On 05/19/2016 06:43 PM, Josef Reidinger wrote:

On Thu, 19 May 2016 17:37:49 +0200
Richard Brown <RBrownCCB@opensuse.org> wrote:

On 19 May 2016 at 16:51, Josef Reidinger <jreidinger@suse.cz> wrote:

On Thu, 19 May 2016 16:45:44 +0300
Shyukri Shyukriev <shshyukriev@suse.com> wrote:

On 5/19/16 3:41 PM, Josef Reidinger wrote:

On Thu, 19 May 2016 15:12:57 +0300
Shyukri Shyukriev <shshyukriev@suse.com> wrote:

Cross-posting to Factory...

Hello All,
I'm struggling with testing OBS Appliances (
https://openqa.opensuse.org/group_overview/17 ) which uses gpg
keygen during setup.
Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
options shows:

cat /proc/sys/kernel/random/entropy_avail
16

while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37


Googling about the topic suggests using dev/urandom, but it's
not secure enough...

http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6

Any ideas?

serial0 log
https://openqa.opensuse.org/tests/196141/file/serial0.txt

Best regards

Hi Shyukri,
in installation when we need good enough pool of entropy we use
haveged service - http://www.issihosts.com/haveged/

Josef

Log shows that it starts and then stops quickly.
Is it normal?

[   27.093445] systemd[1]: Starting Entropy Daemon based on the
HAVEGE algorithm...
          Starting Entropy Daemon based on the HAVEGE algorithm...
[ [32m  OK   [0m] Started Entropy Daemon based on the HAVEGE
algorithm. [   27.105412] systemd[1]: Started Entropy Daemon based
on the HAVEGE algorithm.

.....
[   27.355541] systemd[1]: Stopped Entropy Daemon based on the
HAVEGE algorithm.

It looks strange for me. I see that yast only stops haveged after
unmounting disks, which should not be your case. So maybe check logs
who stops it. As enabled haveged can really help you.

Josef


Josef, haveged during the install not seem to be working at all - I
reported a similar issue in SLE 12 SP1 which is still unresolved

https://bugzilla.suse.com/show_bug.cgi?id=955141

Regards,

Richard

Ah, I am not aware of it. Basically YaST installation expect that
haveged is run by default ( in past it is started by yast itself, but
then it was changed, so yast no longer start it itself ).

Josef

Some more debugging: http://paste.opensuse.org/30909917

cat /proc/sys/kernel/random/entropy_avail

May 19 18:38:34 linux rngd[7566]: read error

May 19 18:38:34 linux rngd[7566]: No entropy sources working, exiting rngd

...............
May 19 18:38:50 linux obsstoragesetup[8043]: gpg: Generating a default OBS instance key

May 19 18:43:49 linux systemd[1]: obsstoragesetup.service start operation timed out. Terminating.

If i boot the qcow2 image directly on qemu-kvm gpg keygen is blazing fast:

May 19 17:25:00 obs-server obsstoragesetup[8145]: Generating OBS default GPG key ....gpg: keyring `/srv/obs/gnupg/secring.May 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: keyring `/srv/obs/gnupg/pubring.gpg' createdMay 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: Generating a default OBS instance keyMay 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: doneMay 19 17:25:00 obs-server obsstoragesetup[8145]: doneobs-server:~ # cat /proc/sys/kernel/random/entropy_avail 3727 obs-server:~ # journalctl | grep "rngd" May 19 17:24:44 linux systemd[1]: Starting Start the rngd daemon... May 19 17:24:44 linux rngd[7610]: read error May 19 17:24:44 linux rngd[7610]: read error May 19 17:24:44 linux systemd[1]: Started Start the rngd daemon.

-- 
Shyukri Shyukriev
http://susestudio.com