Could not gather sufficient random data in /nextcloud/lib/private/Security/SecureRandom.php:81

[petrockblog]

I try to run NextCloud on my NAS. When I try to start a container with docker run wonderfall/nextcloud:11.0 I get this output:

Updating permissions...
Updating permissions in /nextcloud...
Updating permissions in /data...
Updating permissions in /config...
Updating permissions in /apps2...
Updating permissions in /etc/nginx...
Updating permissions in /etc/php7.1...
Updating permissions in /var/log...
Updating permissions in /var/lib/nginx...
Updating permissions in /tmp...
Updating permissions in /etc/s6.d...
Done updating permissions.
Starting automatic configuration...
Automatic configuration finished.
PHP Fatal error:  Uncaught Exception: Could not gather sufficient random data in /nextcloud/lib/private/Security/SecureRandom.php:81
Stack trace:
#0 /nextcloud/lib/private/Security/SecureRandom.php(81): random_int(0, 63)
#1 /nextcloud/lib/private/AppFramework/Http/Request.php(576): OC\Security\SecureRandom->generate(20)
#2 /nextcloud/lib/private/Log/File.php(93): OC\AppFramework\Http\Request->getId()
#3 [internal function]: OC\Log\File::write('PHP', 'Exception: Coul...', 3)
#4 /nextcloud/lib/private/Log.php(301): call_user_func(Array, 'PHP', 'Exception: Coul...', 3)
#5 /nextcloud/lib/private/Log.php(159): OC\Log->log(3, 'Exception: Coul...', Array)
#6 /nextcloud/lib/private/Log/ErrorHandler.php(81): OC\Log->critical('Exception: Coul...', Array)
#7 [internal function]: OC\Log\ErrorHandler::onException(Object(Exception))
#8 {main}
  thrown in /nextcloud/lib/private/Security/SecureRandom.php on line 81
PHP Fatal error:  Uncaught Exception: Could not gather sufficient random data in /nextcloud/lib/private/Security/SecureRandom.php:81
Stack trace:
#0 /nextcloud/lib/private/Security/SecureRandom.php(81): random_int(0, 63)
#1 /nextcloud/lib/private/AppFramework/Http/Request.php(576): OC\Security\SecureRandom->generate(20)
#2 /nextcloud/lib/private/Log/File.php(93): OC\AppFramework\Http\Request->getId()
#3 [internal function]: OC\Log\File::write('PHP', 'Uncaught Except...', 3)
#4 /nextcloud/lib/private/Log.php(301): call_user_func(Array, 'PHP', 'Uncaught Except...', 3)
#5 /nextcloud/lib/private/Log.php(159): OC\Log->log(3, 'Uncaught Except...', Array)
#6 /nextcloud/lib/private/Log/ErrorHandler.php(68): OC\Log->critical('Uncaught Except...', Array)
#7 [internal function]: OC\Log\ErrorHandler::onShutdown()
#8 {main}
  thrown in /nextcloud/lib/private/Security/SecureRandom.php on line 81

The output of docker info is

# docker info
Containers: 2
 Running: 1
 Paused: 0
 Stopped: 1
Images: 7
Server Version: 1.11.2
Storage Driver: devicemapper
 Pool Name: docker-253:0-154140688-pool
 Pool Blocksize: 65.54 kB
 Base Device Size: 10.74 GB
 Backing Filesystem: ext4
 Data file: /dev/loop2
 Metadata file: /dev/loop3
 Data Space Used: 4.005 GB
 Data Space Total: 107.4 GB
 Data Space Available: 103.4 GB
 Metadata Space Used: 6.693 MB
 Metadata Space Total: 2.147 GB
 Metadata Space Available: 2.141 GB
 Udev Sync Supported: false
 Deferred Removal Enabled: false
 Deferred Deletion Enabled: false
 Deferred Deleted Device Count: 0
 Data loop file: /share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/devicemapper/devicemapper/data
 WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.
 Metadata loop file: /share/CACHEDEV1_DATA/Container/container-station-data/lib/docker/devicemapper/devicemapper/metadata
 Library Version: 1.02.82-git (2013-10-04)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins: 
 Volume: local
 Network: bridge null host
Kernel Version: 3.12.6
Operating System: QTS 4.2.3 (20170213)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.703 GiB
Name: SOMENASNAME
ID: 5RSG:5ONK:I55V:CWRO:I4PS:4SCI:WWI7:6H33:JTRL:2XWP:6IPS:P2PT
Docker Root Dir: /share/CACHEDEV1_DATA/Container/container-station-data/lib/docker
Debug mode (client): false
Debug mode (server): false
Registry: https://index.docker.io/v1/
WARNING: No kernel memory limit support
Labels:
 architecture=x86_64

[Wonderfall]

Same issue as here : #130
However it has been resolved two weeks ago. Are you sure you're using the latest build?

[petrockblog]

Yes, I am sure. Here is the output from docker images:

$ docker images
REPOSITORY             TAG                 IMAGE ID            CREATED             SIZE
wonderfall/nextcloud   latest              0b48f34bf615        27 hours ago        229 MB
mariadb                10                  56741a13bbb9        12 days ago         393 MB

[Wonderfall]

I can't do anything about it. It seems to me it's the same issue as before and it affects all kernel older than 3.17 (I'm using 4.10 and I can't reproduce your issue).

ping @vakartel

[vakartel]

Seems like memory/swap accounting is disabled on the host box.
moby/moby#4250

[petrockblog]

Thanks for pointing me to that. I will take a look into that post!

[jokoso]

I'm also having this issue since updating to the 11.0.3 image. I'm using CentOS 7 as host OS (kernel 3.10).

Were you able to fix it by adding cgroup_enable=memory swapaccount=1 to the kernel boot options on the host?

Best regards,
Jon

[petrockblog]

I did not find a fair way to do that on my QNAP NAS.

[eullerborges]

@jokoso Me too. I'm using Debian Wheezy with backports kernel 3.16. Have you found a solution? Thanks!

[mzdrahal]

@petrockblog I managed to get this installed on my armhf QNAP but it required re-compiling php7 with a patch that handles the way the old/recent QNAP kernel incorrectly responds to calls to the getrandom() syscall. I've tried to get this issue fixed on the vendor side but lost my moxie after ~18 mails back and forth. I'm not really sure how to contribute this back to alpinelinux (or if it's even feasible to do so).

The patch itself is pretty basic:

--- a/ext/standard/random.c
+++ b/ext/standard/random.c
@@ -113,7 +113,7 @@
 		n = syscall(SYS_getrandom, bytes + read_bytes, amount_to_read, 0);

 		if (n == -1) {
-			if (errno == ENOSYS) {
+			if (errno == ENOSYS || errno == EFAULT || errno == EPERM) {
 				/* This can happen if PHP was compiled against a newer kernel where getrandom()
 				 * is available, but then runs on an older kernel without getrandom(). If this
 				 * happens we simply fall back to reading from /dev/urandom. */

Any suggestions?

[petrockblog]

It is a shame that QNAP is not so responsive. I can only hope that QNAP patches their kernel soon. I am not willing to recompile PHP for our production system.

Your fix looks pretty simple (like it is so often, once one knows what the problem is 😃). One might assume that It should not take them too long to review it.