[
https://issues.apache.org/jira/browse/SOLR-10352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768433#comment-17768433
]
Evan Lavelle commented on SOLR-10352:
-------------------------------------
Perhaps this could be re-opened?
Linux kernels 5.10+ have reduced the poolsize to 256 (it was previously 4K).
Any recent system will report this poolsize, and is likely to report an
entropy_avail of 'only' 256 bits. Ubuntu 22.04, for example, is on kernel 5.15,
and RHEL 9 is (I think) on 5.14.
So, basically, lots of systems now produce this warning, and the rest of them
soon will. A value of 256 is absolutely massive, and the current warn threshold
of 300 bits is even more so.
Additionally:
# There's some background info on random.c from Jason Donenfeld at
[https://www.zx2c4.com/projects/linux-rng-5.17-5.18/inside-linux-kernel-rng-presentation-sept-13-2022.pdf|https://www.zx2c4.com/projects/linux-rng-5.17-5.18/inside-linux-kernel-rng-presentation-sept-13-2022.pdf.]
# There's at least one question on SO about how to 'fix' this warning for Solr
([https://askubuntu.com/questions/1468241/how-to-increase-the-entropy-to-avoid-the-warning-message-available-entropy-is-l/1486873#1486873)]
# Any advice on using rng-tools/etc to increase entropy is likely to be
incorrect, but this needs some more thought
# I'm not sure what a valid warning threshold would be. Donenfeld's paper
suggests that 256 bits are always available, but I haven't looked at the
source. I've checked a Ubuntu VM and a laptop and both are reporting 256 bits,
and I don't think there's any reason to think that a VM will produce less than
256 bits, but I may be wrong
> Low entropy warning in bin/solr script
> --------------------------------------
>
> Key: SOLR-10352
> URL: https://issues.apache.org/jira/browse/SOLR-10352
> Project: Solr
> Issue Type: Improvement
> Components: SolrCLI
> Reporter: Ishan Chattopadhyaya
> Priority: Major
> Fix For: 7.0
>
> Attachments: SOLR-10352.patch
>
>
> We should add a warning in the startup script for Linux, if the output of the
> following is below a certain threshold (maybe 300?). The warning could
> indicate that features like UUIDField, SSL etc. might not work properly (or
> be slow). As a hint, we could then suggest the user to configure a non
> blocking SecureRandom (SOLR-10338) or install rng-tools, haveged etc.
> {quote}
> cat /proc/sys/kernel/random/entropy_avail
> {quote}
> Original discussion:
> https://issues.apache.org/jira/browse/SOLR-10338?focusedCommentId=15938904&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15938904
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
