dev/urandom and Nifi was able to start > immediately. > > Thank you very much for your help > > Arnaud > > On Wed, Feb 15, 2017 at 10:41 AM, Andy LoPresto <alopre...@apache.org> > wrote: > >> Hi Arnaud, >> >> I’m sorry you are having trouble getting NiFi going. We want to minimize >> any inconvenience and get you up and running quickly. >> >> Are you by any chance running on a VM that does not have access to any >> physical inputs to generate entropy for secure random seeding? There is a >> known issue [1] (being worked on for the next release) where this can cause >> the application to block because insufficient entropy is available (without >> the physical inputs, there is not enough random data to properly seed >> secure operations). >> >> I recommend you check if this the case (run this command in your terminal >> — if it hangs, this is the cause): >> >> head -n 1 /dev/random >> >> If it hangs, follow the instructions on this page [2] to modify the Java >> secure random source (ignore the warning that this is “less secure” — this >> is an urban legend propagated by a misunderstanding in the Linux kernel >> manual pages [3]). >> >> Modify $JAVA_HOME/jre/lib/security/java.security to change >> securerandom.source=file:/dev/random to securerandom. >> source=file:/dev/urandom >> >> >> [1] https://issues.apache.org/jira/browse/NIFI-3313 >> [2] https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configw >> lss/jvmrand.html >> [3] http://www.2uo.de/myths-about-urandom/ >> >> Andy LoPresto >> alopre...@apache.org >> *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* >> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >> >> On Feb 15, 2017, at 1:29 AM, Arnaud G <greatpat...@gmail.com> wrote: >> >> Hi guys! >> >> I'm trying to play with nifi (1.1.1) in a docker image. I tried different >> configuration (cluster, single node, secured, etc.), however whatever I >> try, Nifi takes forever to start (like 30-45 minutes). This not related to >> data as I observe this behavior even when I instantiate the docker image >> for the first time. >> >> In the log it stops here: >> >> nifi-bootstrap.log >> 2017-02-14 08:52:34,624 INFO [NiFi Bootstrap Command Listener] >> org.apache.nifi.bootstrap.RunNiFi Apache NiFi now running and listening >> for Bootstrap requests on port 46553 >> >> nifi-app.log >> 2017-02-14 08:53:11,225 INFO [main] o.a.nifi.properties.NiFiPropertiesLoader >> Loaded 121 properties from /opt/nifi/./conf/nifi.properties >> >> and then wait for boostraping (if I set up debug log level) >> >> Any idea what may cause this? >> >> Thanks in advance! >> >> AG >> >> >> >> >> > >
