Bug 1036624

Summary: SecureRandomGenerator instance per container requires too much entropy
Product: [JBoss] JBoss Enterprise Portal Platform 6 Reporter: Dominik Pospisil <dpospisi>
Component: Performance, PortalAssignee: mposolda
Status: VERIFIED --- QA Contact: Tomas Kyjovsky <tkyjovsk>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1.1CC: bdawidow, epp-bugs, mposolda, ppalaga
Target Milestone: DR02   
Target Release: 6.1.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
The SecureRandom service is a portal service used for generating random numbers for security purposes. The service requires a seed for each instance of the service. It was discovered that because a separate SecureRandom service was required for each portal instance, installations containing many portal instances may have been experiencing slower boot times as a result of individual seed creation for each SecureRandom bootstrap. The fix implements SecureRandom as a shared service between all portal instances, which results in an improved startup time for installations containing many portal instances.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dominik Pospisil 2013-12-02 11:24:08 UTC 
Currently every portal container instance uses it's own instance of SecureRandomGenerator for generating password salts. This requires too much entropy if many containers are used (50).

In QA lab environment, registering new generator freezes portal boot for roughly 20-30s (1 min 40s max).
Comment 1 Dominik Pospisil 2013-12-02 11:25:19 UTC 
Link to the CI build showing boot freezes:

https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EPP/view/EPP/view/6.1/view/Performance/view/Preparation/job/epp6_portal_perf_db_prepare_manyContainers/18/console
Comment 3 JBoss JIRA Server 2013-12-09 23:08:45 UTC 
Marek Posolda <mposolda> made a comment on jira GTNPORTAL-3342

The fix is adding SecureRandomService to be configured at RootContainer level, so it's shared between all portal containers and initialized only once per JVM.
Comment 4 Dominik Pospisil 2014-01-31 14:22:05 UTC 
It does not seem to be fixed in 6.1.1.ER1.

https://jenkins.mw.lab.eng.bos.redhat.com/hudson/view/EPP/view/EPP/view/6.1/view/Performance/view/Preparation/job/epp6_portal_perf_db_prepare_manyContainers/21/console
Comment 5 Dominik Pospisil 2014-01-31 15:04:07 UTC 
After discussion with Marek, closing as verified. Reseed only happen once during portal startup. Remaining delay caused by other tasks.
Comment 7 Peter Palaga 2014-02-11 07:46:00 UTC 
Hi Jared, just a small note on the last version of the relnote: The term "portal" is terribly ambiguous in general and also in how we use it ourselves. It can mean (1) the product, (2) an installation of the product and (3) a Portal Container as described in https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Portal/6.1/html/Development_Guide/chap-Portal_Containers.html . When speaking about "portal instance" in the relnote, it is perhaps not clear at the first sight if we mean (2) or (3). Therefore, I'd propose to replace "portal instance" with "portal container instance".