How can I detect incidents of entropy depletion?

linux centos entropy-pool

I recently had my first encounter with a depleted entropy pool, and I was disappointed to learn that none of the usual system logs were helpful in discovering the problem.

After installing CUPS on a new CentOS 6 virtual machine, I tried to connect to the admin page via HTTPS. The request appeared to hang indefinitely. I later learned that CUPS was trying to generate a new self-signed SSL certificate on the fly, and it was blocked while attempting to read from /dev/random. Further reading on the internet shows this is a common problem for virtual machines because they lack the usual sources of entropy.

Although it was easy to work around in my specific case, I am now paranoid that similar depletion events could be happening on other virtual machines in my ESXi cluster. But since this event is not written to any of the usual log files, I really have no way of knowing how prevalent the problem is.

Is there any way to easily monitor the availability of entropy on all the virtual machines in a large cluster? In particular, I want to know whether entropy depletion is a contributing factor to some intermittent performance problems we have been seeing on some machines.


Solution 1:

It's easy to check via the /proc filesystem... 

cat /proc/sys/kernel/random/entropy_avail

Also, some monitoring utilities and graph and alert on available entropy. Munin is an easy example.

enter image description here

Related

Fail2ban log filled with entries saying "fail2ban.filter : WARNING Determined IP using DNS Lookup:.."
SSL Certificate management with Powershell DSC
getent passwd dosen't show users of LDAP server
cp -p will preserve times for some files but not all?
what is the difference between proxy_request_buffering and proxy_buffering on nginx?
Can't send to compressed (zipped) folder
systemd's journalctl: how to filter by message?
Systemctl: find out which commands are applicable for a service
KVM Host with 88 physical cores uses only 14 on 64 core Guest
Manage Multiple IIS servers without shared configuration
Sync Two IIS 8.5 Server configurations only excluding bindings
What is the difference between Ceph and NFS when it comes to shared file storage?