Host Access for the Cloud 2.6.2 or higher
Installation does not complete on UNIX or Linux platforms.
The install program, server startup, or other operations may stall on UNIX or Linux systems, particularly headless ones. This delay is caused by an insufficient amount of entropy in the system.
The affected Micro Focus products include an updated version of the Bouncy Castle FIPS Java cryptographic module. This Bouncy Castle version generates prediction-resistant random numbers for cryptographic use by drawing from the operating system's live entropy source, such as /dev/random on Linux platforms.
In some environments, cryptographic operations can strain the Java Virtual Machine's entropy source. An insufficient pool of entropy can result in long delays during server startup and at other times while additional entropy is collected.
Determining if Entropy is SufficientBefore you install on your Linux system, use the following diagnostic commands to verify proper entropy generation. If desired results are not achieved, proceed with the Resolution.
- To see how many bits of entropy are available, enter this command:
Desired result: The output value should be at least 1000.
- To determine how quickly the entropy pool is replenished as entropy is consumed, use the command above along with this command to read from the entropy pool:
Desired result: If the output streams continuously, the system should have a sufficient pool of entropy as dev/random is being constantly refilled.
However, if the output is only a short listing and then it stops, the MSS or HACloud cryptographic operations will perform poorly until more entropy is collected. Proceed with the Resolution.
In a Linux/UNIX environment, we recommended installing either
- a hardware-based random number generator â or â
- a software-based entropy daemon, such as haveged or rng-tools
Some Linux platforms already install and enable an entropy service by default.