WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Low /proc/sys/kernel/random/entropy_avail on domU

To: "cornet@xxxxxxxxxx" <cornet@xxxxxxxxxx>
Subject: Re: [Xen-users] Low /proc/sys/kernel/random/entropy_avail on domU
From: Robert Welz <welz@xxxxxxxxxxxx>
Date: Thu, 05 Oct 2006 17:56:32 +0200
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 05 Oct 2006 08:57:25 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <438F2F51.6090109@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <438F2F51.6090109@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.7 (X11/20060927)
Hi!

Please excuse me, but did you solve the problem with the low entropy in
the DomUs? I run in exactly the same problem, I want to apply some
cryptographic services on each DomU but

cat /proc/sys/kernel/random/entropy_avail


gives me around 250 on the DomUs but 3500 on Dom0. And I have no
cryptographic service running yet. So I bet I run low on random numbers
when I need them.

I thought of buying an USB random number generator and mount that on one
DomU but I don't know how to feed the other domains. Maybe mounting
dev/random over nfs would work, at least locally on one machine? Or do
we have some sort of random number dispatcher in Dom0, so that having
lots of entropy there would increase the entropy on the DomUs?

Greetings,
Robert


cornet@xxxxxxxxxx schrieb:
> This problem came about when I noticed exim, on a domU, holding mail
> in its queue for days before delivering.
>
> After a bit of debugging then I found gnutls was taking ages to
> calculate its keys.
>
> So disabled TLS in exim and works fine.
>
> Then I had another xen domU doing exactly the same thing so I did some
> more digging and came up with this post:
>
> http://groups.yahoo.com/group/exim-users/message/85430
>
> sure enough
> /proc/sys/kernel/random/entropy_avail = 0
> when mail is stuck in the queue.
>
> Now I've stopped exim from using TLS again, and I don't think there is
> much else running that could be using up the entropy, but the entropy
> is still low, max I've seen it is ~300. (Compaired to 3000+ on other
> non-xen boxes).
>
> Both these servers are similar set up (although I didn't setup the 2nd
> one):
>
> Debian - Sarge as dom0 and domU.
> kernel 2.6.11.12-xen0/U
> Xen 2.0 compiled from source.
>
> So why do these boxes have low entropy, I've never seen this on
> non-xen, hence posting here.
>
> Ideas welcome.
>
> Cheers
> Nathan
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Xen-users] Low /proc/sys/kernel/random/entropy_avail on domU, Robert Welz <=