[jira] [Comment Edited] (SOLR-5776) Look at speeding up using SSL with tests.
[
https://issues.apache.org/jira/browse/SOLR-5776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14080010#comment-14080010
]
Steve Rowe edited comment on SOLR-5776 at 7/30/14 11:14 PM:
bq. Steve Rowe: I have no idea what the cron-job is doing! Can somebody
explain and why this helps?
The cron job is feeding the entropy pool by writing to {{/dev/random}}, which
should unblock reads from {{/dev/random}}, assuming there is some randomness in
what gets fed in, and/or that side-effect I/O timings feed the pool.
I don't know much about this stuff, but here's some things I've read recently
about it:
* https://we.riseup.net/debian/entropy (Linux random entropy, some Debian
specifics, with a discussion of other OSs)
*
http://security.stackexchange.com/questions/42952/how-can-i-measure-and-increase-entropy-on-mac-os-x
(Q/A about OS X entropy)
* http://en.wikipedia.org/wiki/Entropy_(computing) (Brief coverage of various
OSs' handling of entropy)
* http://en.wikipedia.org/?title=/dev/random (random number generation on
various OSs)
* https://wiki.freebsd.org/201308DevSummit/Security/DevRandom (FreeBSD
/dev/random design discussion)
bq. Is there anything to change in Windows or the Linux Jenkins?
I don't know; as Hoss says above, we want to run some experiments to see if
re-enabling SSL in tests that have had trouble in the past will cause trouble
again. So we should know in short order if these need changes.
{quote}
You can log into MacOSX jenkins (if its running): ssh
jenk...@jenkins-mac.thetaphi.de (has IPv4 and IPv6 address), for the password
send me a note. You can try out whatever you want. Please note, that the
virtual machine gets reset to clean and empty state on every update, so once
you found a good cron-job, I can persist it on the VM snapshot.
{quote}
Done - I only did two things: {{sudo touch /etc/crontab}} to enable cron
(apparently on OSX cron doesn't do anything unless this file exists, and it
doesn't exist until you create it); and added a crontab for the jenkins user
via {{crontab -e}} - here's the result (via {{crontab -l}}):
{noformat}
# Stolen from FreeBSD's /etc/rc.d/initrandom to unblock /dev/random
* * * * * ( ps -faxww ; /usr/sbin/sysctl -a ; date ; df -ib ; ps -faxww ; cat
/bin/ls ) | dd of=/dev/random bs=8k 2/dev/null
{noformat}
I re-enabled SSL on {{TestCloudSchemaless}}, and I'll monitor Jenkins to see if
it starts failing.
was (Author: steve_rowe):
bq. Steve Rowe: I have no idea what the cron-job is doing! Can somebody
explain and why this helps?
The cron job is feeding the entropy pool by writing to {{/dev/random}}, which
should unblock reads from {{/dev/random}}, assuming there is some randomness in
what gets fed in, and/or that side-effect I/O timings feed the pool.
I don't much about this stuff, but here's some things I've read recently about
it:
* https://we.riseup.net/debian/entropy (Linux random entropy, some Debian
specifics, with a discussion of other OSs)
*
http://security.stackexchange.com/questions/42952/how-can-i-measure-and-increase-entropy-on-mac-os-x
(Q/A about OS X entropy)
* http://en.wikipedia.org/wiki/Entropy_(computing) (Brief coverage of various
OSs' handling of entropy)
* http://en.wikipedia.org/?title=/dev/random (random number generation on
various OSs)
* https://wiki.freebsd.org/201308DevSummit/Security/DevRandom (FreeBSD
/dev/random design discussion)
bq. Is there anything to change in Windows or the Linux Jenkins?
I don't know; as Hoss says above, we want to run some experiments to see if
re-enabling SSL in tests that have had trouble in the past will cause trouble
again. So we should know in short order if these need changes.
{quote}
You can log into MacOSX jenkins (if its running): ssh
jenk...@jenkins-mac.thetaphi.de (has IPv4 and IPv6 address), for the password
send me a note. You can try out whatever you want. Please note, that the
virtual machine gets reset to clean and empty state on every update, so once
you found a good cron-job, I can persist it on the VM snapshot.
{quote}
Done - I only did two things: {{sudo touch /etc/crontab}} to enable cron
(apparently on OSX cron doesn't do anything unless this file exists, and it
doesn't exist until you create it); and added a crontab for the jenkins user
via {{crontab -e}} - here's the result (via {{crontab -l}}):
{noformat}
# Stolen from FreeBSD's /etc/rc.d/initrandom to unblock /dev/random
* * * * * ( ps -faxww ; /usr/sbin/sysctl -a ; date ; df -ib ; ps -faxww ; cat
/bin/ls ) | dd of=/dev/random bs=8k 2/dev/null
{noformat}
I re-enabled SSL on {{TestCloudSchemaless}}, and I'll monitor Jenkins to see if
it starts failing.
