Simon Matter
2023-Mar-03 10:00 UTC
[CentOS] EL9 says: pcp-pmie[2870]: Low random number entropy available 15.6%
Hi, I've discovered an issue which I don't understand. On a new test install of EL9 I saw this message in the logs: Mar 01 08:09:18 <hostname> pcp-pmie[2870]: Low random number entropy available 15.6%avail at beta.corp.invoca.ch This is on a 64 core "AMD Opteron(tm) Processor 6282 SE" server but I also got the same low entropy on an EL9 KVM guest running on a "AMD EPYC 7601" server. After a lot of searching the net I understand that rng has been reworked in 5.x kernels and /proc/sys/kernel/random/entropy_avail reaches only 256 in default configurations. But why does it go too low on a test system with almost not load? Is this an issue with AMD CPUs or does it also happen on other systems? Thanks for any insights, Simon
Simon Matter
2023-Mar-04 09:05 UTC
[CentOS] EL9 says: pcp-pmie[2870]: Low random number entropy available 15.6%
> Hi, > > I've discovered an issue which I don't understand. On a new test install > of EL9 I saw this message in the logs: > > Mar 01 08:09:18 <hostname> pcp-pmie[2870]: Low random number entropy > available 15.6%avail@<hostname> > > This is on a 64 core "AMD Opteron(tm) Processor 6282 SE" server but I also > got the same low entropy on an EL9 KVM guest running on a "AMD EPYC 7601" > server.The simple fix here is to install rng-tools and start rngd. Starting from when rngd was started, the available entropy still doesn't go higher than 256 but also didn't get lower. So, why is rng-tools not installed by default, at least on a server install? I've asked you.com about this and the answer is interesting Q: why does rhel9 not install rng-tools by default A: RHEL 9 does not install the rng-tools package by default because it is not necessary for most users. The Linux kernel now uses hardware random number generators (RNGs) to generate random numbers, which provides enough entropy for most applications. For applications that require more entropy, users can choose to install the rng-tools package if necessary. Indeed, this was discussed here https://bugzilla.redhat.com/show_bug.cgi?id=1888695 but why do I see available entropy being low on my freshly installed systems? I start to believe that at least AMD EPYC based servers without TPM module (yes, we order our server without TPM) will not work well without rngd running. If that's the case, then it wasn't a good idea to remove rng-tools from server installs IMHO. Simon