Hello,
By your numbers it seems that your machine is able to generate random numbers at good speed. But the problem is WHEN and HOW OFTEN. Afaik, the linux kernel waits too long to trigger the process to generate random numbers and fast paced process spawning or ssl connections could deplete pool before the process is triggered again. This is the problem that haveged could solve. Triggering a random numbers generation at a higher threshold and at higher frequency. http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ Well, it is only ONE of possible causes of your problem. Unfortunately one obscure and difficult to identify because it does not generate errors, crashes or logs. Simply slowness. Had you checked disk latency? Does your servers have enough sasl processes? We use Debian and did not find haveged installation issues, so you will have to search a bit more about your running errors. Regards. Andre Felipe http://www.techforce.com.br Paul Bronson <signaldevelo...@gmail.com> wrote .. Guys, I ran cat /dev/urandom | rngtest -c 1000 and got: rngtest: starting FIPS tests... rngtest: bits received from input: 20000032 rngtest: FIPS 140-2 successes: 998 rngtest: FIPS 140-2 failures: 2 rngtest: FIPS 140-2(2001-10-10) Monobit: 0 rngtest: FIPS 140-2(2001-10-10) Poker: 0 rngtest: FIPS 140-2(2001-10-10) Runs: 1 rngtest: FIPS 140-2(2001-10-10) Long run: 1 rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 rngtest: input channel speed: (min=22.980; avg=501.129; max=19073.486)Mibits/s rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s rngtest: Program run time: 198018 microseconds Does this look bad to you considering all of my slow SASL auths? (no haveged is on at this point.. available entropy is between 131 - 160... pool size is default 4096. I also tried installing haveged, which worked fine, but as soon as I started the service it said something like process dead, sub sys locke! d... ? So rry, entropy is fairly new to me. On Thu, Sep 10, 2015 at 5:24 PM, <signaldevelo...@gmail.com> wrote: Andre, Really? What should it be? I was curious and checked.. Entropy on some of my other big time production servers for email is only about 200) and its lightning fast? - Paul > On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado <andremach...@techforce.com.br> wrote: > > Hello, > Entropy of 158 is way too low for production servers. And this *MAY* cause weird > slowness without logging any errors. > You could install "haveged" and configure for max threshold levels on production > servers. > https://packages.debian.org/search?keywords=haveged > > Regards. > > Andre Felipe > http://www.techforce.com.br > > > > signaldevelo...@gmail.com wrote .. >> Rudy, >> >> Entropy is 158 I just looked. And as far as compiling against urandom, to be > honest >> I'm >> not sure. >> >> - Paul >> >> >> >> >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <rudy.geva...@ugent.be> wrote:! >>> >>> >>> Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015: >>> >>>> Hosts file >>> is fine I checked that, thanks. Kolab uses 389 to >>>> authenticate for >>> everything, so Cyrus is using LDAP as you can see >>>> above. I think the >>> problem lies in the constant TLS logins into >>>> Cyrus for every click: >>> >>>> >>>> imap[2281]: login: localhost [::1] john...@domain.com PLAIN+TLS >>> User >>>> logged in >>>> >>> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363> >>>> Sep >>> 5 20:54:51 es1 imap[2281]: USAGE john...@domain.com user: >>>> 0.009998 >>> sys: 0.006999 >>>> >>>> >>>> Again its only one user, on roundcube... I am >>> afraid to put any more >>>> users on it. There doesn't seem to be much of >>> performance tweaks >>>> with Cyrus around the web either... >>> >>> does >>> your system have enough entropy? >>> >>> Is saslauthd compiled against >>> /dev/urandom? >>> >>> Rudy >>> >>> -- >>> -- -- -- -- -- -- -- -- -- -- -- >>> -- -- -- -- -- -- -- -- -- -- -- -- -- >>> Rudy Gevaert >>> ! e- mail: rudy.geva...@ugent.be >>> Directie ICT, Afdeling Infrastructuur >>> Groep Systemen tel: +32 9 264 4750 >>> Universiteit Gent fax: +32 9 264 4994 >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >>> >>> >>> ---- >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> ---- >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo! /info-cyr us
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
