Set up Entropy (Randomness) for TeamForge
When Linux needs to create secure resources such as SSH keys, TLS/SSL certificates, password hashes, or secure tokens, it requires random numbers. Entropy is the system's supply of this randomness.
Some TeamForge components especially Gerrit generate keys and certificates during installation or startup. If the server has too little entropy, Linux pauses and waits for randomness, which can cause:
- TeamForge Gerrit (or related services) not starting automatically
- Provisioning scripts taking a very long time or timing out
- Commands that should take seconds taking minutes
- "It looks stuck" behavior during setup
Why Cloud VMs Often Have Low Entropy
Physical servers get randomness from many unpredictable events keyboard/mouse timings, device interrupts, and hardware behavior.
Cloud VMs typically have:
- No keyboard or mouse activity
- Fewer unpredictable hardware events
- Limited access to hardware random devices
As a result, they can run low on entropy, especially during first boot, provisioning, or heavy cryptographic work.
Check Available Entropy
cat /proc/sys/kernel/random/entropy_avail
How to Read the Number
| Value | Meaning |
|---|---|
| 1000+ | Usually fine |
| 300–1000 | May work, but watch for issues |
| Below 300 | Likely to cause delays or hangs during provisioning |
| 0–100 | High chance of startup/provisioning failures |
This number changes over time. Check it when you see the problem.
Install and Enable rngd (Recommended Fix)
Red Hat recommends using the rngd daemon (from rng-tools) on RHEL-based cloud instances to keep entropy healthy. It runs in the background and feeds the system with randomness from available sources.
Step 1 — Install the Package
RHEL / CentOS / AlmaLinux 8/9:
sudo dnf install -y rng-tools
RHEL / CentOS 7:
sudo yum install -y rng-tools
Step 2 — Enable and Start the Service
sudo systemctl enable --now rngd
Check that it is running:
sudo systemctl status rngd
Step 3 — Verify Entropy Improved
cat /proc/sys/kernel/random/entropy_avail
You should see a higher, more stable number after rngd is active.
Check for a Hardware Random Device (VMs)
Many modern systems expose a hardware random device. If present, rngd can use it as an additional entropy source.
Check if /dev/hwrng exists:
ls -l /dev/hwrng
If /dev/hwrng exists, rngd can use it automatically. If it does not exist, rngd may still help depending on the platform, but results vary by environment.
Quick Copy-Paste Fix
RHEL 8/9, AlmaLinux 8/9:
sudo dnf install -y rng-tools
sudo systemctl enable --now rngd
cat /proc/sys/kernel/random/entropy_avail
RHEL / CentOS 7:
sudo yum install -y rng-tools
sudo systemctl enable --now rngd
cat /proc/sys/kernel/random/entropy_avail
Troubleshooting
If you see a provisioning failure that looks like the system is stuck during key generation or secure startup steps:
- Check entropy:
cat /proc/sys/kernel/random/entropy_avail - If it is low, install and start
rngd(see Install and Enable rngd). - Retry the failed provisioning or startup action.
- Is this a TeamForge bug? Not exactly. It is an OS/VM environment issue where Linux cannot generate randomness fast enough.
- Is installing
rng-toolssafe? Yes. This is a common and recommended approach on cloud VMs to avoid entropy starvation. - Do I need to keep
rngdrunning permanently? Recommended on cloud VMs. It is lightweight and prevents future "randomness waiting" problems. - Reference: Red Hat guidance on entropy for RHEL-based cloud instances