目前公司大部分服務器操作系統還是centos6.5,tomcat用的是7,平時基本上沒什么問題,啟動也比較快,但是,最近有部分項目服務器更新至centos7.3 ,有些機器啟動tomcat的時候巨慢無比,甚至達到10分鍾左右,無法忍受,於是想辦法解決這個問題,網上帖子也比較多,基本上能解決問題,還是簡單記錄一下吧:
tomcat wiki上有這么一段話:
Entropy Source Tomcat 7+ heavily relies on SecureRandom class to provide random values for its session ids and in other places. Depending on your JRE it can cause delays during startup if entropy source that is used to initialize SecureRandom is short of entropy. You will see warning in the logs when this happens, e.g.: <DATE> org.apache.catalina.util.SessionIdGenerator createSecureRandom INFO: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [5172] milliseconds. There is a way to configure JRE to use a non-blocking entropy source by setting the following system property: -Djava.security.egd=file:/dev/./urandom Note the "/./" characters in the value. They are needed to work around known Oracle JRE bug #6202721. See also JDK Enhancement Proposal 123. It is known that implementation of SecureRandom was improved in Java 8 onwards. Also note that replacing the blocking entropy source (/dev/random) with a non-blocking one actually reduces security because you are getting less-random data. If you have a problem generating entropy on your server (which is common), consider looking into entropy-generating hardware products such as "EntropyKey".
從這段話中,可以找到解決方案,在啟動的時候添加一個參數: -Djava.security.egd=file:/dev/./urandom
另外一種方式,網上帖子也有說,那就是修改jre/lib/security/java.security文件:
#securerandom.source=file:/dev/urandom
securerandom.source=file:/dev/./urandom
有人還推薦了另外一種方式,前提是需要服務器cpu支持DRNG特性:
1、查看是否支持:
cat /proc/cpuinfo | grep rdrand
2、如果支持,安裝rngd服務(熵服務):
yum install rngd-tools
3、啟動服務
systemctl start rngd
如果你的CPU不支持DRNG特性或者使用虛擬機,可以使用/dev/unrandom來模擬。
cp /usr/lib/systemd/system/rngd.service /etc/systemd/system
編輯/etc/systemd/system/rngd.service service,ExecStart=/sbin/rngd -f -r /dev/urandom
systemctl daemon-reload重新載入服務
systemctl restart rngd重啟服務
觀察/proc/sys/kernel/random/entropy_avail:
watch -n 1 cat /proc/sys/kernel/random/entropy_avail
新打開一個shell,用dd命令測試隨機數。dd if=/dev/random of=random.dat count=40960
參考:
https://wiki.apache.org/tomcat/HowTo/FasterStartUp
http://bugs.java.com/bugdatabase/view_bug.do?bug_id=6202721
http://udn.yyuap.com/thread-129351-1-1.html