How to make Tomcat do not use /dev/random?

[Mohamed Mohamedin <mo...@easy-dialog.info>]

Dear All,

 

I am facing a problem with tomcat which make it start very slowly. I found
while searching that Tomcat reading from /dev/random to get random numbers
may be the cause. So I am asking How to prevent that? Or if there is another
cause please tell me.

 

Thanks a lot

 

Re: How to make Tomcat do not use /dev/random?

[Juha Laiho <Ju...@iki.fi>]

Mohamed Mohamedin wrote:
> I am facing a problem with tomcat which make it start very slowly. I found
> while searching that Tomcat reading from /dev/random to get random numbers
> may be the cause. So I am asking How to prevent that? Or if there is another
> cause please tell me.

Is this just Tomcat, without any applications installed yet -- or does it
already have webapps or other add-on code installed? I'd like to know, because
this might help in classifying the problem as either concerning Tomcat or one
of the installed applications.

Also, when Tomcat is hanging, could you take a thread dump on what is running,
to show the call stack for the thread waiting for random numbers. This would
be a great help in pinpointing the actual piece of code responsible for the delay.

As for actual help, it looks like Java on Linux uses /dev/random as source of
randomness when a piece of code requires "SecureRandom" numbers. /dev/random,
by definition, will block until there is enough entropy (randomness) available
to satisfy the application requirements -- and on a lightly used machines this
may take quite a time.

The solutions are to either change the application to use regular java.util.Random
instead of java.security.SecureRandom -- or to degrade the random source provided
by Linux from /dev/random to /dev/urandom. This can be done either through
changing the java.security file provided with the Sun Java distribution
(documentation is within the file), or -which I would consider a better practice-
by setting the "less random" random source just for the JVM running Tomcat with
-Djava.security.egd=file:/dev/urandom command line parameter.

Hope this helps -- but please don't jump right to changing the random source;
try to pinpoint first where (in Tomcat code or application code) the access to
/dev/random happens.

-- 
..Juha

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to make Tomcat do not use /dev/random?

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alan,

Alan Chaney wrote:
| Problems with /dev/random relate to waiting to generate enough entropy
| after restart of the OS. Does this slow start up happen only after the
| machine has been restarted or does it happen every time Tomcat is
| started?

It is not really related to either... whenever the buffer of randomness
is exhausted, readers will block waiting for more. The keyboard tends to
be a good place (at least, on Linux systems) to get randomness so if you
have physical access to a machine, consider pounding on the keyboard a bit.

| If the latter, then it is unlikely to be associated with
| /dev/random and much more likely to
| be something like an unresolved IP address causing a network timeout.

Always a possibility.

| As Juha suggests, get a thread dump and work out exactly what the
| problem is.

Always good advice.

If the problem /does/ turn out to be /dev/random, you can change your
JVMs source of randomness by editing
$JAVA_HOME/jre/lib/security/java.security and changing the value of the
"securerandom.source" property. The aforementioned file includes in-text
documentation to help you with that. It also suggests the name of a
system property that can be used to the same effect.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkfEU8IACgkQ9CaO5/Lv0PD7iwCdEQUhIHh1uwcZQx102bmKxBnH
8XIAoLNu7exb6nQeWC3XxJ4ULvGbMdkm
=nqt4
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: How to make Tomcat do not use /dev/random?

[Alan Chaney <al...@compulsivecreative.com>]

Problems with /dev/random relate to waiting to generate enough entropy 
after restart of the OS. Does this slow start up happen only after the 
machine has been restarted or does it happen every time Tomcat is 
started? If the latter, then it is unlikely to be associated with 
/dev/random and much more likely to
be something like an unresolved IP address causing a network timeout.

As Juha suggests, get a thread dump and work out exactly what the 
problem is.


Mohamed Mohamedin wrote:
> Dear All,
> 
>  
> 
> I am facing a problem with tomcat which make it start very slowly. I found
> while searching that Tomcat reading from /dev/random to get random numbers
> may be the cause. So I am asking How to prevent that? Or if there is another
> cause please tell me.
> 
>  
> 
> Thanks a lot
> 
>  
> 
> 
> 
> !DSPAM:47b837c3258241839419991!
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org