Increase entropy in openQA?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Increase entropy in openQA?

Shyukri Shyukriev
Cross-posting to Factory...

Hello All,
I'm struggling with testing OBS Appliances (
https://openqa.opensuse.org/group_overview/17 ) which uses gpg keygen
during setup.
Checking the appliance started with openQA QEMU_VIRTIO_RNG=1 options shows:

cat /proc/sys/kernel/random/entropy_avail
16

while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37


Googling about the topic suggests using dev/urandom, but it's not secure
enough...

http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6

Any ideas?

serial0 log https://openqa.opensuse.org/tests/196141/file/serial0.txt

Best regards
--
Shyukri Shyukriev
http://susestudio.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
Graham Norton, HRB 21284 (AG Nürnberg)
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Josef Reidinger-3
On Thu, 19 May 2016 15:12:57 +0300
Shyukri Shyukriev <[hidden email]> wrote:

> Cross-posting to Factory...
>
> Hello All,
> I'm struggling with testing OBS Appliances (
> https://openqa.opensuse.org/group_overview/17 ) which uses gpg keygen
> during setup.
> Checking the appliance started with openQA QEMU_VIRTIO_RNG=1 options
> shows:
>
> cat /proc/sys/kernel/random/entropy_avail
> 16
>
> while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
>
>
> Googling about the topic suggests using dev/urandom, but it's not
> secure enough...
>
> http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
> http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6
>
> Any ideas?
>
> serial0 log https://openqa.opensuse.org/tests/196141/file/serial0.txt
>
> Best regards

Hi Shyukri,
in installation when we need good enough pool of entropy we use haveged
service - http://www.issihosts.com/haveged/

Josef
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Shyukri Shyukriev
On 5/19/16 3:41 PM, Josef Reidinger wrote:

> On Thu, 19 May 2016 15:12:57 +0300
> Shyukri Shyukriev <[hidden email]> wrote:
>
>> Cross-posting to Factory...
>>
>> Hello All,
>> I'm struggling with testing OBS Appliances (
>> https://openqa.opensuse.org/group_overview/17 ) which uses gpg keygen
>> during setup.
>> Checking the appliance started with openQA QEMU_VIRTIO_RNG=1 options
>> shows:
>>
>> cat /proc/sys/kernel/random/entropy_avail
>> 16
>>
>> while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
>>
>>
>> Googling about the topic suggests using dev/urandom, but it's not
>> secure enough...
>>
>> http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
>> http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6
>>
>> Any ideas?
>>
>> serial0 log https://openqa.opensuse.org/tests/196141/file/serial0.txt
>>
>> Best regards
>
> Hi Shyukri,
> in installation when we need good enough pool of entropy we use haveged
> service - http://www.issihosts.com/haveged/
>
> Josef
>

Log shows that it starts and then stops quickly.
Is it normal?

[   27.093445] systemd[1]: Starting Entropy Daemon based on the HAVEGE
algorithm...
          Starting Entropy Daemon based on the HAVEGE algorithm...
[  OK  ] Started Entropy Daemon based on the HAVEGE algorithm.
[   27.105412] systemd[1]: Started Entropy Daemon based on the HAVEGE
algorithm.

.....
[   27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE
algorithm.
--
Shyukri Shyukriev
http://susestudio.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Dilip Upmanyu,
Graham Norton, HRB 21284 (AG Nürnberg)
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Josef Reidinger-3
On Thu, 19 May 2016 16:45:44 +0300
Shyukri Shyukriev <[hidden email]> wrote:

> On 5/19/16 3:41 PM, Josef Reidinger wrote:
> > On Thu, 19 May 2016 15:12:57 +0300
> > Shyukri Shyukriev <[hidden email]> wrote:
> >  
> >> Cross-posting to Factory...
> >>
> >> Hello All,
> >> I'm struggling with testing OBS Appliances (
> >> https://openqa.opensuse.org/group_overview/17 ) which uses gpg
> >> keygen during setup.
> >> Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
> >> options shows:
> >>
> >> cat /proc/sys/kernel/random/entropy_avail
> >> 16
> >>
> >> while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
> >>
> >>
> >> Googling about the topic suggests using dev/urandom, but it's not
> >> secure enough...
> >>
> >> http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
> >> http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6
> >>
> >> Any ideas?
> >>
> >> serial0 log
> >> https://openqa.opensuse.org/tests/196141/file/serial0.txt
> >>
> >> Best regards  
> >
> > Hi Shyukri,
> > in installation when we need good enough pool of entropy we use
> > haveged service - http://www.issihosts.com/haveged/
> >
> > Josef
> >  
>
> Log shows that it starts and then stops quickly.
> Is it normal?
>
> [   27.093445] systemd[1]: Starting Entropy Daemon based on the
> HAVEGE algorithm...
>           Starting Entropy Daemon based on the HAVEGE algorithm...
> [  OK  ] Started Entropy Daemon based on the HAVEGE
> algorithm. [   27.105412] systemd[1]: Started Entropy Daemon based on
> the HAVEGE algorithm.
>
> .....
> [   27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE
> algorithm.

