OpenVZ and Apache troubleshooting: PRNG still contains insufficient entropy! 2008-05-24


I was setting up Apache on OpenVZ earlier today, and ran into a problem with enabling SSL. Apache would refuse to start, and I'd see this in the error log:
[Sat May 24 07:48:10 2008] [warn] Init: PRNG still contains insufficient entropy!
[Sat May 24 07:48:10 2008] [error] Init: Failed to generate temporary 512 bit RSA private keyConfiguration Failed
The solution is quite simple, though not very intuitive. On the host do this (replace "100" with the name or id of your OpenVZ container):
vzctl set 100 --devices c:1:8:rw --save
vzctl exec 100 mknod /dev/random c 1 8
vzctl set 100 --devices c:1:9:rw --save
vzctl exec 100 mknod /dev/urandom c 1 9
Apache's SSL support requires /dev/random and /dev/urandom to seed the PRNG. Note that if only /dev/urandom is missing, Apache may seem to start, but eat all CPU. If you attach "strace" to it, you may see it spin over attempting to open /dev/urandom over and over.

blog comments powered by Disqus