pcp-pmie reports "Low random number entropy available"

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) 8 and 9
  • Performance Co-Pilot (PCP)
  • pmie logger

Issue

pcp-pmie reports Low random number entropy available.

     pcp-pmie[2552]: Low random number entropy available 8.2%avail@xxxxxxxxxx
     pcp-pmie[2552]: Low random number entropy available 13.3%avail@xxxxxxxxxx
     pcp-pmie[2552]: Low random number entropy available 26.6%avail@xxxxxxxxxx
     pcp-pmie[2552]: Low random number entropy available 25.4%avail@xxxxxxxxxx
     pcp-pmie[2552]: Low random number entropy available 27.3%avail@xxxxxxxxxx
     pcp-pmie[2552]: Low random number entropy available 27.3%avail@xxxxxxxxxx
     pcp-pmie[2552]: Low random number entropy available 14.1%avail@xxxxxxxxxx

Resolution

  • On RHEL8: On systems which are not running with FIPS enabled, consider to make more entropy available in installing the rng-tools package, and then enabling rngd with systemctl enable --now rngd.service.

  • The following fix has been brought into upstream PCP 6.0.3. Due to this fix, the entropy check has been kept to 5 %. This fix should be in RHEL 9.3 and later.

    version - 6.0.3-47
commit f75c932c296ac9cd0b142e98f873d701c9418adf
Author: Nathan Scott <nathans@redhat.com>
Date:   Thu Mar 23 04:36:21 2023 +1100

pmieconf: add a minimum pct conjunction to entropy for small poolsizes

diff --git a/src/pmieconf/entropy/available b/src/pmieconf/entropy/available
index f5eb0ca01..9c07b5bc0 100644
--- a/src/pmieconf/entropy/available
+++ b/src/pmieconf/entropy/available
@@ -8,7 +8,7 @@ rule    entropy.available
    predicate =
"some_host (
    ( 100 * kernel.all.entropy.avail $hosts$ /
-          kernel.all.entropy.poolsize $hosts$ ) >= 0 &&
+          kernel.all.entropy.poolsize $hosts$ ) <= $minimum$ &&
    ( kernel.all.entropy.avail <= $threshold$ )
)"
    enabled = yes
@@ -30,6 +30,13 @@ unsigned     threshold
"The threshold of entropy remaining available from the pool, in
the range zero (none) to kernel.all.entropy.poolsize (plenty).";

+percent        minimum
+       default = 5    <---------------------------------------------------
+       help    =
+"Minimum percentage of available space below which the entropy
+pool is considered depleted.  Range 0 (no available entropy) to
+100 (entire entropy pool is available).";
+
string delta
    default = "2 min"
    help =

Workaround

Follow the below workaround if you see Low random number entropy available in the logs:

  1. Disable the pmie logger for entropy.

    # pmieconf -f /var/lib/pcp/config/pmie/config.default disable entropy.available

  2. The changes in the fix done in upstream PCPinclude setting the threshold value to 5% of the pool size. The threshold value is been kept at 12 which is 5% of the poolsize i.e 256.

    # pmieconf -f /var/lib/pcp/config/pmie/config.default 
  Updates will be made to /var/lib/pcp/config/pmie/config.default

  pmieconf> modify entropy.available threshold 12

  pmieconf> quit

Root Cause

 # less  /var/lib/pcp/config/pmie/config.default | grep entropy

     // 1 entropy.available
        delta = 2 min;
        entropy.available = 
        some_host (
          ( 100 * kernel.all.entropy.avail  /
            kernel.all.entropy.poolsize  ) >= 0 &&
          ( kernel.all.entropy.avail <= 150 )
           ) -> syslog 10 min "Low random number entropy available" " %v%avail@%h";

Diagnostic Steps

  • Run the below command to check for the logs.
   #  less /var/log/messages | grep 'Low random number entropy available'

      pcp-pmie[2552]: Low random number entropy available 8.2%avail@xxxxxxxxxx
      pcp-pmie[2552]: Low random number entropy available 13.3%avail@xxxxxxxxxx
  • Component
  • pcp

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments