[JBoss JIRA] (WFCORE-4116) JDK 10: illegal reflective access by ClassReflectionIndex
by Brian Stansberry (Jira)
[ https://issues.jboss.org/browse/WFCORE-4116?page=com.atlassian.jira.plugi... ]
Brian Stansberry resolved WFCORE-4116.
--------------------------------------
Resolution: Done
Hi [~twwwt] -- that's a separate issue. Please see WFCORE-4514.
> JDK 10: illegal reflective access by ClassReflectionIndex
> ---------------------------------------------------------
>
> Key: WFCORE-4116
> URL: https://issues.jboss.org/browse/WFCORE-4116
> Project: WildFly Core
> Issue Type: Bug
> Components: Server
> Affects Versions: 6.0.0.Final, 6.0.2.Final, 7.0.0.Final
> Reporter: Thorsten Möller
> Assignee: James Perkins
> Priority: Major
> Fix For: 7.0.0.Final, 7.0.0.Alpha5
>
>
> Using WF14 and Oracle JDK 10.0.2, there is an illegal reflective access warning while WF boots:
> {code}
> WARNING: An illegal reflective access operation has occurred
> WARNING: Illegal reflective access by org.jboss.as.server.deployment.reflect.ClassReflectionIndex (jar:file:/Users/.../wildfly-14.0.0.Final/modules/system/layers/base/org/jboss/as/server/main/wildfly-server-6.0.1.Final.jar!/) to method java.lang.Object.finalize()
> WARNING: Please consider reporting this to the maintainers of org.jboss.as.server.deployment.reflect.ClassReflectionIndex
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years, 6 months
[JBoss JIRA] (WFWIP-160) Fix throughput and response time differences between TLS 1.2 and TLS 1.3
by Richard Opalka (Jira)
[ https://issues.jboss.org/browse/WFWIP-160?page=com.atlassian.jira.plugin.... ]
Richard Opalka updated WFWIP-160:
---------------------------------
Attachment: performance-hotspot.png
> Fix throughput and response time differences between TLS 1.2 and TLS 1.3
> ------------------------------------------------------------------------
>
> Key: WFWIP-160
> URL: https://issues.jboss.org/browse/WFWIP-160
> Project: WildFly WIP
> Issue Type: Task
> Components: Web (Undertow)
> Reporter: Farah Juma
> Assignee: Richard Opalka
> Priority: Blocker
> Attachments: jstourac-report.zip, performance-hotspot.png, results-tlsv12.zip, results-tlsv13.zip
>
>
> Performance with TLS 1.3 on WildFly appears to be worse than with TLS 1.2. In particular, throughput is much lower (roughly three times lower) and response time is much higher (roughly three times higher), which is not supposed to be the case. The underlying issue seems to be in Undertow or XNIO, that is the code that actually gets invoked during the TLS handshake process. Looking at CPU time, there is significantly more time being spent in [io.undertow.protocols.ssl.SslConduit$5.run()|https://github.com/undertow-...] with TLS 1.3 than with TLS 1.2.
> Steps to reproduce (taken from EAP7-1022):
> 1. Build WildFly using the following feature branches or download a QE build of WildFly [here|https://eap-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/undertow-...]:
> https://github.com/fjuma/wildfly-elytron/tree/ELY-1706
> https://github.com/fjuma/wildfly-core/tree/WFCORE-4172 (Update the Elytron version in the pom.xml file to use the version built in the previous step)
> https://github.com/fjuma/wildfly/tree/WFCORE-4172 (Update the Core version in the pom.xml file to use the version built in the previous step)
> 2. Download and unzip JMeter from https://jmeter.apache.org/download_jmeter.cgi
> 3. Download attached test plan [TLSv1.3.jmx|https://issues.jboss.org/secure/attachment/12449098/12449098_...]
> 4. Start server with JDK11 and configure with TLSv1.3:
> {code}
> $ JAVA_HOME=/path/to/java/openjdk-11.0.2 <EAP_HOME>/bin/standalone.sh
> $ <EAP_HOME>/bin/jboss-cli.sh -c
> /subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
> /subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name="CN=localhost")
> /subsystem=elytron/key-store=tls13:store()
> /subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret})
> /subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=["TLSv1.3"])
> batch
> /subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
> /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=tls13)
> run-batch
> reload
> {code}
> 5. Start jmeter with JDK 11 and downloaded test plan
> {code}
> export JAVA_HOME=/path/to/java/openjdk-11.0.2; bin/jmeter -n -t TLSv1.3.jmx -e -l tlsv13.log -o results-tlsv13
> {code}
> 6. Set server to use TLSv1.2
> {code}
> /subsystem=elytron/server-ssl-context=tls13:write-attribute(name=protocols,value=["TLSv1.2"])
> reload
> {code}
> 7. Repeat same for TLSv1.2
> {code}
> export JAVA_HOME=/path/to/java/openjdk-11.0.2; bin/jmeter -n -t TLSv1.3.jmx -e -l tlsv12.log -o results-tlsv12
> {code}
> 8. Compare results (there will be an index.html file in the results-tlsv12 and results-tlsv13 directories)
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years, 6 months
[JBoss JIRA] (WFWIP-160) Fix throughput and response time differences between TLS 1.2 and TLS 1.3
by Richard Opalka (Jira)
[ https://issues.jboss.org/browse/WFWIP-160?page=com.atlassian.jira.plugin.... ]
Richard Opalka commented on WFWIP-160:
--------------------------------------
I profiled this TLS 1.3 issue and I agree the performance regression is pointing to io.undertow.protocols.ssl.SslConduit$5.run() anonymous inner class.
