Commit b0001d2a authored by Daniel Lange's avatar Daniel Lange

Document the entropy during boot starvation issue as per #916690.

parent b6fc0771
Pipeline #45647 canceled with stage
in 1 minute and 55 seconds
......@@ -92,6 +92,43 @@ information mentioned in <xref linkend="morereading"/>.
these options.
</para>
</section>
<section>
<!-- stretch to buster -->
<title>sshd, apache or other daemons fail to start.
System appears to hang for a long time during boot.</title>
<para>
Due to <systemitem role="package">systemd</systemitem> needing
entropy during boot and the kernel treating such calls as blocking
when available entropy is low, the system may hang for minutes to
hours until the randomness subsystem is sufficiently initialized
(<literal>random: crng init done</literal>).
For AMD64 systems supporting the <literal>RDRAND</literal>
instruction this issue is mediated by the Debian kernel using
this instruction by default now
(<literal>CONFIG_RANDOM_TRUST_CPU</literal>).
</para>
<para>
Non-AMD64 systems and some type of virtual machines need to provide
a different source of entropy to continue fast booting.
<systemitem role="package">haveged</systemitem>
has been chosen for this within the Debian Installer project and may
be a valid option if hardware entropy is not available on the system.
On virtual machines consider forwarding entropy from the host to
the VMs via <literal>virtio_rng</literal>.
</para>
<para>
If you read this after upgrading a remote system to &releasename;,
ping the system on the network continuously as this adds entropy
to the randomness pool and the system will eventually be reachable
by ssh again.
</para>
<para>
See <ulink url="&url-bts;916690">bug #916690</ulink> for details and
<ulink url="https://daniel-lange.com/archives/152-hello-buster.html">
DLange's overview of the issue</ulink> for other options.
</para>
</section>
<section id="migrate-interface-names">
<!-- (jessie to) stretch to buster -->
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment