On 05 March 2019 at 18:51 William Taylor via dovecot dovecot@dovecot.org wrote:
On Tue, Mar 05, 2019 at 05:39:28PM +0100, Axel Burri via dovecot wrote:
Hello
When booting from a slow machine, I can observe dovecot blocking the whole boot process. I traced it down to the getrandom() system call in lib/randgen.c, which blocks until the random number generator is initialized (dmesg "random: crng init done"). This can take up to three minutes (!) on my machine, as there is not much entropy available (no hardware RNG, network VPN is also waiting for random).
Unfortunately dovecot calls getrandom() before forking a daemon, which as a consequence blocks the whole init process (OpenRC on Gentoo Linux).
I believe this behavior has changed in kernel 4.14:
Quoting getrandom(2): "If the urandom source has not yet been initialized, then getrandom() will block, unless GRND_NONBLOCK is specified in flags."
Dovecot: 2.3.4.1 (f79e8e7e4)
Linux: 4.19.26-gentoo #2 SMP Thu Feb 28 20:30:23 CET 2019 x86_64 AMD G-T40E Processor AuthenticAMD GNU/Linux
Regards,
Axel
It should either block or fail to start. I personally like the idea of blocking so it starts up successfully.
Have you tried installing an entropy daemon or something to provide more entropy? I've seen people suggest haveged before.
On a side note.. I thought you want to call getrandom() after forking otherwise all children have the same rng sequence.
Entropy daemon is very recommended for your server in any case, otherwise you'll have lots of trouble with SSL.
Aki