It looks strange for me. I see that yast only stops haveged after
unmounting disks, which should not be your case. So maybe check logs
who stops it. As enabled haveged can really help you.

Josef
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Dinar Valeev
On Thu, May 19, 2016 at 4:51 PM, Josef Reidinger <[hidden email]> wrote:

> On Thu, 19 May 2016 16:45:44 +0300
> Shyukri Shyukriev <[hidden email]> wrote:
>
>> On 5/19/16 3:41 PM, Josef Reidinger wrote:
>> > On Thu, 19 May 2016 15:12:57 +0300
>> > Shyukri Shyukriev <[hidden email]> wrote:
>> >
>> >> Cross-posting to Factory...
>> >>
>> >> Hello All,
>> >> I'm struggling with testing OBS Appliances (
>> >> https://openqa.opensuse.org/group_overview/17 ) which uses gpg
>> >> keygen during setup.
>> >> Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
>> >> options shows:
>> >>
>> >> cat /proc/sys/kernel/random/entropy_avail
>> >> 16
>> >>
>> >> while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
>> >>
>> >>
>> >> Googling about the topic suggests using dev/urandom, but it's not
>> >> secure enough...
>> >>
>> >> http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
>> >> http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6
>> >>
>> >> Any ideas?
>> >>
>> >> serial0 log
>> >> https://openqa.opensuse.org/tests/196141/file/serial0.txt
>> >>
>> >> Best regards
>> >
>> > Hi Shyukri,
>> > in installation when we need good enough pool of entropy we use
>> > haveged service - http://www.issihosts.com/haveged/
>> >
>> > Josef
>> >
>>
>> Log shows that it starts and then stops quickly.
>> Is it normal?
>>
>> [   27.093445] systemd[1]: Starting Entropy Daemon based on the
>> HAVEGE algorithm...
>>           Starting Entropy Daemon based on the HAVEGE algorithm...
>> [ [32m  OK   [0m] Started Entropy Daemon based on the HAVEGE
>> algorithm. [   27.105412] systemd[1]: Started Entropy Daemon based on
>> the HAVEGE algorithm.
>>
>> .....
>> [   27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE
>> algorithm.
>
> It looks strange for me. I see that yast only stops haveged after
> unmounting disks, which should not be your case. So maybe check logs
> who stops it. As enabled haveged can really help you.
This is how it is done in OBS
https://github.com/openSUSE/obs-build/commit/919a83ff3c46ebb33d2b8a9ddcec78ad8024c7fb

I guess openQA doesn't define -object rng-random,filename=$rng_dev,id=rng0
>
> Josef
> --
> To unsubscribe, e-mail: [hidden email]
> To contact the owner, e-mail: [hidden email]
>
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Richard Brown
In reply to this post by Josef Reidinger-3
On 19 May 2016 at 16:51, Josef Reidinger <[hidden email]> wrote:

> On Thu, 19 May 2016 16:45:44 +0300
> Shyukri Shyukriev <[hidden email]> wrote:
>
>> On 5/19/16 3:41 PM, Josef Reidinger wrote:
>> > On Thu, 19 May 2016 15:12:57 +0300
>> > Shyukri Shyukriev <[hidden email]> wrote:
>> >
>> >> Cross-posting to Factory...
>> >>
>> >> Hello All,
>> >> I'm struggling with testing OBS Appliances (
>> >> https://openqa.opensuse.org/group_overview/17 ) which uses gpg
>> >> keygen during setup.
>> >> Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
>> >> options shows:
>> >>
>> >> cat /proc/sys/kernel/random/entropy_avail
>> >> 16
>> >>
>> >> while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
>> >>
>> >>
>> >> Googling about the topic suggests using dev/urandom, but it's not
>> >> secure enough...
>> >>
>> >> http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
>> >> http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6
>> >>
>> >> Any ideas?
>> >>
>> >> serial0 log
>> >> https://openqa.opensuse.org/tests/196141/file/serial0.txt
>> >>
>> >> Best regards
>> >
>> > Hi Shyukri,
>> > in installation when we need good enough pool of entropy we use
>> > haveged service - http://www.issihosts.com/haveged/
>> >
>> > Josef
>> >
>>
>> Log shows that it starts and then stops quickly.
>> Is it normal?
>>
>> [   27.093445] systemd[1]: Starting Entropy Daemon based on the
>> HAVEGE algorithm...
>>           Starting Entropy Daemon based on the HAVEGE algorithm...
>> [ [32m  OK   [0m] Started Entropy Daemon based on the HAVEGE
>> algorithm. [   27.105412] systemd[1]: Started Entropy Daemon based on
>> the HAVEGE algorithm.
>>
>> .....
>> [   27.355541] systemd[1]: Stopped Entropy Daemon based on the HAVEGE
>> algorithm.
>
> It looks strange for me. I see that yast only stops haveged after
> unmounting disks, which should not be your case. So maybe check logs
> who stops it. As enabled haveged can really help you.
>
> Josef


Josef, haveged during the install not seem to be working at all - I
reported a similar issue in SLE 12 SP1 which is still unresolved

https://bugzilla.suse.com/show_bug.cgi?id=955141

Regards,

Richard
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Josef Reidinger-3
On Thu, 19 May 2016 17:37:49 +0200
Richard Brown <[hidden email]> wrote:

> On 19 May 2016 at 16:51, Josef Reidinger <[hidden email]> wrote:
> > On Thu, 19 May 2016 16:45:44 +0300
> > Shyukri Shyukriev <[hidden email]> wrote:
> >  
> >> On 5/19/16 3:41 PM, Josef Reidinger wrote:  
> >> > On Thu, 19 May 2016 15:12:57 +0300
> >> > Shyukri Shyukriev <[hidden email]> wrote:
> >> >  
> >> >> Cross-posting to Factory...
> >> >>
> >> >> Hello All,
> >> >> I'm struggling with testing OBS Appliances (
> >> >> https://openqa.opensuse.org/group_overview/17 ) which uses gpg
> >> >> keygen during setup.
> >> >> Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
> >> >> options shows:
> >> >>
> >> >> cat /proc/sys/kernel/random/entropy_avail
> >> >> 16
> >> >>
> >> >> while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
> >> >>
> >> >>
> >> >> Googling about the topic suggests using dev/urandom, but it's
> >> >> not secure enough...
> >> >>
> >> >> http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
> >> >> http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6
> >> >>
> >> >> Any ideas?
> >> >>
> >> >> serial0 log
> >> >> https://openqa.opensuse.org/tests/196141/file/serial0.txt
> >> >>
> >> >> Best regards  
> >> >
> >> > Hi Shyukri,
> >> > in installation when we need good enough pool of entropy we use
> >> > haveged service - http://www.issihosts.com/haveged/
> >> >
> >> > Josef
> >> >  
> >>
> >> Log shows that it starts and then stops quickly.
> >> Is it normal?
> >>
> >> [   27.093445] systemd[1]: Starting Entropy Daemon based on the
> >> HAVEGE algorithm...
> >>           Starting Entropy Daemon based on the HAVEGE algorithm...
> >> [ [32m  OK   [0m] Started Entropy Daemon based on the HAVEGE
> >> algorithm. [   27.105412] systemd[1]: Started Entropy Daemon based
> >> on the HAVEGE algorithm.
> >>
> >> .....
> >> [   27.355541] systemd[1]: Stopped Entropy Daemon based on the
> >> HAVEGE algorithm.  
> >
> > It looks strange for me. I see that yast only stops haveged after
> > unmounting disks, which should not be your case. So maybe check logs
> > who stops it. As enabled haveged can really help you.
> >
> > Josef  
>
>
> Josef, haveged during the install not seem to be working at all - I
> reported a similar issue in SLE 12 SP1 which is still unresolved
>
> https://bugzilla.suse.com/show_bug.cgi?id=955141
>
> Regards,
>
> Richard

Ah, I am not aware of it. Basically YaST installation expect that
haveged is run by default ( in past it is started by yast itself, but
then it was changed, so yast no longer start it itself ).

