On 05/19/2016 06:43 PM, Josef Reidinger wrote:
On Thu, 19 May 2016 17:37:49 +0200 Richard Brown
wrote: On 19 May 2016 at 16:51, Josef Reidinger
wrote: On Thu, 19 May 2016 16:45:44 +0300 Shyukri Shyukriev
wrote: On 5/19/16 3:41 PM, Josef Reidinger wrote:
On Thu, 19 May 2016 15:12:57 +0300 Shyukri Shyukriev
wrote: Cross-posting to Factory...
Hello All, I'm struggling with testing OBS Appliances ( https://openqa.opensuse.org/group_overview/17 ) which uses gpg keygen during setup. Checking the appliance started with openQA QEMU_VIRTIO_RNG=1 options shows:
cat /proc/sys/kernel/random/entropy_avail 16
while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
Googling about the topic suggests using dev/urandom, but it's not secure enough...
http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/ http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-...
Any ideas?
serial0 log https://openqa.opensuse.org/tests/196141/file/serial0.txt
Best regards Hi Shyukri, in installation when we need good enough pool of entropy we use haveged service - http://www.issihosts.com/haveged/
Josef
Log shows that it starts and then stops quickly. Is it normal?
[ 27.093445] systemd[1]: Starting Entropy Daemon based on the HAVEGE algorithm... Starting Entropy Daemon based on the HAVEGE algorithm... [ [32m OK [0m] Started Entropy Daemon based on the HAVEGE algorithm. [ 27.105412] systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm.
..... [ 27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE algorithm. It looks strange for me. I see that yast only stops haveged after unmounting disks, which should not be your case. So maybe check logs who stops it. As enabled haveged can really help you.
Josef
Josef, haveged during the install not seem to be working at all - I reported a similar issue in SLE 12 SP1 which is still unresolved
https://bugzilla.suse.com/show_bug.cgi?id=955141
Regards,
Richard Ah, I am not aware of it. Basically YaST installation expect that haveged is run by default ( in past it is started by yast itself, but then it was changed, so yast no longer start it itself ).
Josef
Some more debugging: http://paste.opensuse.org/30909917 cat /proc/sys/kernel/random/entropy_avail 63 May 19 18:38:34 linux rngd[7566]: read error May 19 18:38:34 linux rngd[7566]: No entropy sources working, exiting rngd ............... May 19 18:38:50 linux obsstoragesetup[8043]: gpg: Generating a default OBS instance key May 19 18:43:49 linux systemd[1]: obsstoragesetup.service start operation timed out. Terminating. If i boot the qcow2 image directly on qemu-kvm gpg keygen is blazing fast: May 19 17:25:00 obs-server obsstoragesetup[8145]: Generating OBS default GPG key ....gpg: keyring `/srv/obs/gnupg/secring. May 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: keyring `/srv/obs/gnupg/pubring.gpg' created May 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: Generating a default OBS instance key May 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: done May 19 17:25:00 obs-server obsstoragesetup[8145]: done obs-server:~ # cat /proc/sys/kernel/random/entropy_avail 3727 obs-server:~ # journalctl | grep "rngd" May 19 17:24:44 linux systemd[1]: Starting Start the rngd daemon... May 19 17:24:44 linux rngd[7610]: read error May 19 17:24:44 linux rngd[7610]: read error May 19 17:24:44 linux systemd[1]: Started Start the rngd daemon. -- Shyukri Shyukriev http://susestudio.com