But my investigation shows it is not the locking problem at the undertow level but it is a problem at the java level (see performance-hotspot.png attachment).
I have no ideas how we could solve this java level performance regression at the underthow level.
My profiling on JDK 11.0.5 LTS shows TLS 1.3 is almost 3 times slower than TLS 1.2 there (same observation from [~jstourac])
But when I switched to JDK 13.0.1 I see TLS 1.3 is just 0,5 times slower than TLS 1.2 there (quite a huge improvement).
Obviously TLS 1.3 performance is significantly improving with newer JDK releases.
Maybe [~swd847] might have some ideas how we could try to solve this java level regression in undertow?
[~jstourac] [~flavia.rainone] [~fjuma] ^^^
> Fix throughput and response time differences between TLS 1.2 and TLS 1.3
> ------------------------------------------------------------------------
>
> Key: WFWIP-160
> URL: https://issues.jboss.org/browse/WFWIP-160
> Project: WildFly WIP
> Issue Type: Task
> Components: Web (Undertow)
> Reporter: Farah Juma
> Assignee: Richard Opalka
> Priority: Blocker
> Attachments: jstourac-report.zip, results-tlsv12.zip, results-tlsv13.zip
>
>
> Performance with TLS 1.3 on WildFly appears to be worse than with TLS 1.2. In particular, throughput is much lower (roughly three times lower) and response time is much higher (roughly three times higher), which is not supposed to be the case. The underlying issue seems to be in Undertow or XNIO, that is the code that actually gets invoked during the TLS handshake process. Looking at CPU time, there is significantly more time being spent in [io.undertow.protocols.ssl.SslConduit$5.run()|https://github.com/undertow-...] with TLS 1.3 than with TLS 1.2.
> Steps to reproduce (taken from EAP7-1022):
> 1. Build WildFly using the following feature branches or download a QE build of WildFly [here|https://eap-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/undertow-...]:
> https://github.com/fjuma/wildfly-elytron/tree/ELY-1706
> https://github.com/fjuma/wildfly-core/tree/WFCORE-4172 (Update the Elytron version in the pom.xml file to use the version built in the previous step)
> https://github.com/fjuma/wildfly/tree/WFCORE-4172 (Update the Core version in the pom.xml file to use the version built in the previous step)
> 2. Download and unzip JMeter from https://jmeter.apache.org/download_jmeter.cgi
> 3. Download attached test plan [TLSv1.3.jmx|https://issues.jboss.org/secure/attachment/12449098/12449098_...]
> 4. Start server with JDK11 and configure with TLSv1.3:
> {code}
> $ JAVA_HOME=/path/to/java/openjdk-11.0.2 <EAP_HOME>/bin/standalone.sh
> $ <EAP_HOME>/bin/jboss-cli.sh -c
> /subsystem=elytron/key-store=tls13:add(path=keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
> /subsystem=elytron/key-store=tls13:generate-key-pair(alias=localhost,algorithm=RSA,key-size=1024,validity=365,credential-reference={clear-text=secret},distinguished-name="CN=localhost")
> /subsystem=elytron/key-store=tls13:store()
> /subsystem=elytron/key-manager=tls13:add(key-store=tls13,credential-reference={clear-text=secret})
> /subsystem=elytron/server-ssl-context=tls13:add(key-manager=tls13,protocols=["TLSv1.3"])
> batch
> /subsystem=undertow/server=default-server/https-listener=https:undefine-attribute(name=security-realm)
> /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=ssl-context,value=tls13)
> run-batch
> reload
> {code}
> 5. Start jmeter with JDK 11 and downloaded test plan
> {code}
> export JAVA_HOME=/path/to/java/openjdk-11.0.2; bin/jmeter -n -t TLSv1.3.jmx -e -l tlsv13.log -o results-tlsv13
> {code}
> 6. Set server to use TLSv1.2
> {code}
> /subsystem=elytron/server-ssl-context=tls13:write-attribute(name=protocols,value=["TLSv1.2"])
> reload
> {code}
> 7. Repeat same for TLSv1.2
> {code}
> export JAVA_HOME=/path/to/java/openjdk-11.0.2; bin/jmeter -n -t TLSv1.3.jmx -e -l tlsv12.log -o results-tlsv12
> {code}
> 8. Compare results (there will be an index.html file in the results-tlsv12 and results-tlsv13 directories)
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years, 6 months
[JBoss JIRA] (WFLY-12676) memory leak, org.jboss.jca.core.connectionmanager.pool.idle.IdleRemover$IdleRemoverRunner is keeping deployment in memory after undeployment
by James Perkins (Jira)
[ https://issues.jboss.org/browse/WFLY-12676?page=com.atlassian.jira.plugin... ]
James Perkins resolved WFLY-12676.
----------------------------------
Resolution: Done
> memory leak, org.jboss.jca.core.connectionmanager.pool.idle.IdleRemover$IdleRemoverRunner is keeping deployment in memory after undeployment
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-12676
> URL: https://issues.jboss.org/browse/WFLY-12676
> Project: WildFly
> Issue Type: Bug
> Components: JCA
> Affects Versions: 18.0.0.Final
> Reporter: Scott Marlow
> Assignee: Stefano Maestri
> Priority: Blocker
> Fix For: 19.0.0.Beta1
>
> Attachments: 2lc.jar, java_pid12802.0001.zip, jcaleakmarlow.txt
>
>
> As part of looking at [WFLY-12671], I found that org.jboss.jca.core.connectionmanager.pool.idle.IdleRemover$IdleRemoverRunner is leaking the application classloader (after undeployment) via org.jboss.jca.adapters.jdbc.local.LocalManagedConnectionFactory originalTCCL being kept after undeployment.
> See attached jcaleakmarlow.txt (also attached to [WFLY-12671]), which shows the leak.
> I tried waiting a few minutes after undeployment and the leak was still there. I also tried an even simpler app (2lc.jar) and still there is a leak. I also attached the heapdump (java_pid12802.0001.zip)
> To recreate:
> * Deploy simple (no app code will be executed) 2lc.jar app.
> * Undeploy by doing "rm 2lc.jar.deployed" in wildfly/standalone/deployments
> * Look at memory with MAT or other memory leak tool.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years, 6 months
[JBoss JIRA] (WFLY-12812) opentracing-interceptors dep should be provided
by Jean Francois Denise (Jira)
Jean Francois Denise created WFLY-12812:
-------------------------------------------
Summary: opentracing-interceptors dep should be provided
Key: WFLY-12812
URL: https://issues.jboss.org/browse/WFLY-12812
Project: WildFly
Issue Type: Bug
Components: Build System
Reporter: Jean Francois Denise
Assignee: Emmanuel Hugonnet
pom.xml of galleon-feature-pack contains opentracing-interceptors dependency that should be of scope provided.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years, 6 months
[JBoss JIRA] (JGRP-2406) MERGE3 not working with TCP using ForkJoinPool
by Bela Ban (Jira)
[ https://issues.jboss.org/browse/JGRP-2406?page=com.atlassian.jira.plugin.... ]
Bela Ban updated JGRP-2406:
---------------------------
Fix Version/s: 4.1.9
> MERGE3 not working with TCP using ForkJoinPool
> ----------------------------------------------
>
> Key: JGRP-2406
> URL: https://issues.jboss.org/browse/JGRP-2406
> Project: JGroups
> Issue Type: Bug
> Affects Versions: 4.1.8
> Reporter: Olivier Peyrusse
> Assignee: Bela Ban
> Priority: Minor
> Fix For: 4.1.9
>
> Attachments: logs.tgz, project.zip, timeline.txt
>
>
> Using the TCP protocol with the ForkJoinPool is causing constant failures of MERGE3.
> I consistently observed the following, from the point of view of a member M
> - M asks for other coordinator views. It contacts A and B
> - A and B send their views
> - M waits and timeouts for receiving views and abort the merge
> - immediately after aborting the merge, M process messages containing the views of A and B.
> In [^timeline.txt], you will see the extracts for logs from the various members at play.
> After many experiments, the one parameter causing this issue is in the TCP protocol.
> {code:xml}
> <TCP
> ...
> thread_pool.use_fork_join_pool="true" />
> {code}
> Setting {{thread_pool.use_fork_join_pool}} to true repeatedly produces the problem, while using {{thread_pool.use_fork_join_pool}} with false works fine.
> Project details:
> - as tested within Kubernetes, this project uses KUBE_PING as its discovery protocol
> - to understand the reason for the failed merges, I created the protocol MERGE4, that is MERGE3 with additional logs.
> - [^logs.tgz] contains all logs from the various members involved in the test.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years, 6 months
[JBoss JIRA] (WFLY-12798) HealthCheck HTTP endpoint does not support CDI @RequestScoped scope
by Jeff Mesnil (Jira)
[ https://issues.jboss.org/browse/WFLY-12798?page=com.atlassian.jira.plugin... ]
Jeff Mesnil commented on WFLY-12798:
------------------------------------
[~mnovotny] What do you think of this issue & WFLY-12811?
The root issue is that WildFly HTTP management endpoints are not supporting CDI.
Would it be achievable?
The HTTP endpoint is handled by an Undertow HTTP handler at [1]. There is no JAX-RS or servlets involved so I'm not sure how we could trigger the activation of CDI (if that makes sense)
[1] https://github.com/wildfly/wildfly/blob/master/microprofile/health-smallr...
> HealthCheck HTTP endpoint does not support CDI @RequestScoped scope
> -------------------------------------------------------------------
>
> Key: WFLY-12798
> URL: https://issues.jboss.org/browse/WFLY-12798
> Project: WildFly
> Issue Type: Bug
> Components: MP Health
> Affects Versions: 18.0.0.Final
> Reporter: Florian Sailer
> Assignee: Jeff Mesnil
> Priority: Major
>
> 2019-11-15 15:26:11,717 ERROR [org.wildfly.extension.microprofile.health.smallrye] (management I/O-1) Error processing Health Checks: org.jboss.weld.contexts.ContextNotActiveException: WELD-001303: No active contexts for scope type javax.enterprise.context.RequestScoped
> at org.jboss.weld.manager.BeanManagerImpl.getContext(BeanManagerImpl.java:647)
> at org.jboss.weld.bean.ContextualInstanceStrategy$DefaultContextualInstanceStrategy.getIfExists(ContextualInstanceStrategy.java:89)
> at org.jboss.weld.bean.ContextualInstanceStrategy$CachingContextualInstanceStrategy.getIfExists(ContextualInstanceStrategy.java:164)
> at org.jboss.weld.bean.ContextualInstance.getIfExists(ContextualInstance.java:63)
> at org.jboss.weld.bean.proxy.ContextBeanInstance.getInstance(ContextBeanInstance.java:87)
> at org.jboss.weld.bean.proxy.ProxyMethodHandler.getInstance(ProxyMethodHandler.java:131)
> at at.arz.bpe.boundary.PingCheck$Proxy$_$$_WeldClientProxy.call(Unknown Source)
> at org.wildfly.extension.microprofile.health.HealthReporter.jsonObject(HealthReporter.java:120)
> at org.wildfly.extension.microprofile.health.HealthReporter.fillCheck(HealthReporter.java:107)
> at org.wildfly.extension.microprofile.health.HealthReporter.processChecks(HealthReporter.java:96)
> at org.wildfly.extension.microprofile.health.HealthReporter.getHealth(HealthReporter.java:79)
> at org.wildfly.extension.microprofile.health.HealthReporter.getHealth(HealthReporter.java:60)
> at org.wildfly.extension.microprofile.health.HealthContextService$HealthCheckHandler.handleRequest(HealthContextService.java:100)
> at org.jboss.as.domain.http.server.security.RealmReadinessHandler.handleRequest(RealmReadinessHandler.java:51)
> at org.jboss.as.domain.http.server.security.ServerErrorReadinessHandler.handleRequest(ServerErrorReadinessHandler.java:35)
> at io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:91)
> at io.undertow.server.handlers.ChannelUpgradeHandler.handleRequest(ChannelUpgradeHandler.java:211)
> at io.undertow.server.handlers.cache.CacheHandler.handleRequest(CacheHandler.java:92)
> at io.undertow.server.handlers.error.SimpleErrorPageHandler.handleRequest(SimpleErrorPageHandler.java:78)
> at io.undertow.server.handlers.CanonicalPathHandler.handleRequest(CanonicalPathHandler.java:49)
> at org.jboss.as.domain.http.server.ManagementHttpRequestHandler.handleRequest(ManagementHttpRequestHandler.java:57)
> at org.jboss.as.domain.http.server.cors.CorsHttpHandler.handleRequest(CorsHttpHandler.java:75)
> at org.jboss.as.domain.http.server.ManagementHttpServer$UpgradeFixHandler.handleRequest(ManagementHttpServer.java:666)
> at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
> at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:255)
> at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:136)
> at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:162)
> at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:100)
> at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:57)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
> at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
> at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:132)
> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:479)
> MP-Health Spec doesnt enforce a scope and it worked with wildfly 17.0.0.1-Final.
> https://github.com/eclipse/microprofile-health/issues/109
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
6 years, 6 months