Vidar Hokstad V2.0

Home Blog

Tag: prng

2008-05-24 15:33 UTC OpenVZ and Apache troubleshooting: PRNG still contains insufficient entropy!

Posted in: , , , , , ,
I was setting up Apache on OpenVZ earlier today, and ran into a problem with enabling SSL. Apache would refuse to start, and I'd see this in the error log: 

[Sat May 24 07:48:10 2008] [warn] Init: PRNG still contains insufficient entropy!
[Sat May 24 07:48:10 2008] [error] Init: Failed to generate temporary 512 bit RSA private keyConfiguration Failed

The solution is quite simple, though not very intuitive. On the host do this (replace "100" with the name or id of your OpenVZ container): 

vzctl set 100 --devices c:1:8:rw --save
vzctl exec 100 mknod /dev/random c 1 8
vzctl set 100 --devices c:1:9:rw --save
vzctl exec 100 mknod /dev/urandom c 1 9

Apache's SSL support requires /dev/random and /dev/urandom to seed the PRNG. Note that if only /dev/urandom is missing, Apache may seem to start, but eat all CPU. If you attach "strace" to it, you may see it spin over attempting to open /dev/urandom over and over.

Write the first comment

Older Entries

About me

E-mail: vidar@hokstad.com
Skype: vhokstad
View my LinkedIn profile

I was born April 21st, 1975, in Oslo, Norway. Since 2000 I've been living in London, UK. I'm married.

I'm working for Aardvark Media as Director of Technology. I'm also currently on the board of SpatialQ, a startup in the GIS space, and an advisor to Skoach, a startup doing a time management app for people with ADD.

Tags

(1) (2) (1) (3) (2) (3) (2) (18) (12) (3) (2) (2) (2) (2) (2) (3) (5) (2) (4) (2) (2) (2) (2) (2) (3) (4) (4) (4) (2) (3) (33) (5) (2) (1) (35) (1) (2) (2) (4) (2) (3) (3) (2) (2) (5) (2) (4) (2) (3) (2)

StumbleUpon My link page

(Links I have stumbled and like)