Increasing Entropy on CoreOS

Question

I'm trying out coreos on a kubernetes cluster. This setup includes a bind server serving DNSSEC responses. Because of the DNSSEC key management, the bind server uses up all the available entropy and hangs on startup, and takes hours to get enough entropy to sign a single zone.

What can I do to increase the entropy on the servers to prevent this from happening?

These are virtual machines on GCE, which is why there are entropy problems. — ConnorJC, May 30 '16 at 01:00

score 5 · Accepted Answer · edited May 30 '16 at 03:09

5

You should install haveged in order to counter the lack of entropy sources in your specific setup.

If you have restricted access, try something like this:

https://github.com/harbur/docker-haveged

In case you need an entropy gathering service on your docker host but don't want to / can't install locally an entropy gathering service.

The service makes more sense on Cloud servers and more specifically on CoreOS servers where you cannot install locally services.

edited May 30 '16 at 03:09

Michael Hampton

237,123
42
477
940

answered May 30 '16 at 03:00

ewwhite

194,921
91
434
799

Although, please do note that this doesn't fix someone with restricted access (Assuming you mean from a privilege standpoint), as the container requires privileged mode to make the entropy available. – ConnorJC May 30 '16 at 18:36

Increasing Entropy on CoreOS

1 Answers1