One reason 11g applications start slow on Linux is because they run out of random numbers. Seriously. I’ll give you a command that will solve this problem and cut your startup times in half, but first I want you to know more about this issue.
What is entropy?
Think of entropy as the randomness of white noise from the natural world. Computers do not generate entropy. Rather, we count on computers to always give the same results for a given set of inputs. So entropy must be sourced from outside of a CPU.
What is /dev/random?
Rebuilding packages and starting ssl services require chunks of random data pulled from /dev/random. But /dev/random will not return a value, thereby blocking the calling process, until it has enough entropy bits to return a real random number. /dev/random is fed bits from the kernel's entropy pool, which in turn is replenished from unpredictable input events such as network, disk, keyboard and mouse activity. Servers don’t typically have mice or keyboards attached, so the entropy pool fills slowly from the other interfaces.
How do I know if /dev/random is too low?
You can monitor your available entropy pool using the following command.
watch -n 1 cat /proc/sys/kernel/random/entropy_avail
In my experience, processes are currently blocking when entropy has dropped below 100. A healthy number would be above 1000 since some processes will suddenly want hundreds of bytes of random numbers at a time.
How do I get more entropy into /dev/random?
EASY WAY:
For non-production startup of services on Linux, you can pump pseudo-random numbers from /dev/urandom into /dev/random.
rngd -r /dev/urandom -o /dev/random -t 1
It may not be a good solution for systems that require high security since /dev/urandom replenishes itself by hashing its previous contents. But that also means /dev/urandom never runs out of bits. By pumping /dev/urandom into /dev/random all processes benefit immediately from a healthy supply of random bits.
I started this command (used ‘-f’ flag to run it in foreground) and observed the entropy pool go over 3000 and my WebLogic managed server startup time drop from 3:08 down to 1:29. So, I plan to start this daemon every time I boot a non-production server.
BETTER WAY:
Get a hardware random number generator (HRNG), such as the Simtek Entropy Key for about $50. These generate real random numbers and are suitable for use on highly secure production systems.
And maybe even share that random number data source with your other systems.
http://www.vanheusden.com/entropybroker/
Research material on the hazards of /dev/urandom
“Analysis of the Linux Random Number Generator” (focus on linux-based routers)
http://www.pinkas.net/PAPERS/gpr06.pdf
Thanks for reading.
Adrian