I'm not sure piggy-backing on the host entropy will work reliably. I have seen this issue in ec2, openstack boxes, etc. A newly spun up box will exhibit this issue often.
Andrew On Wed, Feb 15, 2017, 10:09 AM Bryan Rosander <brosan...@apache.org> wrote: > Hey Arnaud, > > Andy's solution is definitely the right answer for Java applications in > general (on docker or in vm or anywhere with more limited entropy). > > A more general way to take care of entropy issues in docker containers > (applicable beyond NiFi) is to mount the host's /dev/random or /dev/urandom > as the container's /dev/random. [1] > > If you want to use the host's /dev/random, the host machine will likely > have significantly more entropy: > -v /dev/random:/dev/random > > If you just want to force the container to use your host's /dev/urandom so > it will never block for entropy (should be fine in the majority of cases > [2]): > -v /dev/urandom:/dev/random > > [1] > http://stackoverflow.com/questions/26021181/not-enough-entropy-to-support-dev-random-in-docker-containers-running-in-boot2d#answer-26024403 > [2] http://www.2uo.de/myths-about-urandom/ > > On Wed, Feb 15, 2017 at 5:15 AM, Andy LoPresto <alopre...@apache.org> > wrote: > > Glad this fixed it and sorry it happened in the first place. This one is a > personal antagonist of mine and I’ll be happy when it’s fixed for everyone. > Good luck using the project. > > Andy LoPresto > alopre...@apache.org > *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Feb 15, 2017, at 2:09 AM, Arnaud G <greatpat...@gmail.com> wrote: > > Hi Andy, > > Thank you very much, and indeed it seems that you pointed the right > problem. The docker is running in a VM and it seems that I had a lack of > entroy. > > I changed the entropy source to /dev/urandom and Nifi was able to start > immediately. > > Thank you very much for your help > > Arnaud > > On Wed, Feb 15, 2017 at 10:41 AM, Andy LoPresto <alopre...@apache.org> > wrote: > > Hi Arnaud, > > I’m sorry you are having trouble getting NiFi going. We want to minimize > any inconvenience and get you up and running quickly. > > Are you by any chance running on a VM that does not have access to any > physical inputs to generate entropy for secure random seeding? There is a > known issue [1] (being worked on for the next release) where this can cause > the application to block because insufficient entropy is available (without > the physical inputs, there is not enough random data to properly seed > secure operations). > > I recommend you check if this the case (run this command in your terminal > — if it hangs, this is the cause): > > head -n 1 /dev/random > > If it hangs, follow the instructions on this page [2] to modify the Java > secure random source (ignore the warning that this is “less secure” — this > is an urban legend propagated by a misunderstanding in the Linux kernel > manual pages [3]). > > Modify $JAVA_HOME/jre/lib/security/java.security to change > securerandom.source=file:/dev/random to > securerandom.source=file:/dev/urandom > > > [1] https://issues.apache.org/jira/browse/NIFI-3313 > [2] > https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html > [3] http://www.2uo.de/myths-about-urandom/ > > Andy LoPresto > alopre...@apache.org > *alopresto.apa...@gmail.com <alopresto.apa...@gmail.com>* > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > On Feb 15, 2017, at 1:29 AM, Arnaud G <greatpat...@gmail.com> wrote: > > Hi guys! > > I'm trying to play with nifi (1.1.1) in a docker image. I tried different > configuration (cluster, single node, secured, etc.), however whatever I > try, Nifi takes forever to start (like 30-45 minutes). This not related to > data as I observe this behavior even when I instantiate the docker image > for the first time. > > In the log it stops here: > > nifi-bootstrap.log > 2017-02-14 08:52:34,624 INFO [NiFi Bootstrap Command Listener] > org.apache.nifi.bootstrap.RunNiFi Apache NiFi now running and listening for > Bootstrap requests on port 46553 > > nifi-app.log > 2017-02-14 08:53:11,225 INFO [main] > o.a.nifi.properties.NiFiPropertiesLoader Loaded 121 properties from > /opt/nifi/./conf/nifi.properties > > and then wait for boostraping (if I set up debug log level) > > Any idea what may cause this? > > Thanks in advance! > > AG > > > > > > > >
