Tomcat solves the slow start-up application in Linux with the entropy pool

Tomcat Error during boot

 --jul- .  Geneva: Wu:56.797INFO [localhost-startstop-1] Org.apache.catalina.startup.HostConfig.deployDirectory deploying Web Application directory/application/ apache-tomcat-8.0. -/webapps/Manager --jul- .  Geneva: Wu:56.848INFO [localhost-startstop-1] Org.apache.catalina.startup.HostConfig.deployDirectory Deployment of Web application directory/application/ apache-tomcat-8.0. -/webapps/manager has finishedinch WuyiMs --jul- .  Geneva: Wu:56.864INFO [main] Org.apache.coyote.AbstractProtocol.start starting Protocolhandler ["http-nio-8080"] --jul- .  Geneva: Wu:56.873INFO [main] Org.apache.coyote.AbstractProtocol.start starting Protocolhandler ["ajp-nio-8009"] --jul- .  Geneva: Wu:56.874INFO [main] Org.apache.catalina.startup.Catalina.start Server startupinch 34487Ms

Entropy Pool

The entropy pool is essentially several bytes. /proc/sys/kernel/random/entropy_avail stores the current size of the entropy pool,/proc/sys/kernel/random/poolsize is the maximum capacity of the entropy pool, the units are bit. If the value of Entropy_avail is less than the number of random bits to be generated, then/dev/random will be blocked.
So why is the entropy pool not enough?
Google a bit of information, the entropy pool is actually obtained from a variety of noice source data, Noice Source may be keyboard events, mouse events, device clock medium. When the Linux kernel was upgraded from 2.4 to 2.6, it was considered safe to discard some of the source. The source is reduced, and the rate of recharge of the entropy pool is, of course, slow and not enough.
In fact, by consuming entropy pools, Dos attacks can be constructed. The principle is simple, the entropy pool is empty, dependent on the random number of services (SSL, encryption, etc.) can not be normal.

Supplemental Entropy Pool

Some programs can automatically replenish entropy pools, such as Rngd or Rng-tools.
I tried the rngd on the Linode VPS, the effect is very obvious.
First observe the size of the entropy pool before Rngd starts: Watch Cat/proc/sys/kernel/random/entropy_avail, between 100~200.
Then start Rngd:sudo rngd-r/dev/urandom-o/dev/random-f-T 1
The entropy pool immediately soared to 3712, close to the 4096 ceiling.

If there is enough entropy to generate a random number, you can use the following command to view
Cat/proc/sys/kernel/random/entropy_avail

Programme one:
can be resolved by installing Rng-tools

Yum-y Install rng-'extraoptions= "--rng-device/dev/urandom"' >/etc/ sysconfig/rngdservice rngd restartchkconfig rngd on

Scenario Two:

Addressing in the Tomcat environment

You can use non-blocking entropy Source by configuring the JRE. Add such a line in catalina.sh:-djava.security.egd=file:/dev/./urandom can be. Vim $TOMCAT _home/bin/catalina.shif"$JAVA _opts" ! = * djava.security.egd=* ]]; Then    java_opts="$JAVA _opts-djava.security.egd=file:/dev/urandom"  Fi

Programme III:

Addressing in the JVM environment

Open $java_path/jre/lib/security/java.security This file and find the following: Securerandom.source=file:/dev/urandom Replace with Securerandom.source=file:/dev/./urandom or vim $JAVA _home/jre/lib/security/  Java.securitysecurerandom.source=file:/dev/random changed to Securerandom.source=file:/dev/urandom

Tomcat solves the slow start-up application in Linux with the entropy pool