Vary long start

[AlexanderShushunov]

Image tomcat:8.0.22-jre8

Vary long start.

log:

25-May-2015 16:06:20.304 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /usr/loc
al/tomcat/webapps/ROOT
25-May-2015 16:18:46.687 INFO [localhost-startStop-1] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instanc
e for session ID generation using [SHA1PRNG] took [746,031] milliseconds.
25-May-2015 16:18:46.721 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /usr
/local/tomcat/webapps/ROOT has finished in 746,418 ms
...

25-May-2015 16:18:47.307 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 747077 ms

[md5]

It looks like you're running on a machine with low entropy.

[AlexanderShushunov]

It is a virtual machine. How can I increase entropy?

[md5]

I've run into this problem before with boot2docker/VirtualBox and didn't find a great solution. I think I ended up sshing into the VM and running something like “du -x /" repeatedly until the available entropy got high enough. I looked for a way for the VM to share the host's entropy pool, but didn't find anything.

[md5]

Here's a related issue in the VirtualBox issue tracker that has a couple other suggestions on how to get more entropy into the VM: https://www.virtualbox.org/ticket/11297

[AlexanderShushunov]

Thank you for the answers.
As I understand, low entropy is a problem for all VMs.

[dpwspoon]

What about changing catalina.sh to use /dev/urandom via a java property. -Djava.security.egd=file:/dev/./urandom

[md5]

@dpwspoon That's a reasonable workaround for development purposes.

[dpwspoon]

What about for production? I'm not a cryptology expert but the following posts seem to make it seem like urandom is secure. post1 and post2

[delfuego]

I'm bumping into this tonight — startups that take 5-10 minutes. Has anyone ever figured out a real solution to this for production systems?

[yosifkit]

I would infer from the linked post and article that switching to /dev/urandom would be fine.

[dpwspoon]

That is correct

[delfuego]

FYI, for a while Docker has had a trivial way to make this switch that doesn't involve any changes to Tomcat or a system property — docker run --device /dev/urandom:/dev/random ...

[tianon]

Sounds like this is pretty well understood and solved now. 👍

(Might be worth adding something to the image documentation, if it's still a recurring problem. 😄)