Mailinglist Archive: opensuse-factory (498 mails)

< Previous Next >
Re: [opensuse-factory] Increase entropy in openQA?
On Thu, May 19, 2016 at 4:51 PM, Josef Reidinger <jreidinger@xxxxxxx> wrote:
On Thu, 19 May 2016 16:45:44 +0300
Shyukri Shyukriev <shshyukriev@xxxxxxxx> wrote:

On 5/19/16 3:41 PM, Josef Reidinger wrote:
On Thu, 19 May 2016 15:12:57 +0300
Shyukri Shyukriev <shshyukriev@xxxxxxxx> wrote:

Cross-posting to Factory...

Hello All,
I'm struggling with testing OBS Appliances (
https://openqa.opensuse.org/group_overview/17 ) which uses gpg
keygen during setup.
Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
options shows:

cat /proc/sys/kernel/random/entropy_avail
16

while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37


Googling about the topic suggests using dev/urandom, but it's not
secure enough...

http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6

Any ideas?

serial0 log
https://openqa.opensuse.org/tests/196141/file/serial0.txt

Best regards

Hi Shyukri,
in installation when we need good enough pool of entropy we use
haveged service - http://www.issihosts.com/haveged/

Josef


Log shows that it starts and then stops quickly.
Is it normal?

[ 27.093445] systemd[1]: Starting Entropy Daemon based on the
HAVEGE algorithm...
Starting Entropy Daemon based on the HAVEGE algorithm...
[ [32m OK [0m] Started Entropy Daemon based on the HAVEGE
algorithm. [ 27.105412] systemd[1]: Started Entropy Daemon based on
the HAVEGE algorithm.

.....
[ 27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE
algorithm.

It looks strange for me. I see that yast only stops haveged after
unmounting disks, which should not be your case. So maybe check logs
who stops it. As enabled haveged can really help you.
This is how it is done in OBS
https://github.com/openSUSE/obs-build/commit/919a83ff3c46ebb33d2b8a9ddcec78ad8024c7fb

I guess openQA doesn't define -object rng-random,filename=$rng_dev,id=rng0

Josef
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >