Menu
Running out of entropy in virtualized Linux systems seems to be a common problem (e.g. /dev/random Extremely Slow?, Getting linux to buffer /dev/random). Despite of using a hardware random number generator (HRNG) the use of a an entropy gathering daemon like HAVEGED is often suggested. However an entropy gathering daemon (EGD) cannot be run inside a Docker container, it must be provided by the host.
Using an EGD works fine for docker hosts based on linux distributions like Ubuntu, RHEL, etc. Getting such a daemon to work inside boot2docker - which is based on Tiny Core Linux (TCL) - seems to be another story. Although TCL has a extension mechanism, an extension for an entropy gathering daemon doesn't seem to be available.
So an EGD seems like a proper solution for running docker containers in a (production) hosting environment, but how to solve it for development/testing in boot2docker?
Since running an EGD in boot2docker seemed too difficult, I thought about simply using /dev/urandom instead of /dev/random. Using /dev/urandom is a litte less secure, but still fine for most applications which are not generating long-term cryptographic keys. At least it should be fine for development/testing inside boot2docker.
737
What is entropy? It's basically the “randomness” on your machine from your interactions with it (keyboard, mouse, hard drive activity, web activity). Entropy is used in security applications such as SSH, PGP, SSL/TLS and random number generators.
Minimum: 8 GB; Recommended: 16 GB.
When you experience slow Docker performance, check your CPU, memory usage, and available disk space. Consider upgrading your system if a component does not perform as expected. When dealing with a specific container that is performing worse than expected, it may be helpful to check container-specific metrics.
I just realized, that it is simple as mounting /dev/urandom from the host as /dev/random into the container:
$ docker run -v /dev/urandom:/dev/random ... The result is as expected:
$ docker run --rm -it -v /dev/urandom:/dev/random ubuntu dd if=/dev/random of=/dev/null bs=1 count=1024 1024+0 records in 1024+0 records out 1024 bytes (1.0 kB) copied, 0.00223239 s, 459 kB/s At least I know how to build my own boot2docker images now ;-)
170
The most elegant solution I've found is running Haveged in separate container:
docker pull harbur/haveged docker run --privileged -d harbur/haveged Check whether enough entropy available:
$ cat /proc/sys/kernel/random/entropy_avail 2066 If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
