Re: lack of boot-time entropy on arm64 ec2 instances

[Noah Meyerhans <noahm@debian.org>]

On Wed, Jan 08, 2020 at 09:24:25PM +0000, Jeremy Stanley wrote:
> > I've seen reactions like this, but never an explanation.  Has anyone
> > written up the issues?  Given that "fail to boot" isn't a workable
> > outcome, it'd be useful to know exactly what risks one accepts when
> > using haveged.
> 
> While you're at it, defining "fail to boot" would be nice. Just
> because sshd won't start, it doesn't necessarily mean the machine
> isn't "booted" in some sense, only that maybe you can't log into it
> (substitute httpd and inability to browse the Web sites served from
> it, or whatever you prefer).

To be clear, the problem isn't a failure to boot, but rather a several
minute pause during boot.  In the default images, the pause occurs
during ssh host key generation, but it's possible that other services
would be impacted in actual production scenarios, particularly since
user-provided cloud-config would not be processed until after the
config-ssh module completes.

For reference, here's the "systemd-analyze blame" and "cloud-init
analyze blame" output showing the delay:

admin@ip-10-0-1-42:~$ systemd-analyze blame
    2min 27.763s cloud-init.service
         26.080s cloud-final.service
          2.774s networking.service
          2.065s cloud-init-local.service
          1.554s cloud-config.service
          ...

admin@ip-10-0-1-42:~$ cloud-init analyze blame
-- Boot Record 01 --
     25.26800s (modules-final/config-scripts-user)
     145.79700s (init-network/config-ssh)
     00.62600s (modules-config/config-grub-dpkg)
     00.49900s (init-local/search-Ec2Local)