nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Braddy <rbra...@softnas.com>
Subject RE: Long start time for NiFi on a VM
Date Fri, 04 Sep 2015 21:36:18 GMT
Great find, Mike!

Thanks for sharing.

Rick

From: Michael Moser [mailto:moser.mw@gmail.com]
Sent: Friday, September 04, 2015 3:24 PM
To: users@nifi.apache.org
Subject: Long start time for NiFi on a VM

I have experienced some long start times for NiFi while running on a virtual machine.  This
happens randomly so it has just been a minor annoyance.  Well I finally spent some time investigating
why, and this is what I learned.  In my nifi-app.log I would see log messages like this. 
Note the 13 minute startup ...

2015-09-01 17:12:02,237 INFO [main] /nifi-api Initializing Spring root WebApplicationContext
2015-09-01 17:25:02,321 INFO [main] o.a.n.p.PersistentProvenanceRepository Recovered 0 records

On low entropy environments, such as a VM on cloud services, it can take a long time to generate
random numbers using java.security.SecureRandom.  This is needed for encryption which NiFi
does with encrypting sensitive properties, SSL, and more.  Some references to other experiences
with this are [1], [2] and [3].
So I took their advice and modified my bootstrap.conf to add this line, and my NiFi startup
problems went away!
java.arg.15=-Djava.security.egd=file:/dev/./urandom
I think this deserves a note in the Admin Guide, perhaps in the Best Practice section.  Using
/dev/urandom on Linux to generate random numbers doesn't seem to be any less secure than /dev/random
[4].

-- Mike

[1] - http://stackoverflow.com/questions/137212/how-to-solve-performance-problem-with-java-securerandom
[2] - https://github.com/kaazing/gateway/issues/167
[3] - http://stackoverflow.com/questions/26227344/oracle-java-8-x64-for-linux-and-randomsource
[4] - http://www.2uo.de/myths-about-urandom/
Mime
View raw message