1 |
On 26/03/2010 14:15, Brian Kroth wrote: |
2 |
> Here's another graphing tool I started using since whoever started this |
3 |
> thread got me hooked on the subject :) |
4 |
> http://collectd.org/wiki/index.php/Plugin:Entropy |
5 |
> |
6 |
|
7 |
Nice |
8 |
|
9 |
For those using snmpd (eg cacti) all I did was add this line to my |
10 |
/etc/snmp/snmpd.conf file: |
11 |
exec .1.3.6.1.4.1.2021.60 entropy /bin/cat |
12 |
/proc/sys/kernel/random/entropy_avail |
13 |
|
14 |
Then I used a template from the cacti mailing list to easily pull that |
15 |
into a graph in cacti and plot it |
16 |
|
17 |
> Things are much worse, even for physical machines, than I originally |
18 |
> suspected, so I'm now thinking about trying to setup something like this |
19 |
> in conjunction with both the entropy key and the timer_entropyd so that |
20 |
> I can provide an entropy service to various clients. |
21 |
> http://www.vanheusden.com/entropybroker/ |
22 |
> |
23 |
|
24 |
I don't have audio, video or builtin hw rand on my servers, so I could |
25 |
only user timer_entropyd. This chewed about 2-5% CPU on one very |
26 |
lightly loaded quad core intel board and kept the entropy at about |
27 |
80-100%. On my other AMD dual core live server, it chewed more like |
28 |
5-15% cpu (not sure why) and mostly it keeps entropy at 70-100%, but |
29 |
with regular dips to zero (server is pretty lightly loaded, load average |
30 |
around 0.2). Unless you are a complete tinfoil hatter then this is |
31 |
probably plenty |
32 |
|
33 |
The ekeyd keeps the machine at 100% entropy (actually it keeps it at |
34 |
slightly *over* 15,000 bytes which is the pool size - I'm not quite sure |
35 |
how/why it's keeping the pool at 101% filled, but there you go). CPU |
36 |
load is zero |
37 |
|
38 |
For distributing entropy around, the entropykey comes with a basic egd |
39 |
compatible socket and you simply setup an egd client (also supplied) to |
40 |
read from that socket. I don't believe this is encrypted, so |
41 |
entropybroker looks better over a real network, but it's also not yet in |
42 |
portage (anyone got some time to contribute an ebuild?) |
43 |
|
44 |
So from a "it's done" point of view, the entropy key really is a very |
45 |
simple and low CPU solution. |
46 |
|
47 |
Ed W |