Hi everyone,
This is a interesting conversation. When I saw the error about "
Error: java awapi timed out." it reminded me of when we got this error.
The solution was to change /dev/random to /dev/urandom in the java.security file. Find this file for the Java you are using for the master/agent systems
and change it. It fixed it nicely.
I know the keys have to be in place, but I don't remember getting the Java awapi, but this is worth a shot. The keys had me going, but I finally got it working.
Rich
securerandom.source=file:/dev/random
To
securerandom.source=file:/dev/urandom
I think there is also a way to change the system entropy for all Java on the system. It's been a while but I helped the DBA's use the rngd service.
This is from some of the documentation I had for the rngd service.
man rngd
-i Ignore repeated fips failures.
-o file, Kernel device used to random number output (Default: /dev/random)
-r file, Kernel device used for random number input (Default: /dev/hwrandom)
-t Interval written to random-device when the entropy pool is full. Note that this option
exists for backward compatibility in RHEL6, but is ignored. Rngd now correctly waits until
writing to a random-device will not block.
-W Once we start doing it, feed entropy to random-device until at least fill-watermark bits
of entropy are available in its entropy pool (default: 2048). Setting this too high will
cause rngd to dominate the contents of the entropy pool. Low values will hurt system
performance during entropy starves. Do not set fill-watermark above the size of the entropy
pool (usually 4096 bits).
I found numerous web site which document this same exact setting we used.
EXTRAOPTIONS="-i -o /dev/random -r /dev/urandom -t 10 -W 2048"
http://blog.hussaindba.com/java-programs-are-running-slower-in-newer-servers-due-to-lack-of-entropy-in-the-system/
yum install rng-tools
echo 'EXTRAOPTIONS="-i -o /dev/random -r /dev/urandom -t 10 -W 2048"' > /etc/sysconfig/rngd
chkconfig rngd on
service rngd restart
https://felixcentmerino.wordpress.com/oracle-fusion-middleware/webcenter-portal-content-cluster-infraestructure/installation-java-process/
We can improve your entropy installing the rng-tools
Install rng-tools (it should be installed by default)
yum install rng-tools
Modify /etc/sysconfig/rngd file adding
EXTRAOPTIONS="–i –o /dev/random –r /dev/urandom –t 10 –W 2048"
Make rngd start when booting the O.S
sudo chkconfig rngd on
Restart the service
sudo service rngd restart
https://developers.redhat.com/blog/2017/10/05/entropy-rhel-based-cloud-instances/
rngd -r /dev/urandom -o /dev/random
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/
sect-security_guide-encryption-using_the_random_number_generator
Similarly, you can use the -o (or --random-device) option to choose the kernel device for
random-number output (other than the default /dev/random). See the rngd(8) manual page for
a list of all available options.
https://quotidian-ennui.github.io/blog/2012/06/15/slow-java-crypto-performance-on-linux/
It's always SecureRandom; if you have a problem with speed during a cryptographic operation you can
point the finger at SecureRandom. It all stems there being not enough randomness in /dev/random; the
virtual machine isn't doing enough network reads or disk accesses or something to generate any more
entropy and it's blocking.
Make java actually use /dev/urandom
We checked ${java.home}/jre/lib/security/java.security, and as always the securerandom.source property
points to file:/dev/urandom. The notes in the file itself says that the NativePRNG will use /dev/urandom;
however, it lies, lying like a Gregor MacGregor as Bug 6202721 will testify; file:/dev/urandom is treated
as magic, and it ends up using /dev/random regardless. That's pretty frustrating; it's not the fact that
it's magic and it points to /dev/random, it's the fact that the lazy fools haven't even updated the
documentation; it's been like that, for what, 8 years, and they haven't modified the stupid java.security
documentation. Still, all you really have to do is to make the URI not magic anymore.
[root@linux ~]# yum install rng-tools
[root@linux ~]# echo 'EXTRAOPTIONS="-i -o /dev/random -r /dev/urandom -t 10 -W 2048"' > /etc/sysconfig/rngd
[root@linux ~]# chkconfig rngd on
[root@linux ~]# service rngd restart
The man page for rngd is pretty comprehensive so you can check that for the exact meanings for each parameter.
The only thing that is a must is the -i flag as your source device (/dev/urandom) isn't going to FIPS compliant
and you don't want rngd to terminate unexpectedly.
Original Message:
Sent: 06-25-2020 12:18 PM
From: John Jung
Subject: Applications Manager 9.1 Installation - awapi timed out
Hi,
I'm installing Applications Manager 9.1 on Linux connecting to Oracle 12c. I eventually want to upgrade it to AM 9.3 and upgrade Oracle 19c.
The install seems to go fine but after doing the database stuff, after it starts the AgentService, awapi times out:
agentservice.lock file is /apps/appworx/status/agentservice.lock
AgentService pid is 112123
waiting for java awapi to start
Error: java awapi timed out.
netstat shows 1099, 2136 and 5050 aren't being used and the firewall's disabled.
What could be causing awapi to time out?
Thanks.