Look at speeding up using SSL with tests.
-
Key: SOLR-5776
URL: https://issues.apache.org/jira/browse/SOLR-5776
Project: Solr
[jira] [Comment Edited] (SOLR-5776) Look at speeding up using SSL with tests.
[
https://issues.apache.org/jira/browse/SOLR-5776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14077207#comment-14077207
]
Steve Rowe edited comment on SOLR-5776 at 7/30/14 11:22 PM:
*edit*: prepended /sbin/ to sysctl and dmesg in the crontab, since /sbin/ isn't
in the PATH under cron
I logged into ASF FreeBSD Jenkins's lucene.zones.apache.org and ran {{sudo su -
hudson}} and {{crontab -e}} to put in place a cron job to run every minute.
Here's the result (from user hudson's {{crontab -l}}):
{noformat}
# Stolen from /etc/rc.d/initrandom to unblock /dev/random
* * * * * ( ps -fauxww; /sbin/sysctl -a; date; df -ib; /sbin/dmesg; ps -fauxww
; cat /bin/ls ) | dd of=/dev/random bs=8k 2/dev/null
{noformat}
When I time the above command, it takes about 0.2 seconds to run, so running
this every minute shouldn't overwhelm the system. Maybe it doesn't need to run
every minute, I don't know, we can try dialling it back if this works.
I'll re-enable SSL for a couple tests on trunk that previously failed regularly
on ASF FreeBSD Jenkins, to see if this change allows those to pass.
was (Author: steve_rowe):
I logged into ASF FreeBSD Jenkins's lucene.zones.apache.org and ran {{sudo su -
hudson}} and {{crontab -e}} to put in place a cron job to run every minute.
Here's the result (from user hudson's {{crontab -l}}):
{noformat}
# Stolen from /etc/rc.d/initrandom to unblock /dev/random
* * * * * ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ; cat
/bin/ls ) | dd of=/dev/random bs=8k 2/dev/null
{noformat}
When I time the above command, it takes about 0.2 seconds to run, so running
this every minute shouldn't overwhelm the system. Maybe it doesn't need to run
every minute, I don't know, we can try dialling it back if this works.
I'll re-enable SSL for a couple tests on trunk that previously failed regularly
on ASF FreeBSD Jenkins, to see if this change allows those to pass.
Look at speeding up using SSL with tests.
-
Key: SOLR-5776
URL: https://issues.apache.org/jira/browse/SOLR-5776
Project: Solr
Issue Type: Test
Reporter: Mark Miller
Assignee: Mark Miller
Fix For: 4.9, 5.0
Attachments: SOLR-5776.patch, SOLR-5776.patch
We have to disable SSL on a bunch of tests now because it appears to sometime
be ridiculously slow - especially in slow envs (I never see timeouts on my
machine).
I was talking to Robert about this, and he mentioned that there might be some
settings we could change to speed it up.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Comment Edited] (SOLR-5776) Look at speeding up using SSL with tests.
[
https://issues.apache.org/jira/browse/SOLR-5776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13973573#comment-13973573
]
Hoss Man edited comment on SOLR-5776 at 4/17/14 11:51 PM:
--
[~markrmil...@gmail.com]...
1) I don't think you need to override {{nextBytes}} with a No-Op method .. as
long as you override generateSeed we should be fine
2) there's a potential AIOOB error with your implementation of {{generateSeed}}
-- the contract says that the byte[] returned will have whatever length was
specified in the argument, so this could break spectacularly in a future
version of jetty/java
3) I'm not sure that you need {{NullSecureRandom}} at all -- if you go back to
Steve's patch, and just ensure that you call {{setSeed(new byte[]
\{'f','u'\})}} on the result of {{SecureRandom.getInstance(SHA1PRNG)}} beore
letting jetty have it, then generateSeed should never, ever be called.
*EDIT:* mid-air-collision, deleted things miller addressed in his previous
comment
was (Author: hossman):
[~markrmil...@gmail.com]...
