[Freeipa-devel] Entropy aka ipa-server-install failed

Sumit Bose sbose at redhat.com
Fri Feb 28 11:10:21 UTC 2014


On Fri, Feb 28, 2014 at 11:59:57AM +0100, Petr Spacek wrote:
> On 28.2.2014 11:53, Sumit Bose wrote:
> >Hi,
> >
> >I just tried to install FreeIPA on a fresh F20 VM and
> >'ipa-server-install --setup-dns' failed to start FreeIPA finally after
> >everything was configured.
> >
> >The reason was that starting named timed out because
> >generate-rndc-key.sh was basically blocking because there was no entropy
> >for /dev/random left to generate a proper key. I wonder if it would make
> >sense to call generate-rndc-key.sh during ipa-server-install if
> >--setup-dns is given to avoid this.
> 
> We can do it but it will only shift the problem to different place.

yes, but if we do it during ipa-server-install we have it under control
and can give a hint that this step needs entropy, might need a long
time and the user might help by producing additional network or disk
I/O.

bye,
Sumit
 
> In the past the key was generated in RPM posttrans but it was
> removed from there because sometimes it blocked RPM for very very
> long time.
> 
> -- 
> Petr^2 Spacek
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel




More information about the Freeipa-devel mailing list