Starting the haveged Service

Procedure

• "Server" supports bidirectional HTTPS authentication to authenticate HTTPS requests initiated by clients. When HTTPS is enabled, to encrypt the password of the server key, the random number generation algorithm used by the encryption tool KMC requires haveged to supplement entropy. Perform the following operations on all nodes where "Server" is installed.
• The server hosting the cluster service uses the KMC tool, and haveged is also required for entropy supplementation on the management node of the cluster service.
• When "Server" is deployed, the certificate is automatically generated in the container, which needs to be decrypted by KMC to generate a random password. This has high requirements on the entropy (4096). Therefore, haveged needs to be installed on the compute node to supplement the entropy.

Check whether entropy needs to be supplemented the current Linux environment.

1. Check whether the haveged service is enabled in the system. (You are advised to keep the haveged service enabled.)

   systemctl status haveged.service

   or

   ps -ef | grep "haveged" | grep -v "grep"

2. Change the entropy of the /etc/default/haveged configuration file to 4096.

   DAEMON_ARGS="-w 4096"

3. Start the haveged service and make it start with the system. Ensure that the haveged service is always started.

   systemctl start haveged.service
   systemctl enable haveged.service

4. Check the output speed of random numbers.

   cat /dev/random | od -x

   View the current entropy.

   cat /proc/sys/kernel/random/entropy_avail

   In normal cases, the entropy before haveged is started is more than 100. After haveged is started, the entropy increases accordingly.