Linux system Tomcat8 startup slow solution

preface

Recently, I encountered a problem in my work. Under Linux, Tomcat 8 started slowly with no errors in the log. The following information was found in the log:

Log4j:[2017-08-2715:47:11] INFO ReadProperty:172 - Loading properties file from class path resource [resources/jdbc.properties]
Log4j:[2017-08-27 15:47:11] INFO ReadProperty:172 - Loading properties file from class path resource [resources/common.properties]
27-Aug-2017 15:52:53.587 INFO [localhost-startStop-1] org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [342,445] milliseconds.

why

Tomcat 7/8 is used org.apache.catalina.util.SessionIdGeneratorBase.createSecureRandom The class generates an instance of the secure random class SecureRandom as session ID, which took 342 seconds, or nearly 6 minutes.

SHA1PRNG algorithm is a pseudorandom number generator based on SHA-1 algorithm.

In SHA1PRNG, there is a seed generator that performs various operations according to the configuration.

1) if the java.security.egd Attributes, or securerandom.source The attribute specifies "file:/dev/random" or "file:/dev/urandom", then JVM USES the local seed producer NativeSeedGenerator, which calls super() Method, which is called SeedGenerator.URLSeedGenerator(/dev/random) Method to initialize.

2) if the java.security.egd Attributes, or securerandom.source Property specifies other existing URL, which is called SeedGenerator.URLSeedGenerator(url) Method to initialize.

This is why a value of "file:///dev/urandom" or a value of "file:/./dev/random" will work.

In this implementation, the generator evaluates the amount of noise in the entropy pool (entropy pool). Random Numbers are created from the entropy pool. When read, the /dev/random device returns only random bytes of noise from the entropy pool. /dev/random is ideal for scenarios that require very high quality randomness, such as one-time payments or generating keys.

When the entropy pool is empty, read operations from /dev/random will be blocked until the entropy pool collects enough ambient noise data. The goal is to become a cryptographically secure pseudo-random number generator with the largest possible output from the entropy pool. Do this for scenarios that generate high-quality encryption keys or require long-term protection.

So what is environmental noise?

The random number generator puts ambient noise data from device drivers and other sources into the entropy pool. The generator evaluates the amount of noise data in the entropy pool. When the entropy pool is empty, the collection of noise data is relatively time consuming. This means that when Tomcat USES entropy pools in a production environment, it can be blocked for a long time.

To solve

There are two solutions:

1) In the Tomcat environment

You can use the non-blocking Entropy Source by configuring JRE.

Add this line to ES83en.sh: -Djava.security.egd=file:/dev/./urandom Can.

After joining, start Tomcat again and the entire startup time drops to Server startup in 2912 ms.

2) In JVM

Open the $JAVA_PATH/jre lib/security/java security this file, find the following content:
securerandom.source=file:/dev/urandom

replace
java.security.egd0

conclusion