How can I detect incidents of entropy depletion?
I recently had my first encounter with a depleted entropy pool, and I was disappointed to learn that none of the usual system logs were helpful in discovering the problem.
After installing CUPS on a new CentOS 6 virtual machine, I tried to connect to the admin page via HTTPS. The request appeared to hang indefinitely. I later learned that CUPS was trying to generate a new self-signed SSL certificate on the fly, and it was blocked while attempting to read from /dev/random. Further reading on the internet shows this is a common problem for virtual machines because they lack the usual sources of entropy.
Although it was easy to work around in my specific case, I am now paranoid that similar depletion events could be happening on other virtual machines in my ESXi cluster. But since this event is not written to any of the usual log files, I really have no way of knowing how prevalent the problem is.
Is there any way to easily monitor the availability of entropy on all the virtual machines in a large cluster? In particular, I want to know whether entropy depletion is a contributing factor to some intermittent performance problems we have been seeing on some machines.
Solution 1:
It's easy to check via the /proc
filesystem...
cat /proc/sys/kernel/random/entropy_avail
Also, some monitoring utilities and graph and alert on available entropy. Munin is an easy example.