[Beowulf] /dev/random entropy on stateless/headless nodes
Peter St. John
peter.st.john at gmail.com
Fri Feb 25 19:18:48 PST 2011
Stuart,
This is a bit nuts but (considering the hardware random number generator
issue, the user's application needs, and carrying an entropy pool across
boots, as out of bound) there's something that you might try. I don't know
enough about how this (to me, new-fangled) entropy pool works, but I noted
that the file "random" is world writable, so:
peter at hattie:/dev$ ls -l random
crw-rw-rw- 1 root root 1, 8 2011-02-25 19:31 random
peter at hattie:/dev$ cat /proc/sys/kernel/random/entropy_avail
228
peter at hattie:/dev$ date --rfc-3339=ns | sed 's/.*\.//' | sed 's/-.*//' >>
random
peter at hattie:/dev$ cat /proc/sys/kernel/random/entropy_avail
173
peter at hattie:/dev$ date --rfc-3339=ns | sed 's/.*\.//' | sed 's/-.*//'
483200591
The date gives the time to nanosecond precision; the sed strips out the
leading stuff before the decimal point (hours, minutes) and the trailing
stuff (offset for timezone) leaving the number of nanoseconds since the last
second of time.
I do not know flushing this onto "random" does anything at all; in my
environment, the available pool size jiggles no matter what I do, as it's
probably using the milliseconds (or smaller) between keystrokes, so I can't
cat it without jiggling it. However, it seems harmless to try if nobody has
a better suggestion, to see if it un-nulls your flatlined entropy pool at
boot time (from a script).
Nutty huh?
Peter
On Fri, Feb 25, 2011 at 6:08 PM, Stuart Barkley <stuartb at 4gh.net> wrote:
> We have a couple of clusters with headless, diskless and stateless
> nodes using CentOS 5. One of our users just ran onto a problem with
> /dev/random blocking due to the lack of entropy.
>
> I had the user change the program to use /dev/urandom and this has
> handled the immediate problem.
>
> /proc/sys/kernel/random/entropy_avail shows 0 across the compute
> nodes even just after boot.
>
> It appears that our Ethernet and Infiniband drivers don't add any
> entropy to the random pool.
>
> hw_random/intel-rng doesn't seem to work on our systems.
>
> Some questions:
>
> Do others have this problem? What do you do?
>
> Do you just refer users to /dev/urandom?
>
> Do you modify network drivers to introduce entropy?
>
> Are there other suggested methods of adding entropy to /dev/random?
>
> Are there ways to introduce entropy from the random number generator
> on some Intel systems? Did Intel remove this from more recent chips?
>
> How reliable is /dev/urandom without initial entropy? We boot from
> stateless disk images and don't carry any entropy over from previous
> boots. /dev/urandom appears to be different across several servers
> just after boot, but I have not found any other initialization of the
> entropy pool. I haven't checked that single systems get different
> results on different boots. I'm concerned about users getting poor
> random numbers from what should be good sources.
>
> Thanks for any suggestions,
> Stuart Barkley
> --
> I've never been lost; I was once bewildered for three days, but never lost!
> -- Daniel Boone
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.beowulf.org/pipermail/beowulf/attachments/20110225/e8087fe5/attachment.html>
More information about the Beowulf
mailing list