Hello,
On Tue, Sep 01, 2020 at 04:47:41PM +0100, Hugh Frostick wrote:
I have a VPS on Centos 7.8 with Virtualmin which is
ok.
I have a new VPS on Centos 8.2 with Virtualmin (and different purpose set up -
principally has Dovecot) which has this process using 60-95% cpu:
/sbin/rngd -f --fill-watermark=0
Just rebooted and it simply carried on again.
I've no idea what is wrong with your rngd, but BitFolk has some
hardware entropy devices which you can use so you don't need to fake
it with rngd.
https://tools.bitfolk.com/wiki/Entropy#BitFolk.27s_entropy_service
(The rest of this article needs rewriting in light of subsequent
changes to Linux's random subsystem, but the instructions for the
entropy service are accurate for Debian/Ubuntu.)
Is ekeyd-egd-linux available for CentOS?
May I ask why you are using rngd? AFAIK on modern Linux everything
should be pointed at /dev/urandom which will never block except
possibly at early boot time. People have been using things like rngd
and haveged to get past the early stall. Is that why you have been
using it or is there some other reason?
Having sdaid that, I did some experiments last year with a Debian
buster VM and unless I disable the RDRAND CPU instruction is gets
entropy pretty quickly (1.14 seconds vs 48.88s):
http://strugglers.net/~andy/blog/2019/07/11/experiments-with-rdrand-and-ent…
So is the boot stage even an issue?
I think that you should only see boot time entropy starvation on a
BitFolk VM if you purposefully disable RDRAND¹.
Cheers,
Andy
¹ e.g. because you believe it is a black box made by Intel at the
behest of the NSA
--
https://bitfolk.com/ -- No-nonsense VPS hosting