The CMS status is reported as 'running' before the initial loading of profiles (which for the LDAPProfileSubsystem happens asynchronously) is complete, potentially causing failures where clients issue requests to profiles that are not yet loaded.
Suggested fix is to perform initial loading of profiles synchronously or ensure CMS status does not report 'running' until the LDAPProfileSubsystem is ready.
suggested fix:
change search performed by profileChangeMonitor thread (which is a persistent search also used to load initial profiles) to SCOPE_SUB from ou=certificateProfiles,... requesting operational attribute numSubordinates.
SCOPE_SUB
ou=certificateProfiles,...
numSubordinates
The initial search results should be atomic so once numSubordinates profiles have been processed, the initialisation is complete. Flag this on the ProfileSubsystem.
ProfileSubsystem
In ProfileSubsystem.init(), wait (block) for the flag that indicates that the initial load is complete, before returning.
ProfileSubsystem.init()
java.util.concurrent.CountDownLatch will be useful here.
java.util.concurrent.CountDownLatch
Per CS/DS meeting of 11/30/2015: 10.3 major
attachment pki-ftweedal-0062-Block-startup-until-initial-profile-load-completed.patch
NOTE: Per conversations in IRC, this ticket is slated to be fixed as patches to Dogtag 10.2.6 on Fedora 22, 23, (and 24 until such time as it is upgraded to 10.3). The fixes will be checked into the master branch where they will also be picked up by Dogtag 10.3 and later releases.
Per IRC discussion: Moving from 10.3 --> 10.2.X milestone.
Per discussions in the Dogtag 10.3 Triage meeting of 01/06/2016: priority medium
master:
5fae5826e5442d7266681d19f282dc7728062b89 Block startup until initial profile load completed
DOGTAG_10_2_BRANCH:
e8a1d9cbbefb2988092e96b13d0b13254c92d1b2 Block startup until initial profile load completed
DOGTAG_10_2_6_BRANCH:
b16968402bb414042b3a529097ca934f165d62b9 Block startup until initial profile load completed
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: 10.2.x
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2261
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.