Mailinglist Archive: opensuse-factory (498 mails)

< Previous Next >
Re: [opensuse-factory] Increase entropy in openQA?
On Thu, 19 May 2016 17:37:49 +0200
Richard Brown <RBrownCCB@xxxxxxxxxxxx> wrote:

On 19 May 2016 at 16:51, Josef Reidinger <jreidinger@xxxxxxx> wrote:
On Thu, 19 May 2016 16:45:44 +0300
Shyukri Shyukriev <shshyukriev@xxxxxxxx> wrote:

On 5/19/16 3:41 PM, Josef Reidinger wrote:
On Thu, 19 May 2016 15:12:57 +0300
Shyukri Shyukriev <shshyukriev@xxxxxxxx> wrote:

Cross-posting to Factory...

Hello All,
I'm struggling with testing OBS Appliances (
https://openqa.opensuse.org/group_overview/17 ) which uses gpg
keygen during setup.
Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
options shows:

cat /proc/sys/kernel/random/entropy_avail
16

while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37


Googling about the topic suggests using dev/urandom, but it's
not secure enough...

http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6

Any ideas?

serial0 log
https://openqa.opensuse.org/tests/196141/file/serial0.txt

Best regards

Hi Shyukri,
in installation when we need good enough pool of entropy we use
haveged service - http://www.issihosts.com/haveged/

Josef


Log shows that it starts and then stops quickly.
Is it normal?

[ 27.093445] systemd[1]: Starting Entropy Daemon based on the
HAVEGE algorithm...
Starting Entropy Daemon based on the HAVEGE algorithm...
[ [32m OK [0m] Started Entropy Daemon based on the HAVEGE
algorithm. [ 27.105412] systemd[1]: Started Entropy Daemon based
on the HAVEGE algorithm.

.....
[ 27.355541] systemd[1]: Stopped Entropy Daemon based on the
HAVEGE algorithm.

It looks strange for me. I see that yast only stops haveged after
unmounting disks, which should not be your case. So maybe check logs
who stops it. As enabled haveged can really help you.

Josef


Josef, haveged during the install not seem to be working at all - I
reported a similar issue in SLE 12 SP1 which is still unresolved

https://bugzilla.suse.com/show_bug.cgi?id=955141

Regards,

Richard

Ah, I am not aware of it. Basically YaST installation expect that
haveged is run by default ( in past it is started by yast itself, but
then it was changed, so yast no longer start it itself ).

Josef
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >