Xen project Mailing List

Re: [Xen-users] Low /proc/sys/kernel/random/entropy_avail on domU

To: "cornet@xxxxxxxxxx" <cornet@xxxxxxxxxx>

Date: Thu, 05 Oct 2006 17:56:32 +0200

Delivery-date: Thu, 05 Oct 2006 08:57:25 -0700

List-id: Xen user discussion <xen-users.lists.xensource.com>

Hi! Please excuse me, but did you solve the problem with the low entropy in the DomUs? I run in exactly the same problem, I want to apply some cryptographic services on each DomU but cat /proc/sys/kernel/random/entropy_avail gives me around 250 on the DomUs but 3500 on Dom0. And I have no cryptographic service running yet. So I bet I run low on random numbers when I need them. I thought of buying an USB random number generator and mount that on one DomU but I don't know how to feed the other domains. Maybe mounting dev/random over nfs would work, at least locally on one machine? Or do we have some sort of random number dispatcher in Dom0, so that having lots of entropy there would increase the entropy on the DomUs? Greetings, Robert cornet@xxxxxxxxxx schrieb: > This problem came about when I noticed exim, on a domU, holding mail > in its queue for days before delivering. > > After a bit of debugging then I found gnutls was taking ages to > calculate its keys. > > So disabled TLS in exim and works fine. > > Then I had another xen domU doing exactly the same thing so I did some > more digging and came up with this post: > > http://groups.yahoo.com/group/exim-users/message/85430 > > sure enough > /proc/sys/kernel/random/entropy_avail = 0 > when mail is stuck in the queue. > > Now I've stopped exim from using TLS again, and I don't think there is > much else running that could be using up the entropy, but the entropy > is still low, max I've seen it is ~300. (Compaired to 3000+ on other > non-xen boxes). > > Both these servers are similar set up (although I didn't setup the 2nd > one): > > Debian - Sarge as dom0 and domU. > kernel 2.6.11.12-xen0/U > Xen 2.0 compiled from source. > > So why do these boxes have low entropy, I've never seen this on > non-xen, hence posting here. > > Ideas welcome. > > Cheers > Nathan > > _______________________________________________ > Xen-users mailing list > Xen-users@xxxxxxxxxxxxxxxxxxx > http://lists.xensource.com/xen-users > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.