| 1 |
On 26/03/2010 14:15, Brian Kroth wrote: |
| 2 |
> Here's another graphing tool I started using since whoever started this |
| 3 |
> thread got me hooked on the subject :) |
| 4 |
> http://collectd.org/wiki/index.php/Plugin:Entropy |
| 5 |
> |
| 6 |
|
| 7 |
Nice |
| 8 |
|
| 9 |
For those using snmpd (eg cacti) all I did was add this line to my |
| 10 |
/etc/snmp/snmpd.conf file: |
| 11 |
exec .1.3.6.1.4.1.2021.60 entropy /bin/cat |
| 12 |
/proc/sys/kernel/random/entropy_avail |
| 13 |
|
| 14 |
Then I used a template from the cacti mailing list to easily pull that |
| 15 |
into a graph in cacti and plot it |
| 16 |
|
| 17 |
> Things are much worse, even for physical machines, than I originally |
| 18 |
> suspected, so I'm now thinking about trying to setup something like this |
| 19 |
> in conjunction with both the entropy key and the timer_entropyd so that |
| 20 |
> I can provide an entropy service to various clients. |
| 21 |
> http://www.vanheusden.com/entropybroker/ |
| 22 |
> |
| 23 |
|
| 24 |
I don't have audio, video or builtin hw rand on my servers, so I could |
| 25 |
only user timer_entropyd. This chewed about 2-5% CPU on one very |
| 26 |
lightly loaded quad core intel board and kept the entropy at about |
| 27 |
80-100%. On my other AMD dual core live server, it chewed more like |
| 28 |
5-15% cpu (not sure why) and mostly it keeps entropy at 70-100%, but |
| 29 |
with regular dips to zero (server is pretty lightly loaded, load average |
| 30 |
around 0.2). Unless you are a complete tinfoil hatter then this is |
| 31 |
probably plenty |
| 32 |
|
| 33 |
The ekeyd keeps the machine at 100% entropy (actually it keeps it at |
| 34 |
slightly *over* 15,000 bytes which is the pool size - I'm not quite sure |
| 35 |
how/why it's keeping the pool at 101% filled, but there you go). CPU |
| 36 |
load is zero |
| 37 |
|
| 38 |
For distributing entropy around, the entropykey comes with a basic egd |
| 39 |
compatible socket and you simply setup an egd client (also supplied) to |
| 40 |
read from that socket. I don't believe this is encrypted, so |
| 41 |
entropybroker looks better over a real network, but it's also not yet in |
| 42 |
portage (anyone got some time to contribute an ebuild?) |
| 43 |
|
| 44 |
So from a "it's done" point of view, the entropy key really is a very |
| 45 |
simple and low CPU solution. |
| 46 |
|
| 47 |
Ed W |
Archives