Tomcat7 starts too late on Ubuntu 14.04 x64 [Digitalocean]

java ubuntu tomcat digital-ocean

Solution 1:

Replacing securerandom.source=file:/dev/urandom with securerandom.source=file:/dev/./urandom in $JAVA_PATH/jre/lib/security/java.security has solved my problem.

Even when file:/dev/urandom is specified, JRE will still use /dev/random for SHA1PRNG (see bug JDK-4705093):

In SHA1PRNG, there is a SeedGenerator which does various things depending on the configuration.

  1. If java.security.egd or securerandom.source point to "file:/dev/random" or "file:/dev/urandom", we will use NativeSeedGenerator, which calls super() which calls SeedGenerator.URLSeedGenerator(/dev/random). (A nested class within SeedGenerator.) The only things that changed in this bug was that urandom will also trigger use of this code path.

  2. If those properties point to another URL that exists, we'll initialize SeedGenerator.URLSeedGenerator(url). This is why "file:///dev/urandom", "file:/./dev/random", etc. will work.

From Wikipedia on /dev/random:

In this implementation, the generator keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created. When read, the /dev/random device will only return random bytes within the estimated number of bits of noise in the entropy pool. /dev/random should be suitable for uses that need very high quality randomness such as one-time pad or key generation.

When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered. The intent is to serve as a cryptographically secure pseudorandom number generator, delivering output with entropy as large as possible. This is suggested for use in generating cryptographic keys for high-value or long-term protection.

Environmental noise?

The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created.

That means in practice, it’s possible to block tomcat for an unknown amount of time.

Solution 2:

This also works:

Actually, by setting the following in /etc/default/tomcat7, I was fine:

JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xmx1024m -XX:MaxPermSize=512m -XX:+UseConcMarkSweepGC"

Comment from :

https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-7-on-ubuntu-14-04-via-apt-get

Related

What is the best way to enter numeric values with decimal points?
Are there any better methods to do permutation of string?
HashMap implementation in Java. How does the bucket index calculation work?
how to redirect STDOUT to a file in PHP?
How can I create a dynamically sized array of structs?
How to interpret the CorFlags flags?
Why do we need interfaces in Java?
How can I find MAX with relational algebra?
How to stick table header(thead) on top while scrolling down the table rows with fixed header(navbar) in bootstrap 3?
PYTHONPATH on Linux [closed]
How can I iterate over a packed variadic template argument list?
How to make email field unique in model User from contrib.auth in Django