Workaround - Terraform client hangs (reproducible): Waiting for randomness from kernel. #24375
Comments
|
It appears that is this particular setup the entropy on startup is very low. On fresh boot: # cat /proc/sys/kernel/random/entropy_avail
16So just how much randomness does terraform require to run? |
|
Hi @bbros-dev, Thanks for the extra info. Running in a container without enough entropy to provide random data is not something we had planned on for terraform, and indeed nearly all systems will have a functional CSPRNG with enough entropy to seed it by default. Terraform needs a significant amount of random data for TLS connections between the client, plugins, and numerous external services. Most of the linked issues are unrelated to this, as they are hanging in other parts of the code aside from key generation. Since a system that can provide adequate cryptographically secure random data is a prerequisite for terraform to run, there's not much we can do here to prevent the situation. It may be useful to get the stack trace while it's hanging to see exactly where the Go code is blocked, since it's not likely in Terraform's code at all. It's possible that we could provide some way to at least error or crash if this situation arises. |
|
Closing. Working as intended. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Terraform Version
Terraform Configuration Files
Not relevant. The issue is observed with the command
terraformandterraform -versionDebug Output
TF_LOG=TRACE terraformactually returned nothing. Ever.apt install stracestrace terraformBingo:Then some time later the last line becomes:
The
terraformcommand is still hanging there.Crash Output
Never crashes, just hangs.
Expected Behavior
Actual Behavior
See
strace terraformoutput aboveSteps to Reproduce
$ ignite version Ignite version: version.Info{Major:"0", Minor:"6", GitVersion:"v0.6.3", GitCommit:"ed51b9378f6e0982461074734beb145d571d56a6", GitTreeState:"clean", BuildDate:"2019-12-10T06:19:57Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/amd64"} Firecracker version: v0.18.1 Runtime: containerdsudo ignite --interactive run --config tf-issue.jsonwheretf-issue.jsonis:{ "kind": "VM", "apiVersion": "ignite.weave.works/v1alpha2", "metadata": { "name": "githooks" }, "spec": { "image": { "oci": "yelgeb/githooks:1.0.13" }, "kernel": { "oci": "weaveworks/ignite-kernel:4.19.47", "cmdLine": "console=ttyS0 reboot=k panic=1 pci=off ip=dhcp" }, "cpus": 1, "memory": "512MB", "diskSize": "1024MB", "network": { "ports": [ { "hostPort": 50000, "vmPort": 50000, "protocol": "tcp" }, { "hostPort": 50001, "vmPort": 50001, "protocol": "tcp" }, { "hostPort": 50002, "vmPort": 50002, "protocol": "tcp" } ] }, "storage": {} } }terraformWorkaround
apt install haveged rng-toolsvi /etc/default/rng-toolsHRNGDEVICE=/dev/urandom/etc/init.d/rng-tools startterraformReferences
Many other users have reported intermittent issues, which were difficult to reproduce. I'm hoping the workaround provided above helps remove the hang behavior.
#24061
#23976
#23015
#23458
#23974
#22774
#22722
#22343
#20190
#21876
#21194
#19337
The text was updated successfully, but these errors were encountered: