[jboss-jira] [JBoss JIRA] (WFCORE-3876) Composite operation on filesystem-realm blocks management operations
Claudio Miranda (JIRA)
issues at jboss.org
Wed May 23 09:35:01 EDT 2018
Claudio Miranda created WFCORE-3876:
---------------------------------------
Summary: Composite operation on filesystem-realm blocks management operations
Key: WFCORE-3876
URL: https://issues.jboss.org/browse/WFCORE-3876
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Claudio Miranda
Assignee: Darran Lofthouse
There is a problem when adding an identity and an attribute on filesystem-realm as composite operation, it blocks the operation, but also blocks some other operations, for example, while the composite operation run, the other following operations just blocks. This problem only occurs in domain mode.
The filesystem-realm=file1 was created with no errors.
Add an identity and a identity attribute as composite operation
{code}
batch
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity(identity=user3)
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key1,value=[val1,val11])
run-batch
{code}
The following composite, also blocks the same way (for an existing identity named user3)
{code}
batch
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key3,value=[val3,val33])
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key4,value=[val4,val44])
run-batch
{code}
The following operation just blocks waiting the above operation to finish.
{code}
/host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:read-identity(identity=other)
{code}
{code}
/profile=full-ha/subsystem=elytron/filesystem-realm=file3:add(path=file3)
{code}
{code}
/profile=full-ha/subsystem=elytron/properties-realm=props1:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm})
{code}
It also blocks write-attribute operation on other subsystems
{code}
/profile=full-ha/subsystem=io/worker=default:write-attribute(name=task-max-threads,value=100)
/profile=full-ha/subsystem=datasources/data-source=ExampleDS:write-attribute(name=max-pool-size,value=12)
{code}
The last operation reports as a non-progressing operation
{code}
/host=master/core-service=management/service=management-operations:find-non-progressing-operation
{
"outcome" => "success",
"result" => "500616352"
}
[domain at localhost:9990 /] /host=master/core-service=management/service=management-operations/active-operation=*:read-resource
{
"outcome" => "success",
"result" => [
{
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "-886331830")
],
"outcome" => "success",
"result" => {
"access-mechanism" => "NATIVE",
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "*")
],
"caller-thread" => "management-handler-thread - 15",
"cancelled" => false,
"domain-rollout" => false,
"domain-uuid" => undefined,
"exclusive-running-time" => -1L,
"execution-status" => "executing",
"operation" => "read-resource",
"running-time" => 2341554L
}
},
{
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "-199839257")
],
"outcome" => "success",
"result" => {
"access-mechanism" => "NATIVE",
"address" => [],
"caller-thread" => "management-handler-thread - 13",
"cancelled" => false,
"domain-rollout" => false,
"domain-uuid" => undefined,
"exclusive-running-time" => -1L,
"execution-status" => "executing",
"operation" => "composite",
"running-time" => 37961295588L
}
},
{
"address" => [
("host" => "master"),
("core-service" => "management"),
("service" => "management-operations"),
("active-operation" => "500616352")
],
"outcome" => "success",
"result" => {
"access-mechanism" => "NATIVE",
"address" => [
("profile" => "full-ha"),
("subsystem" => "io"),
("worker" => "default")
],
"caller-thread" => "management-handler-thread - 14",
"cancelled" => false,
"domain-rollout" => false,
"domain-uuid" => "87a864ef-e287-4436-acd5-4842459dfc2e",
"exclusive-running-time" => 33671893306L,
"execution-status" => "executing",
"operation" => "write-attribute",
"running-time" => 33671782128L
}
}
]
}
{code}
After the operation timeout, the second step of the composite operation as error.
{code}
The batch failed with the following error (you are remaining in the batch editing mode to have a chance to correct the error):
WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:
Step: step-2
Operation: /host=master/server=server-three/subsystem=elytron/filesystem-realm=file1:add-identity-attribute(identity=user3,name=key1,value=[val1,val11])
Failure: WFLYCTL0409: Execution of operation 'add-identity-attribute' on remote process at address '[
("host" => "master"),
("server" => "server-three")
]' timed out after 305000 ms while awaiting initial response; remote process has been notified to terminate operation
{code}
I understand that to add the identity attribute, it should run as non composite, and it works, but the problem is the blocking it does on the other operations.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list