I noticed that on my machine, my entropy was staying high, then falling off. Then, at what appeared to be some arbitrary point, it would fill back up, in a very periodic manner. This is, of course, after running haveged in the background. Curious, I started looking into it. It took a while to find. Then noticed it. It was obvious. The "write_wakeup_threshold" is what is telling the daemon to fill the entropy pool with more data.
$ cat /proc/sys/kernel/random/write_wakeup_threshold 1024
This is default, after installing haveged. But, the poolsize is 4096. It sure would be nice if the write_wakeup_threshold was 4096, rather than 1024. Well, you have two options to set it: you can use sysctl, or you can use haveged. Let's look at both (I prefer the latter). With sysctl, you just need to edit the /etc/sysctl.conf file, and add the following lines:
## Keep the entropy at full up kernel.random.write_wakeup_threshold = 4096
Then run:
# sysctl -p kernel.random.write_wakeup_threshold = 4096
Or, haveged ships with a configuration file to set this automatically when the daemon starts, and this should probably be the preferred way for setting it. Change the /etc/default/haveged file to use 4096 instead of 1024:
# Configuration file for haveged # Options to pass to haveged: # -w sets low entropy watermark (in bits) DAEMON_ARGS="-w 4096"
Then restart haveged:
# /etc/init.d/haveged restart
* Restarting entropy daemon haveged
...done.
Now, check your Munin graphs (or whatever), and notice that your entropy never deviates from full up. Rawk.
{ 6 } Comments