if you want to troubleshoot performance issue at OAM. read below oracle guideline to figure out the issue
In order to confirm if the process is indeed blocking on reading from /dev/random, collect an strace output from the process while the issue is taking place (run as root), i.e:
# strace -rt -o strace.out -p <process_id>
This will let us know how many open system calls are made to dev/random
Once it is ascertained that most number of open system calls are made to dev/random we should either increase the entropy of the environment or we can change the PRNG (Pseudo Random Number Generator) for that environment.
In order to generate random numbers that are not predictable, SSL security code relies upon "entropy" on a machine. Entropy is activity such as mouse movement, disk IO, or network traffic. If entropy is minimal or non-existent, then the random number generator will be slow, and security operations may time out. This may disrupt activities such as booting a managed server into a domain using a secure admin channel. This issue generally occurs for a period after startup. Once sufficient entropy has been achieved on a JVM, the random number generator should be satisfied for the lifetime of the machine.
There are two possible options at hand to resolve the issue:
1.) Find ways to increase the entropy on the system permanently (System Administrator needs to be engaged) -> try increasing the entropy on the problematic system (by increasing IO activity on the system).
2.) Use faster but less secure random number generator "/dev/urandom" using following JAVA System
Please add the following Java command line (JAVA_OPTIONS) :
-Djava.security.egd=file:/dev/urandom
OR
-Djava.security.egd=file:/dev/./urandom
-Djava.security.egd=file:/dev/./urandom
OR
-Djava.security.egd=file:/dev/./urandom
-Djava.security.egd=file:/dev/./urandom
Note that "Option-2" is not recommended in Production Environment.
No comments:
Post a Comment