[Freeipa-devel] running out of entropy during ipa-server-install
Martin Kosek
mkosek at redhat.com
Wed May 28 11:38:05 UTC 2014
On 05/28/2014 12:08 PM, Petr Viktorin wrote:
> On 05/28/2014 09:06 AM, Fraser Tweedale wrote:
>> Hi all,
>>
>> Today I hit the "WARNING: Your system is running out of entropy, you
>> may experience long delays" message while testing Ade's
>> ipa-server-install changes.
>>
>> I got a lot more entropy a lot faster by installing haveged(8), and
>> I blogged about it here:
>> http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/
>>
>> Do you think it would be worthwhile to update the above warning
>> message to additionally suggest installing haveged(8) or pointing to
>> other help on remediating a low-entropy system?
>>
>> Cheers,
>>
>> Fraser
>
> Hello,
> haveged is not the only solution. As you note there's also rngd; and with
> modern virtualization systems VMs can get entropy from the host. If we suggest
> a concrete solution we should be reasonably sure it's the best one.
> AFAK, for RHEL/CentOS haveged is only in EPEL, we probably don't want to
> suggest it there.
>
I think the key point here is that FreeIPA announces that the entropy is low
thus giving the administrator an option to do his homework on "how to increase
entropy on my system" - for example by reading Fraser's blog :-)
I also do not think that FreeIPA should give any more recommendations on top of
that.
Thanks,
Martin
More information about the Freeipa-devel
mailing list