]
Darran Lofthouse reassigned WFCORE-3876:
----------------------------------------
Assignee: (was: Darran Lofthouse)
Composite operation on filesystem-realm blocks management operations
--------------------------------------------------------------------
Key: WFCORE-3876
URL:
https://issues.jboss.org/browse/WFCORE-3876
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Claudio Miranda
There is a problem when adding an identity and an attribute on filesystem-realm as
composite operation, it blocks the operation, but also blocks some other operations, for
example, while the composite operation run, the other following operations just blocks.
This problem only occurs in domain mode.
The filesystem-realm=file1 was created with no errors.
Add an identity and a identity attribute as composite operation
{code}
batch
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity(identity=user3)
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key1,value=[val1,val11])
run-batch
{code}
The following composite, also blocks the same way (for an existing identity named user3)
{code}
batch
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key3,value=[val3,val33])
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key4,value=[val4,val44])
run-batch
{code}
The following operation just blocks waiting the above operation to finish.
{code}
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:read-identity(identity=other)
{code}
{code}
/profile=full-ha/subsystem=elytron/filesystem-realm=file3:add(path=file3)
{code}
{code}
/profile=full-ha/subsystem=elytron/properties-realm=props1:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm})
{code}
It also blocks write-attribute operation on other subsystems
{code}
/profile=full-ha/subsystem=io/worker=default:write-attribute(name=task-max-threads,value=100)
/profile=full-ha/subsystem=datasources/data-source=ExampleDS:write-attribute(name=max-pool-size,value=12)
{code}
The last operation reports as a non-progressing operation
{code}
/host=master/core-service=management/service=management-operations:find-non-progressing-operation
{
"outcome" => "success",
"result" => "500616352"
}
[domain@localhost:9990 /]
/host=master/core-service=management/service=management-operations/active-operation=*:read-resource
{
"outcome" => "success",
"result" => [
{
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "-886331830")
],
"outcome" => "success",
"result" => {
"access-mechanism" => "NATIVE",
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "*")
],
"caller-thread" => "management-handler-thread -
15",
"cancelled" => false,
"domain-rollout" => false,
"domain-uuid" => undefined,
"exclusive-running-time" => -1L,
"execution-status" => "executing",
"operation" => "read-resource",
"running-time" => 2341554L
}
},
{
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "-199839257")
],
"outcome" => "success",
"result" => {
"access-mechanism" => "NATIVE",
"address" => [],
"caller-thread" => "management-handler-thread -
13",
"cancelled" => false,
"domain-rollout" => false,
"domain-uuid" => undefined,
"exclusive-running-time" => -1L,
"execution-status" => "executing",
"operation" => "composite",
"running-time" => 37961295588L
}
},
{
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "500616352")
],
"outcome" => "success",
"result" => {
"access-mechanism" => "NATIVE",
"address" => [
("profile" => "full-ha"),
("subsystem" => "io"),
("worker" => "default")
],
"caller-thread" => "management-handler-thread -
14",
"cancelled" => false,
"domain-rollout" => false,
"domain-uuid" =>
"87a864ef-e287-4436-acd5-4842459dfc2e",
"exclusive-running-time" => 33671893306L,
"execution-status" => "executing",
"operation" => "write-attribute",
"running-time" => 33671782128L
}
}
]
}
{code}
After the operation timeout, the second step of the composite operation as error.
{code}
The batch failed with the following error (you are remaining in the batch editing mode to
have a chance to correct the error):
WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:
Step: step-2
Operation:
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key1,value=[val1,val11])
Failure: WFLYCTL0409: Execution of operation 'add-identity-attribute' on remote
process at address '[
("host" => "master"),
("server" => "server-three")
]' timed out after 305000 ms while awaiting initial response; remote process has been
notified to terminate operation
{code}
I understand that to add the identity attribute, it should run as non composite, and it
works, but the problem is the blocking it does on the other operations.