* [PATCH 1/2] dropbear/openssh: Lower priority of key generation
@ 2020-09-18 6:00 Richard Purdie
2020-09-18 6:00 ` [PATCH 2/2] oeqa/qemurunner: Increase serial timeout Richard Purdie
2020-09-18 17:45 ` [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation Khem Raj
0 siblings, 2 replies; 5+ messages in thread
From: Richard Purdie @ 2020-09-18 6:00 UTC (permalink / raw)
To: openembedded-core
Where we have images with PAM+systemd, serial login can be extremely
slow. The load generated by key generation does slow down the rest
of the boot process.
Lower the priority level of these systemd services, since we'd
prefer to have the rest of the system boot more effectively.
This doesn't "solve" the slow systemd boot issues but does help.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service | 1 +
meta/recipes-core/dropbear/dropbear/dropbearkey.service | 1 +
2 files changed, 2 insertions(+)
diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
index 603c33787f1..fd81793d511 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
@@ -6,3 +6,4 @@ RequiresMountsFor=/var /run
ExecStart=@LIBEXECDIR@/sshd_check_keys
Type=oneshot
RemainAfterExit=yes
+Nice=10
diff --git a/meta/recipes-core/dropbear/dropbear/dropbearkey.service b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
index c49053d57c7..71a12a6110c 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbearkey.service
+++ b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
@@ -11,3 +11,4 @@ Type=oneshot
ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}
ExecStart=@SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
RemainAfterExit=yes
+Nice=10
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] oeqa/qemurunner: Increase serial timeout
2020-09-18 6:00 [PATCH 1/2] dropbear/openssh: Lower priority of key generation Richard Purdie
@ 2020-09-18 6:00 ` Richard Purdie
2020-09-18 17:45 ` [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation Khem Raj
1 sibling, 0 replies; 5+ messages in thread
From: Richard Purdie @ 2020-09-18 6:00 UTC (permalink / raw)
To: openembedded-core
Increase the serial login timeout from 60 to 120s. This seems like a
long time, however for a qemumips image with systemd+PAM and openssh,
(e.g. core-image-sato-sdk + DISTRO=poky-altcfg), the getty connects
to systemd's pam module which waits on logind and 45s for all this
to happen at the same time as things like ssh key generation happens
is not unknown.
Increase the timeout to match the longer times we know these things
can take in the worst case scenarios since we're tired of intermittent
issues related to the serial login affecting the autobuilder.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
meta/lib/oeqa/utils/qemurunner.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index 519aa9aa1e5..77ec939ad72 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -393,7 +393,7 @@ class QemuRunner:
# If we are not able to login the tests can continue
try:
- (status, output) = self.run_serial(self.boot_patterns['send_login_user'], raw=True)
+ (status, output) = self.run_serial(self.boot_patterns['send_login_user'], raw=True, timeout=120)
if re.search(self.boot_patterns['search_login_succeeded'], output):
self.logged = True
self.logger.debug("Logged as root in serial console")
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation
2020-09-18 6:00 [PATCH 1/2] dropbear/openssh: Lower priority of key generation Richard Purdie
2020-09-18 6:00 ` [PATCH 2/2] oeqa/qemurunner: Increase serial timeout Richard Purdie
@ 2020-09-18 17:45 ` Khem Raj
2020-09-18 17:55 ` Richard Purdie
1 sibling, 1 reply; 5+ messages in thread
From: Khem Raj @ 2020-09-18 17:45 UTC (permalink / raw)
To: Richard Purdie, openembedded-core
On 9/17/20 11:00 PM, Richard Purdie wrote:
> Where we have images with PAM+systemd, serial login can be extremely
> slow. The load generated by key generation does slow down the rest
> of the boot process.
>
this is a good find. So I wonder if its because we have entropy
starvation. I see that we do enable virtio-rng while launching qemu so
something to look in this area perhaps.
> Lower the priority level of these systemd services, since we'd
> prefer to have the rest of the system boot more effectively.
>
> This doesn't "solve" the slow systemd boot issues but does help.
>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> ---
> meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service | 1 +
> meta/recipes-core/dropbear/dropbear/dropbearkey.service | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
> index 603c33787f1..fd81793d511 100644
> --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
> +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
> @@ -6,3 +6,4 @@ RequiresMountsFor=/var /run
> ExecStart=@LIBEXECDIR@/sshd_check_keys
> Type=oneshot
> RemainAfterExit=yes
> +Nice=10
> diff --git a/meta/recipes-core/dropbear/dropbear/dropbearkey.service b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
> index c49053d57c7..71a12a6110c 100644
> --- a/meta/recipes-core/dropbear/dropbear/dropbearkey.service
> +++ b/meta/recipes-core/dropbear/dropbear/dropbearkey.service
> @@ -11,3 +11,4 @@ Type=oneshot
> ExecStart=@BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}
> ExecStart=@SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key
> RemainAfterExit=yes
> +Nice=10
>
>
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation
2020-09-18 17:45 ` [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation Khem Raj
@ 2020-09-18 17:55 ` Richard Purdie
[not found] ` <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.949ef384-8293-46b8-903f-40a477c056ae.76905e61-10f2-47a2-a9d3-f83899164fb3@emailsignatures365.codetwo.com>
0 siblings, 1 reply; 5+ messages in thread
From: Richard Purdie @ 2020-09-18 17:55 UTC (permalink / raw)
To: Khem Raj, openembedded-core
On Fri, 2020-09-18 at 10:45 -0700, Khem Raj wrote:
>
> On 9/17/20 11:00 PM, Richard Purdie wrote:
> > Where we have images with PAM+systemd, serial login can be
> > extremely
> > slow. The load generated by key generation does slow down the rest
> > of the boot process.
> >
>
> this is a good find. So I wonder if its because we have entropy
> starvation. I see that we do enable virtio-rng while launching qemu
> so something to look in this area perhaps.
I did check and the virtio rng is alive and well in the image. Its the
CPU usage of the key generation that partly causes the issue.
Cheers,
Richard
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation
[not found] ` <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.0d2bd5fa-15cc-4b27-b94e-83614f9e5b38.74d10122-7f89-4ea0-9839-3b2878499c45@emailsignatures365.codetwo.com>
@ 2020-09-22 13:28 ` Mike Looijmans
0 siblings, 0 replies; 5+ messages in thread
From: Mike Looijmans @ 2020-09-22 13:28 UTC (permalink / raw)
To: openembedded-core
Met vriendelijke groet / kind regards,
Mike Looijmans
System Expert
TOPIC Embedded Products B.V.
Materiaalweg 4, 5681 RJ Best
The Netherlands
T: +31 (0) 499 33 69 69
E: mike.looijmans@topicproducts.com
W: www.topicproducts.com
Please consider the environment before printing this e-mail
On 18-09-2020 19:55, Richard Purdie via lists.openembedded.org wrote:
> On Fri, 2020-09-18 at 10:45 -0700, Khem Raj wrote:
>> On 9/17/20 11:00 PM, Richard Purdie wrote:
>>> Where we have images with PAM+systemd, serial login can be
>>> extremely
>>> slow. The load generated by key generation does slow down the rest
>>> of the boot process.
>>>
>> this is a good find. So I wonder if its because we have entropy
>> starvation. I see that we do enable virtio-rng while launching qemu
>> so something to look in this area perhaps.
> I did check and the virtio rng is alive and well in the image. Its the
> CPU usage of the key generation that partly causes the issue.
>
>
Another solution is to just have it create smaller keys. The computation
time seems to grow exponential with the bit count, a 2048 size key can
take 10 times longer than a 1024 bit key to generate, and a 4096 may
take 10x that again.
There's been a move to 4096 sizes keys lately, pushing the CPU use even
further. Unless you're controlling a nuclear power plant or so, that's a
bit excessive.
--
Mike Looijmans
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-09-22 13:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-18 6:00 [PATCH 1/2] dropbear/openssh: Lower priority of key generation Richard Purdie
2020-09-18 6:00 ` [PATCH 2/2] oeqa/qemurunner: Increase serial timeout Richard Purdie
2020-09-18 17:45 ` [OE-core] [PATCH 1/2] dropbear/openssh: Lower priority of key generation Khem Raj
2020-09-18 17:55 ` Richard Purdie
[not found] ` <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.949ef384-8293-46b8-903f-40a477c056ae.76905e61-10f2-47a2-a9d3-f83899164fb3@emailsignatures365.codetwo.com>
[not found] ` <1b153bce-a66a-45ee-a5c6-963ea6fb1c82.0d2bd5fa-15cc-4b27-b94e-83614f9e5b38.74d10122-7f89-4ea0-9839-3b2878499c45@emailsignatures365.codetwo.com>
2020-09-22 13:28 ` Mike Looijmans
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.