vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/umn/ALM-12040.html
Yang, Tong 3b1f73dece MRS UMN 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-13 12:03:34 +00:00

104 lines
14 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<a name="ALM-12040"></a><a name="ALM-12040"></a>
<h1 class="topictitle1">ALM-12040 Insufficient System Entropy</h1>
<div id="body50087568"><div class="section" id="ALM-12040__section49858936"><h4 class="sectiontitle">Description</h4><p id="ALM-12040__p144638408307">The system checks the entropy for five consecutive times at 00:00 every day. Specifically, the system checks whether rng-tools or haveged has been enabled and correctly configured. If neither is configured, the system continues to check the entropy. If the entropy is less than 100 for five consecutive times, this alarm is reported.</p>
<p id="ALM-12040__p1146314023010">This alarm is cleared when the system detects that the true random number mode has been configured, the random number parameters have been configured in the pseudo-random number mode, or neither mode is configured but the entropy of the OS is greater than or equal to 100 in at least one of five entropy checks.</p>
</div>
<div class="section" id="ALM-12040__section46077243"><h4 class="sectiontitle">Attribute</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="ALM-12040__table66091741" frame="border" border="1" rules="all"><thead align="left"><tr id="ALM-12040__row21052922"><th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.2.1.4.1.1"><p id="ALM-12040__p27565122">Alarm ID</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.2.1.4.1.2"><p id="ALM-12040__p18182423">Alarm Severity</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.2.2.1.4.1.3"><p id="ALM-12040__p63490144">Auto Clear</p>
</th>
</tr>
</thead>
<tbody><tr id="ALM-12040__row42428038"><td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.2.1.4.1.1 "><p id="ALM-12040__p14119024">12040</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.2.1.4.1.2 "><p id="ALM-12040__p2790278">Major</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.2.2.1.4.1.3 "><p id="ALM-12040__p24686002">Yes</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="ALM-12040__section12042011"><h4 class="sectiontitle">Parameters</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="ALM-12040__table53409113" frame="border" border="1" rules="all"><thead align="left"><tr id="ALM-12040__row40803123"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.1.3.1.1"><p id="ALM-12040__p16718633">Name</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.3.2.1.3.1.2"><p id="ALM-12040__p12032032">Meaning</p>
</th>
</tr>
</thead>
<tbody><tr id="ALM-12040__row13854132863911"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.1 "><p id="ALM-12040__p17935380415">Source</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.2 "><p id="ALM-12040__p187931338134115">Specifies the cluster or system for which the alarm is generated.</p>
</td>
</tr>
<tr id="ALM-12040__row35070527"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.1 "><p id="ALM-12040__p22140463">ServiceName</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.2 "><p id="ALM-12040__p48547096">Specifies the service for which the alarm is generated.</p>
</td>
</tr>
<tr id="ALM-12040__row34270681"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.1 "><p id="ALM-12040__p24461737">RoleName</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.2 "><p id="ALM-12040__p35243653">Specifies the role for which the alarm is generated.</p>
</td>
</tr>
<tr id="ALM-12040__row48757428"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.1 "><p id="ALM-12040__p57037582">HostName</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.3.2.1.3.1.2 "><p id="ALM-12040__p56641449">Specifies the host for which the alarm is generated.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="ALM-12040__section41269240"><h4 class="sectiontitle">Impact on the System</h4><p id="ALM-12040__p24554669">The system is not running properly.</p>
</div>
<div class="section" id="ALM-12040__section35878843"><h4 class="sectiontitle">Possible Causes</h4><ul id="ALM-12040__ul82194524379"><li id="ALM-12040__li16219652113719">rng-tools or haveged has not been installed or started.</li><li id="ALM-12040__li22191352123720">The entropy of the OS is smaller than 100 for multiple consecutive times.</li></ul>
</div>
<div class="section" id="ALM-12040__section54474133"><h4 class="sectiontitle">Procedure</h4><p class="tableheading" id="ALM-12040__p41910029"><strong id="ALM-12040__b47474410105652">Check whether haveged or rng-tools has been installed or started.</strong></p>
<ol id="ALM-12040__ol4071338310572"><li id="ALM-12040__li30761529105655"><span>Log in to FusionInsight Manager and choose <strong id="ALM-12040__b1144914633011">O&amp;M</strong> &gt; <strong id="ALM-12040__b14501663300">Alarm</strong> &gt; <strong id="ALM-12040__b84514673013">Alarms</strong>.</span></li><li id="ALM-12040__li8418311105655"><span>Check the value of <strong id="ALM-12040__b078362362511">HostName</strong> in the <strong id="ALM-12040__b15793142362519">Location</strong> area to obtain the name of the host for which the alarm is generated.</span></li><li id="ALM-12040__li10794601105655"><span>Log in to the node for which the alarm is generated as user <strong id="ALM-12040__b8655940105655">root</strong>. <span id="ALM-12040__text23715444267"></span></span></li><li id="ALM-12040__li1325705155017"><span>Run the <strong id="ALM-12040__b925735155015">/bin/rpm -qa | grep -w "haveged"</strong> command to check the haveged installation status and check whether the command output is empty.</span><p><ul id="ALM-12040__ul13139362503"><li id="ALM-12040__li08387016232">If yes, go to <a href="#ALM-12040__li978924652119">6</a>.</li><li id="ALM-12040__li38381500230">If no, go to <a href="#ALM-12040__li35057727105655">5</a>.</li></ul>
</p></li><li id="ALM-12040__li35057727105655"><a name="ALM-12040__li35057727105655"></a><a name="li35057727105655"></a><span>Run the <strong id="ALM-12040__b1947512105655">/sbin/service haveged status |grep "running"</strong> command and check the command output.</span><p><ul class="subitemlist" id="ALM-12040__ul41178005105655"><li id="ALM-12040__li23530779105655">If the command is executed successfully, haveged has been installed and configured correctly and is running properly. Go to <a href="#ALM-12040__li22912175218">8</a>.</li><li id="ALM-12040__li26944955105655">If the command fails to execute, haveged is not running properly. Run the following command to manually restart haveged and go to <a href="#ALM-12040__li20231214524">9</a>:<p class="subitemlist" id="ALM-12040__p17261031175416"><strong id="ALM-12040__b1692510321938">systemctl restart haveged.service</strong></p>
</li></ul>
</p></li><li id="ALM-12040__li978924652119"><a name="ALM-12040__li978924652119"></a><a name="li978924652119"></a><span>Run the <strong id="ALM-12040__b47084090105655">/bin/rpm -qa | grep -w "rng-tools"</strong> command to check the rng-tools installation and check whether the command output is empty.</span><p><ul id="ALM-12040__ul16856143695418"><li id="ALM-12040__li185643665416">If yes, contact the OS vendor to install and start haveged or rng-tools. Then go to <a href="#ALM-12040__li20231214524">9</a>.</li><li id="ALM-12040__li4856103665412">If no, go to <a href="#ALM-12040__li34867421105655">7</a>.</li></ul>
</p></li><li id="ALM-12040__li34867421105655"><a name="ALM-12040__li34867421105655"></a><a name="li34867421105655"></a><span>Run the <strong id="ALM-12040__b21103632105655">ps -ef | grep -v "grep" | grep rngd | tr -d " " | grep "\-r/dev/urandom"</strong> command and check the command output.</span><p><ul class="subitemlist" id="ALM-12040__ul3874157105655"><li class="subitemlist" id="ALM-12040__li458412269414">If the command is executed successfully, rngd has been installed and configured correctly and is running properly. Go to <a href="#ALM-12040__li22912175218">8</a>.</li><li id="ALM-12040__li31672597105655">If the command fails to execute, rngd is not running properly. Run the following command to manually restart rngd and go to <a href="#ALM-12040__li20231214524">9</a>:<p class="subitemlist" id="ALM-12040__p1136472120551"><strong id="ALM-12040__b15652193013129">systemctl restart rngd.service</strong></p>
</li></ul>
</p></li></ol>
<p class="subitemlist" id="ALM-12040__p11916121145217"><strong id="ALM-12040__b9492620828">Check the entropy of the OS.</strong></p>
<ol start="8" id="ALM-12040__ol162141218525"><li id="ALM-12040__li22912175218"><a name="ALM-12040__li22912175218"></a><a name="li22912175218"></a><span>Manually check the entropy of the OS.</span><p><p id="ALM-12040__p918443175613">Log in to the target node as user <strong id="ALM-12040__b4184231165613">root</strong> and run the <strong id="ALM-12040__b1184193115616">cat /proc/sys/kernel/random/entropy_avail</strong> command to check whether the entropy of the OS meets cluster installation requirements (no less than 100).</p>
<ul id="ALM-12040__ul2327638135619"><li id="ALM-12040__li106844459565">If yes, the entropy of the OS is not less than 100. Go to <a href="#ALM-12040__li20231214524">9</a>.</li><li id="ALM-12040__li16327938105619">If no, the entropy of the OS is less than 100. Use either of the following methods and go to <a href="#ALM-12040__li20231214524">9</a>.<ul id="ALM-12040__ul132181212521"><li id="ALM-12040__li141151214524">Method 1: Use haveged (true random number mode). Contact the OS vendor to install and start haveged.<p id="ALM-12040__p101191275213"><a name="ALM-12040__li141151214524"></a><a name="li141151214524"></a>In Kylin, run the following command:</p>
<p id="ALM-12040__p161161217525"><strong id="ALM-12040__b11161215211">vi /usr/lib/systemd/system/haveged.service</strong></p>
<p id="ALM-12040__p3118128527">Configure <strong id="ALM-12040__b89236631818">Type</strong>, <strong id="ALM-12040__b15628382189">ExecStar</strong>, <strong id="ALM-12040__b1775071031813">SuccessExitStatus</strong>, and <strong id="ALM-12040__b1488113121810">Restart</strong> in <strong id="ALM-12040__b6396162341819">[Service]</strong> as follows:</p>
<pre class="screen" id="ALM-12040__screen101412105210">Type=simple
ExecStar=/usr/sbin/haveged -w 1024 -v 1 Foreground
SuccessExitStatus=137 143
Restart=always</pre>
</li><li id="ALM-12040__li1724129524">Method 2: Use rng-tools (pseudo-random number mode). Contact the OS vendor to install and start rng-tools and configure it based on the OS type.<ul id="ALM-12040__ul15213126521"><li id="ALM-12040__li71191211524">In Red Hat Linux or CentOS, run the following commands:<p id="ALM-12040__p7161213529"><a name="ALM-12040__li71191211524"></a><a name="li71191211524"></a><strong id="ALM-12040__b13101295212">echo 'EXTRAOPTIONS="-r /dev/urandom -o /dev/random -t 1 -i"' &gt;&gt; /etc/sysconfig/rngd</strong></p>
<p id="ALM-12040__p1911112205213"><strong id="ALM-12040__b1718122529">service rngd start</strong></p>
<p id="ALM-12040__p151161215526"><strong id="ALM-12040__b31171235212">chkconfig rngd on</strong></p>
</li><li id="ALM-12040__li182612175211">In SUSE, run the following commands:<p id="ALM-12040__p1429125525"><a name="ALM-12040__li182612175211"></a><a name="li182612175211"></a><strong id="ALM-12040__b112101285215">rngd -r /dev/urandom -o /dev/random</strong></p>
<p id="ALM-12040__p4231295210"><strong id="ALM-12040__b162181295218">echo "rngd -r /dev/urandom -o /dev/random" &gt;&gt; /etc/rc.d/after.local</strong></p>
</li><li id="ALM-12040__li1221295215">In Kylin, run the following command as user <strong id="ALM-12040__b121712115210">root</strong> on the node where the alarm is reported:<p id="ALM-12040__p6215122527"><strong id="ALM-12040__b42181255211">vi /usr/lib/systemd/system/rngd.service</strong></p>
<p id="ALM-12040__p182121215218">Change the value of <strong id="ALM-12040__b546614420497">ExecStart</strong> in <strong id="ALM-12040__b166175224911">[Service]</strong> as follows:</p>
<pre class="screen" id="ALM-12040__screen122161210522">ExecStart=/sbin/rngd -f -r /dev/urandom -s 2048</pre>
</li></ul>
</li></ul>
</li></ul>
</p></li><li id="ALM-12040__li20231214524"><a name="ALM-12040__li20231214524"></a><a name="li20231214524"></a><span>Wait until the system to check the entropy at 00:00 on the following day and check whether the alarm is cleared.</span><p><ul class="subitemlist" id="ALM-12040__ul17214121526"><li id="ALM-12040__li172812165218">If yes, no further action is required.</li><li id="ALM-12040__li10211245210">If no, go to <a href="#ALM-12040__li5962839105655">10</a>.</li></ul>
</p></li></ol>
<p class="tableheading" id="ALM-12040__p39013326105655"><strong id="ALM-12040__b15098459105711">Collect fault information.</strong></p>
<ol start="10" id="ALM-12040__ol3438675910577"><li id="ALM-12040__li5962839105655"><a name="ALM-12040__li5962839105655"></a><a name="li5962839105655"></a><span>On FusionInsight Manager, choose <strong id="ALM-12040__b15129118135012">O&amp;M</strong>. In the navigation pane on the left, choose <strong id="ALM-12040__b913828115012">Log</strong> &gt; <strong id="ALM-12040__b131389811500">Download</strong>.</span></li><li id="ALM-12040__li53665559105655"><span>Select <strong id="ALM-12040__b168670067183456">NodeAgent</strong> for <strong id="ALM-12040__b77671734683456">Service</strong> and click <strong id="ALM-12040__b26186472983456">OK</strong>.</span></li><li id="ALM-12040__li13227985105655"><span>Click <span><img id="ALM-12040__image104601319175315" src="en-us_image_0263895382.png"></span> in the upper right corner, and set <strong id="ALM-12040__b357114351501">Start Date</strong> and <strong id="ALM-12040__b1572183555014">End Date</strong> for log collection to 10 minutes ahead of and after the alarm generation time, respectively. Then, click <strong id="ALM-12040__b18573163555012">Download</strong>.</span></li><li id="ALM-12040__li64833892105655"><span>Contact <span id="ALM-12040__text126301214142412">O&amp;M personnel</span> and provide the collected logs.</span></li></ol>
</div>
<div class="section" id="ALM-12040__section169311343318"><h4 class="sectiontitle">Alarm Clearing</h4><p id="ALM-12040__p754913417333">This alarm is automatically cleared after the fault is rectified.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1298.html">Alarm Reference (Applicable to MRS 3.x)</a></div>
</div>
</div>
View Git Blame Copy Permalink