[PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware

public inbox for isar-users@googlegroups.com
 help / color / mirror / Atom feed

* [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware
@ 2021-10-15  8:06 Florian Bezdeka
  2021-10-15  8:06 ` [PATCH v2 1/2] sshd-regen-keys: Start key generation after entropy seed Florian Bezdeka
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Florian Bezdeka @ 2021-10-15  8:06 UTC (permalink / raw)
  To: isar-users; +Cc: jan.kiszka, henning.schild, Florian Bezdeka

Hi,

when booting a Debian 11 based ISAR image with sshd-regen-keys 
enabled on low end systems it could happen that the first boot 
took too long so that the configured timeout for serial console 
systemd units was hit.

It turned out that running sshd-regen-keys in parallel to
systemd-random-seed is not the best idea. Patch one fixes that by
moving the start of sshd-regen-keys after the point in time where 
systemd-random-seed completed.

Patch two fixes two warnings that were discovered on Debian 11. I
tested that with Debian 10 as well. Worked as expected.

Best regards,
Florian

---
Changes since v1:
 - Rebased on current next

Florian Bezdeka (2):
  sshd-regen-keys: Start key generation after entropy seed
  sshd-regen-keys: Fix some systemd obsolete warnings about using syslog

 .../sshd-regen-keys/files/sshd-regen-keys.service              | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

-- 
2.31.1

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2 1/2] sshd-regen-keys: Start key generation after entropy seed
  2021-10-15  8:06 [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Florian Bezdeka
@ 2021-10-15  8:06 ` Florian Bezdeka
  2021-10-15  8:06 ` [PATCH v2 2/2] sshd-regen-keys: Fix some systemd obsolete warnings about using syslog Florian Bezdeka
  2021-10-22 14:59 ` [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Anton Mikanovich
  2 siblings, 0 replies; 4+ messages in thread
From: Florian Bezdeka @ 2021-10-15  8:06 UTC (permalink / raw)
  To: isar-users; +Cc: jan.kiszka, henning.schild, Florian Bezdeka

Especially on low-end systems (including arm on qemu) it could happen
that the key generation took extremly long. As side effect some other
services (like the ones for serial consoles) run into the configured
timeouts.

[ TIME ] Timed out waiting for device /dev/hvc0.
[DEPEND] Dependency failed for Serial Getty on hvc0.
[ TIME ] Timed out waiting for device /dev/ttyAMA0.
[DEPEND] Dependency failed for Serial Getty on ttyAMA0.

Delaying the key generation to the point in time where
systemd-random-seed finished solves this problem. My current
understanding is that the regeneration is waiting for enough entropy
which is being seeded in parallel.

Signed-off-by: Florian Bezdeka <florian.bezdeka@siemens.com>
---
 .../sshd-regen-keys/files/sshd-regen-keys.service                | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
index af98d5e..1beb664 100644
--- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
+++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
@@ -3,6 +3,7 @@ Description=Regenerate sshd host keys
 DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-remount-fs.service
+After=systemd-random-seed.service
 Before=shutdown.target ssh.service
 ConditionPathIsReadWrite=/etc

-- 
2.31.1

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH v2 2/2] sshd-regen-keys: Fix some systemd obsolete warnings about using syslog
  2021-10-15  8:06 [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Florian Bezdeka
  2021-10-15  8:06 ` [PATCH v2 1/2] sshd-regen-keys: Start key generation after entropy seed Florian Bezdeka
@ 2021-10-15  8:06 ` Florian Bezdeka
  2021-10-22 14:59 ` [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Anton Mikanovich
  2 siblings, 0 replies; 4+ messages in thread
From: Florian Bezdeka @ 2021-10-15  8:06 UTC (permalink / raw)
  To: isar-users; +Cc: jan.kiszka, henning.schild, Florian Bezdeka

Fixes the following warnings:

[   11.450104] systemd[1]: /lib/systemd/system/sshd-regen-keys.service:15:
[   11.450806] systemd[1]: /lib/systemd/system/sshd-regen-keys.service:16:
	Standard output type syslog is obsolete, automatically updating to journal.
	Please update your unit file, and consider removing the setting altogether.

Signed-off-by: Florian Bezdeka <florian.bezdeka@siemens.com>
---
 .../sshd-regen-keys/files/sshd-regen-keys.service               | 2 --
 1 file changed, 2 deletions(-)

diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
index 1beb664..5c2ccff 100644
--- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
+++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
@@ -11,8 +11,6 @@ ConditionPathIsReadWrite=/etc
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/bin/ssh-keygen -A
-StandardOutput=syslog
-StandardError=syslog
 
 [Install]
 WantedBy=sysinit.target
-- 
2.31.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware
  2021-10-15  8:06 [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Florian Bezdeka
  2021-10-15  8:06 ` [PATCH v2 1/2] sshd-regen-keys: Start key generation after entropy seed Florian Bezdeka
  2021-10-15  8:06 ` [PATCH v2 2/2] sshd-regen-keys: Fix some systemd obsolete warnings about using syslog Florian Bezdeka
@ 2021-10-22 14:59 ` Anton Mikanovich
  2 siblings, 0 replies; 4+ messages in thread
From: Anton Mikanovich @ 2021-10-22 14:59 UTC (permalink / raw)
  To: Florian Bezdeka, isar-users; +Cc: jan.kiszka, henning.schild

On 15.10.21 11:06, Florian Bezdeka wrote:
> Hi,
>
> when booting a Debian 11 based ISAR image with sshd-regen-keys
> enabled on low end systems it could happen that the first boot
> took too long so that the configured timeout for serial console
> systemd units was hit.
>
> It turned out that running sshd-regen-keys in parallel to
> systemd-random-seed is not the best idea. Patch one fixes that by
> moving the start of sshd-regen-keys after the point in time where
> systemd-random-seed completed.
>
> Patch two fixes two warnings that were discovered on Debian 11. I
> tested that with Debian 10 as well. Worked as expected.
>
> Best regards,
> Florian
>
Applied to next, thanks.

-- 
Anton Mikanovich
Promwad Ltd.
External service provider of ilbers GmbH
Maria-Merian-Str. 8
85521 Ottobrunn, Germany
+49 (89) 122 67 24-0
Commercial register Munich, HRB 214197
General Manager: Baurzhan Ismagulov


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-10-22 14:59 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-15  8:06 [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Florian Bezdeka
2021-10-15  8:06 ` [PATCH v2 1/2] sshd-regen-keys: Start key generation after entropy seed Florian Bezdeka
2021-10-15  8:06 ` [PATCH v2 2/2] sshd-regen-keys: Fix some systemd obsolete warnings about using syslog Florian Bezdeka
2021-10-22 14:59 ` [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Anton Mikanovich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox