ALM-12040 Insufficient System Entropy

Description

The system checks the entropy at 00:00:00 every day, and performs five consecutive checks each time. First, the system checks whether the rng-tools or haveged tool is enabled and correctly configured. If not, the system checks the current entropy. If the entropy is smaller than 100 in the five checks, this alarm is generated.

If the true random number mode is configured, random numbers are configured in the pseudo-random number mode, or neither the true random number mode nor the pseudo-random number mode is configured but the entropy is greater than or equal to 100 in at least one check among the five checks, this alarm is cleared.

Attribute

Parameters

Impact on the System

System running is affected.

Possible Causes

The haveged service or rngd service is abnormal.

Procedure

Check and manually configure the system entropy.

1. On the FusionInsight Manager portal, click O&M > Alarm > Alarms.
2. Obtain the value of the HostName field in Location.
3. Log in to the node where the alarm is generated as user root.
4. Run the /bin/rpm -qa | grep -w "haveged" command to check haveged installation status. Check whether the command output is empty.
   • If yes, go to 7.
   • If no, go to 5.

5. Run the /sbin/service haveged status |grep "running" command, and view the command output.
   • If the command is executed successfully, the haveged service is installed and correctly configured and is running properly. Go to 10.
   • If the command is not executed successfully, the haveged service is not running properly. Go to 7.

6. Run the /bin/rpm -qa | grep -w "rng-tools" command to check rng-tools installation status. Check whether the command output is empty.
   • If yes, go to 8.
   • If no, go to 7.

7. Run the ps -ef | grep -v "grep" | grep rngd | tr-d " " | grep "\-o/dev/random" | grep "\-r/dev/urandom" command, and view the command output.
   • If the command is executed successfully, the rngd service is installed and correctly configured and is running properly. Go to 10.
   • If the command is not executed successfully, the rngd service is not running properly. Go to 8.

8. Manually configure the system entropy. For details, see Related Information.
9. Wait until 00:00:00 on the next day when the system checks the entropy again. Check whether the alarm is cleared automatically.
   • If yes, no further action is required.
   • If no, go to 10.

Collect fault information.

10. On the FusionInsight Manager portal, choose O&M > Log > Download.
11. Select NodeAgent from the Service and click OK.
12. Click in the upper right corner, and set Start Date and End Date for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click Download.
13. Contact the O&M personnel and send the collected log information.

Alarm Clearing

After the fault is rectified, the system automatically clears this alarm.

Related Information

Manually check the system entropy.

Log in to the node as user root and run the cat/proc/sys/kernel/random/entropy_avail command to check whether the system entropy meets the cluster installation requirements (the entropy must be greater than or equal to 500). If the system entropy is smaller than 500, you can reset it by using one of the following methods:

• Using the haveged tool (true random number mode): Contact the OS provider to install the tool and then start it.
• Using the rng-tools tool (pseudo random number mode): Contact the OS provider to install the tool and then configure the system entropy based on the OS type.
  • In the Red Hat or CentOS environment, run the following commands to configure the system entropy:

    echo 'EXTRAOPTIONS="-r /dev/urandom -o /dev/random -t 1 -i"' >> /etc/sysconfig/rngd

    service rngd start

    chkconfig rngd on

  • In the SUSE environment, run the following commands to configure the system entropy:

    rngd -r /dev/urandom -o /dev/random

    echo "rngd -r /dev/urandom -o /dev/random" >> /etc/rc.d/after.local