1) I don't think you need to override {{nextBytes}} with a No-Op method .. as
long as you override generateSeed we should be fine
2) there's a potential AIOOB error with your implementation of {{generateSeed}}
-- the contract says that the byte[] returned will have whatever length was
specified in the argument, so this could break spectacularly in a future
version of jetty/java
3) I'm not sure that you need {{NullSecureRandom}} at all -- if you go back to
Steve's patch, and just ensure that you call {{setSeed(new byte[]
\{'f','u'\})}} on the result of {{SecureRandom.getInstance(SHA1PRNG)}} beore
letting jetty have it, then generateSeed should never, ever be called.
4) if we are going to use {{NullSecureRandom}} then we probably shouldn't also
add the SecureRandomAlgorithm option since it isn't used?
4) I'm fairly certain this portion of your commit was not intentional:
https://svn.apache.org/viewvc/lucene/dev/trunk/solr/test-framework/src/java/org/apache/solr/SolrTestCaseJ4.java?r1=1588388r2=1588387pathrev=1588388
Look at speeding up using SSL with tests.
-
Key: SOLR-5776
URL: https://issues.apache.org/jira/browse/SOLR-5776
Project: Solr
Issue Type: Test
Reporter: Mark Miller
Assignee: Mark Miller
Fix For: 4.9, 5.0
Attachments: SOLR-5776.patch, SOLR-5776.patch
We have to disable SSL on a bunch of tests now because it appears to sometime
be ridiculously slow - especially in slow envs (I never see timeouts on my
machine).
I was talking to Robert about this, and he mentioned that there might be some
settings we could change to speed it up.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Comment Edited] (SOLR-5776) Look at speeding up using SSL with tests.
[
https://issues.apache.org/jira/browse/SOLR-5776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13968077#comment-13968077
]
Mark Miller edited comment on SOLR-5776 at 4/14/14 4:59 AM:
Bah, it seems to be much less frequent, but it can still happen. I think the
issue is that if you don't specify the seed, it will still read from
/dev/random for that.
I had looked into a custom SecureRandom via SPI, but it's my first foray into
SPI, and while it seems relatively straightforward, I have not yet figured out
how to plug in a custom SecureRandomSPI class in tests. Even when that's done,
the impl is not so straightforward - from what I can tell, you cannot extend
the standard SecureRandom to fix this and the open jdk code is -Oracle-
{color:red}GPL{color} and the Harmony code is fairly different and would
require some hacking to get in. Otherwise we would need to come up with a clean
room impl that was still about as decent as Random.
was (Author: markrmil...@gmail.com):
Bah, it seems to be much less frequent, but it can still happen. I think the
issue is that if you don't specify the seed, it will still read from
/dev/random for that.
I had looked into a custom SecureRandom via SPI, but it's my first foray into
SPI, and while it seems relatively straightforward, I have not yet figured out
how to plug in a custom SecureRandomSPI class in tests. Even when that's done,
the impl is not so straightforward - from what I can tell, you cannot extend
the standard SecureRandom to fix this and the open jdk code is Oracle and the
Harmony code is fairly different and would require some hacking to get in.
Otherwise we would need to come up with a clean room impl that was still about
as decent as Random.
Look at speeding up using SSL with tests.
-
Key: SOLR-5776
URL: https://issues.apache.org/jira/browse/SOLR-5776
Project: Solr
Issue Type: Test
Reporter: Mark Miller
Assignee: Mark Miller
Fix For: 4.9, 5.0
Attachments: SOLR-5776.patch
We have to disable SSL on a bunch of tests now because it appears to sometime
be ridiculously slow - especially in slow envs (I never see timeouts on my
machine).
I was talking to Robert about this, and he mentioned that there might be some
settings we could change to speed it up.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Comment Edited] (SOLR-5776) Look at speeding up using SSL with tests.
[ https://issues.apache.org/jira/browse/SOLR-5776?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13913205#comment-13913205 ] Mark Miller edited comment on SOLR-5776 at 2/26/14 5:33 PM: bq. Just spawn not so many threads and jetties? To test distributed stuff with SSL, you need 2 or 3 jetties The tests that fail spawn like 1-4 jetties, so that won't help. was (Author: markrmil...@gmail.com): bq. Just spawn not so many threads and jetties? To test distributed stuff with SSL, you need 2 or 3 jetties The tests that fail spawn like 2-4 jetties, so that won't help. Look at speeding up using SSL with tests. - Key: SOLR-5776 URL: https://issues.apache.org/jira/browse/SOLR-5776 Project: Solr Issue Type: Test Reporter: Mark Miller We have to disable SSL on a bunch of tests now because it appears to sometime be ridiculously slow - especially in slow envs (I never see timeouts on my machine). I was talking to Robert about this, and he mentioned that there might be some settings we could change to speed it up. -- This message was sent by Atlassian JIRA (v6.1.5#6160) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