Josef
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Shyukri Shyukriev


On 05/19/2016 06:43 PM, Josef Reidinger wrote:
On Thu, 19 May 2016 17:37:49 +0200
Richard Brown [hidden email] wrote:

On 19 May 2016 at 16:51, Josef Reidinger [hidden email] wrote:
On Thu, 19 May 2016 16:45:44 +0300
Shyukri Shyukriev [hidden email] wrote:
 
On 5/19/16 3:41 PM, Josef Reidinger wrote:  
On Thu, 19 May 2016 15:12:57 +0300
Shyukri Shyukriev [hidden email] wrote:
 
Cross-posting to Factory...

Hello All,
I'm struggling with testing OBS Appliances (
https://openqa.opensuse.org/group_overview/17 ) which uses gpg
keygen during setup.
Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
options shows:

cat /proc/sys/kernel/random/entropy_avail
16

while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37


Googling about the topic suggests using dev/urandom, but it's
not secure enough...

http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6

Any ideas?

serial0 log
https://openqa.opensuse.org/tests/196141/file/serial0.txt

Best regards  
Hi Shyukri,
in installation when we need good enough pool of entropy we use
haveged service - http://www.issihosts.com/haveged/

Josef
 
Log shows that it starts and then stops quickly.
Is it normal?

[   27.093445] systemd[1]: Starting Entropy Daemon based on the
HAVEGE algorithm...
          Starting Entropy Daemon based on the HAVEGE algorithm...
[ [32m  OK   [0m] Started Entropy Daemon based on the HAVEGE
algorithm. [   27.105412] systemd[1]: Started Entropy Daemon based
on the HAVEGE algorithm.

.....
[   27.355541] systemd[1]: Stopped Entropy Daemon based on the
HAVEGE algorithm.  
It looks strange for me. I see that yast only stops haveged after
unmounting disks, which should not be your case. So maybe check logs
who stops it. As enabled haveged can really help you.

Josef  

Josef, haveged during the install not seem to be working at all - I
reported a similar issue in SLE 12 SP1 which is still unresolved

https://bugzilla.suse.com/show_bug.cgi?id=955141

Regards,

Richard
Ah, I am not aware of it. Basically YaST installation expect that
haveged is run by default ( in past it is started by yast itself, but
then it was changed, so yast no longer start it itself ).

Josef

Some more debugging: http://paste.opensuse.org/30909917

cat /proc/sys/kernel/random/entropy_avail
63

May 19 18:38:34 linux rngd[7566]: read error
May 19 18:38:34 linux rngd[7566]: No entropy sources working, exiting rngd
...............
May 19 18:38:50 linux obsstoragesetup[8043]: gpg: Generating a default OBS instance key
May 19 18:43:49 linux systemd[1]: obsstoragesetup.service start operation timed out. Terminating.

If i boot the qcow2 image directly on qemu-kvm gpg keygen is blazing fast:

May 19 17:25:00 obs-server obsstoragesetup[8145]: Generating OBS default GPG key ....gpg: keyring `/srv/obs/gnupg/secring.
May 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: keyring `/srv/obs/gnupg/pubring.gpg' created
May 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: Generating a default OBS instance key
May 19 17:25:00 obs-server obsstoragesetup[8145]: gpg: done
May 19 17:25:00 obs-server obsstoragesetup[8145]: done

obs-server:~ # cat /proc/sys/kernel/random/entropy_avail
3727

obs-server:~ # journalctl | grep "rngd"
May 19 17:24:44 linux systemd[1]: Starting Start the rngd daemon...
May 19 17:24:44 linux rngd[7610]: read error
May 19 17:24:44 linux rngd[7610]: read error
May 19 17:24:44 linux systemd[1]: Started Start the rngd daemon.

-- 
Shyukri Shyukriev
http://susestudio.com
Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Cristian Rodríguez-2
On Thu, May 19, 2016 at 3:11 PM, Shyukri Shyukriev <[hidden email]> wrote:

> obs-server:~ # journalctl | grep "rngd"
> May 19 17:24:44 linux systemd[1]: Starting Start the rngd daemon...
> May 19 17:24:44 linux rngd[7610]: read error
> May 19 17:24:44 linux rngd[7610]: read error
> May 19 17:24:44 linux systemd[1]: Started Start the rngd daemon.


I saw this one too but I am not sure it is the same kernel problem ..
a /dev/hrwng device is registered even though there is no possible way
for it to work.. /sys/devices/virtual/misc/hw_random
rng_available is empty and/or /sys/devices/virtual/misc/hw_random
rng_current is none. either there is no driver for the device or none
is bound to it.. yet it shows up in the fileystem.
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Increase entropy in openQA?

Richard Brown
In reply to this post by Josef Reidinger-3
On 19 May 2016 at 17:43, Josef Reidinger <[hidden email]> wrote:

> On Thu, 19 May 2016 17:37:49 +0200
> Richard Brown <[hidden email]> wrote:
>
>> On 19 May 2016 at 16:51, Josef Reidinger <[hidden email]> wrote:
>> > On Thu, 19 May 2016 16:45:44 +0300
>> > Shyukri Shyukriev <[hidden email]> wrote:
>> >
>> >> On 5/19/16 3:41 PM, Josef Reidinger wrote:
>> >> > On Thu, 19 May 2016 15:12:57 +0300
>> >> > Shyukri Shyukriev <[hidden email]> wrote:
>> >> >
>> >> >> Cross-posting to Factory...
>> >> >>
>> >> >> Hello All,
>> >> >> I'm struggling with testing OBS Appliances (
>> >> >> https://openqa.opensuse.org/group_overview/17 ) which uses gpg
>> >> >> keygen during setup.
>> >> >> Checking the appliance started with openQA QEMU_VIRTIO_RNG=1
>> >> >> options shows:
>> >> >>
>> >> >> cat /proc/sys/kernel/random/entropy_avail
>> >> >> 16
>> >> >>
>> >> >> while on o.o.o w/o QEMU_VIRTION_RNG entropy_avail is ~37
>> >> >>
>> >> >>
>> >> >> Googling about the topic suggests using dev/urandom, but it's
>> >> >> not secure enough...
>> >> >>
>> >> >> http://linux-audit.com/gpg-key-generation-not-enough-random-bytes-available/
>> >> >> http://serverfault.com/questions/471412/gpg-gen-key-hangs-at-gaining-enough-entropy-on-centos-6
>> >> >>
>> >> >> Any ideas?
>> >> >>
>> >> >> serial0 log
>> >> >> https://openqa.opensuse.org/tests/196141/file/serial0.txt
>> >> >>
>> >> >> Best regards
>> >> >
>> >> > Hi Shyukri,
>> >> > in installation when we need good enough pool of entropy we use
>> >> > haveged service - http://www.issihosts.com/haveged/
>> >> >
>> >> > Josef
>> >> >
>> >>
>> >> Log shows that it starts and then stops quickly.
>> >> Is it normal?
>> >>
>> >> [   27.093445] systemd[1]: Starting Entropy Daemon based on the
>> >> HAVEGE algorithm...
>> >>           Starting Entropy Daemon based on the HAVEGE algorithm...
>> >> [ [32m  OK   [0m] Started Entropy Daemon based on the HAVEGE
>> >> algorithm. [   27.105412] systemd[1]: Started Entropy Daemon based
>> >> on the HAVEGE algorithm.
>> >>
>> >> .....
>> >> [   27.355541] systemd[1]: Stopped Entropy Daemon based on the
>> >> HAVEGE algorithm.
>> >
>> > It looks strange for me. I see that yast only stops haveged after
>> > unmounting disks, which should not be your case. So maybe check logs
>> > who stops it. As enabled haveged can really help you.
>> >
>> > Josef
>>
>>
>> Josef, haveged during the install not seem to be working at all - I
>> reported a similar issue in SLE 12 SP1 which is still unresolved
>>
>> https://bugzilla.suse.com/show_bug.cgi?id=955141
>>
>> Regards,
>>
>> Richard
>
> Ah, I am not aware of it. Basically YaST installation expect that
> haveged is run by default ( in past it is started by yast itself, but
> then it was changed, so yast no longer start it itself ).
>
> Josef

Yeah I'm still waiting for an indication from someone knowledgeable
and authoritative to decide what the intended/acceptable behaviour is.

If YaST's current behaviour is correct (it's understandable, on that I
totally agree) and nothing else is going to take over it's old role of
starting haveged, then I expect to see documentation for users on how
to start haveged as part of their installation when the entropy is
needed.

Then I'll be quite comfortable helping shyurki and others by having
openQA automatically do that as part of it's testing.

But right now I feel this is stuck in a bit of limbo, and I do not
want to put workarounds for it in openQA which could ultimately mask
the problem until it's too late and users are putting this out in the
real world and finding they don't have sufficient entropy to install
*SUSE in certain circumstances.

Who do you think would be a good idea to poke about this? Marcus Meissner?
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]