#1702 getStatus reports ready before LDAPProfileSubsystem has loaded all profiles
Closed: Fixed None Opened 8 years ago by ftweedal.

The CMS status is reported as 'running' before the initial loading of
profiles (which for the LDAPProfileSubsystem happens asynchronously)
is complete, potentially causing failures where clients issue
requests to profiles that are not yet loaded.

Suggested fix is to perform initial loading of profiles synchronously or
ensure CMS status does not report 'running' until the LDAPProfileSubsystem
is ready.


suggested fix:

change search performed by profileChangeMonitor thread (which
is a persistent search also used to load initial profiles)
to SCOPE_SUB from ou=certificateProfiles,... requesting
operational attribute numSubordinates.

The initial search results should be atomic so once numSubordinates
profiles have been processed, the initialisation is complete. Flag
this on the ProfileSubsystem.

In ProfileSubsystem.init(), wait (block) for the flag that indicates that
the initial load is complete, before returning.

java.util.concurrent.CountDownLatch will be useful here.

Per CS/DS meeting of 11/30/2015: 10.3 major

NOTE: Per conversations in IRC, this ticket is slated to be fixed
      as patches to Dogtag 10.2.6 on Fedora 22, 23, (and 24 until
      such time as it is upgraded to 10.3).  The fixes will be
      checked into the master branch where they will also be picked
      up by Dogtag 10.3 and later releases.

Per IRC discussion: Moving from 10.3 --> 10.2.X milestone.

Per discussions in the Dogtag 10.3 Triage meeting of 01/06/2016: priority medium

master:

5fae5826e5442d7266681d19f282dc7728062b89 Block startup until initial profile load completed

DOGTAG_10_2_BRANCH:

e8a1d9cbbefb2988092e96b13d0b13254c92d1b2 Block startup until initial profile load completed

DOGTAG_10_2_6_BRANCH:

b16968402bb414042b3a529097ca934f165d62b9 Block startup until initial profile load completed

Metadata Update from @ftweedal:
- Issue assigned to ftweedal
- Issue set to the milestone: 10.2.x

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2261

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata