Hide Forgot
Created attachment 560972 [details] Unusable web ui Description of problem: Uploading a manifest file with access to several different channels will prevent anyone from using the web ui, even if different users logged from different browsers. Version-Release number of selected component (if applicable): * candlepin-0.5.18-1.el6.noarch * candlepin-tomcat6-0.5.18-1.el6.noarch * katello-0.1.229-2.el6.noarch * katello-all-0.1.229-2.el6.noarch * katello-certs-tools-1.0.2-2.el6.noarch * katello-cli-0.1.44-2.el6.noarch * katello-cli-common-0.1.44-2.el6.noarch * katello-common-0.1.229-2.el6.noarch * katello-configure-0.1.61-2.el6.noarch * katello-glue-candlepin-0.1.229-2.el6.noarch * katello-glue-foreman-0.1.229-2.el6.noarch * katello-glue-pulp-0.1.229-2.el6.noarch * katello-httpd-ssl-key-pair-1.0-1.noarch * katello-qpid-broker-key-pair-1.0-1.noarch * katello-repos-0.1.5-1.el6.noarch * katello-selinux-0.1.3-1.el6.noarch * katello-trusted-ssl-cert-1.0-1.noarch * pulp-0.0.265-1.el6.noarch * pulp-common-0.0.265-1.el6.noarch * pulp-selinux-server-0.0.265-1.el6.noarch How reproducible: Steps to Reproduce: 1. As the Admin user create adicional user "wbogs" and give him admin role 2. Load a manifest file with access to several different channels 3. Open a different browser and log in as wbogs 4. Try to use the web ui. For instance, click on wbogs user name in the upper right corner. Actual results: The web ui for wbogs is unusable Expected results: Additional info:
make sure you have more than one CPU. This is a known issue with Ruby and there really isn't anything we can do about it in the short term to solve the fact that long running IO blocks Ruby 1.8.* We did extensive investigation earlier on that can be summarized here: https://www.redhat.com/archives/katello-devel/2012-January/msg00042.html and also this wiki page: https://fedorahosted.org/katello/wiki/LoadBalancerChoice In a future version of Katello we may address this but there isn't anything we can do in 1.0
I should have clarified: * Make sure have more than one CPU on your machine hosting Katello * Make sure you have more than one thin process configured. You can see how many you have configured by looking at: - /etc/katello/thin.yml servers: 4 - /etc/httpd/conf.d/katello.conf: <Proxy balancer://thinservers> BalancerMember http://127.0.0.1:5000/katello BalancerMember http://127.0.0.1:5001/katello BalancerMember http://127.0.0.1:5002/katello ..continue until it matches the # of thin servers configured in the thin.yml.. </Proxy> If you update those to more than one you should have more Ruby thin processes to handle inbound requests while the first one handles your manifest upload. NOTE: This does not fix the issue but will help. Any request that ends up going to the long running process that is processing the manifest will still block.
[root@qetello02 ~]# cat /etc/katello/thin.yml --- pid: tmp/pids/thin.pid address: 0.0.0.0 wait: 30 timeout: 30 port: 5000 log: /var/log/katello/thin-log.log max_conns: 1024 require: [] environment: production max_persistent_conns: 512 # stop katello prior changing servers option servers: 5 daemonize: yes chdir: /usr/share/katello [root@qetello02 ~]# cat /etc/httpd/conf.d/katello.conf NameVirtualHost *:443 <VirtualHost *:443> ErrorLog /etc/httpd/logs/ssl_kt_error_log TransferLog /etc/httpd/logs/ssl_kt_access_log LogLevel info ProxyRequests Off SSLEngine On SSLCertificateFile /etc/candlepin/certs/candlepin-ca.crt SSLCertificateKeyFile /etc/candlepin/certs/candlepin-ca.key SSLCaCertificateFile /etc/candlepin/certs/candlepin-ca.crt ProxyPreserveHost Off RequestHeader set X_FORWARDED_PROTO 'https' # Performance related configurations AddOutputFilterByType DEFLATE text/html text/css application/x-javascript application/javascript Timeout 5400 ProxyTimeout 5400 <Proxy balancer://thinservers> BalancerMember http://127.0.0.1:5000/katello BalancerMember http://127.0.0.1:5001/katello BalancerMember http://127.0.0.1:5002/katello BalancerMember http://127.0.0.1:5003/katello BalancerMember http://127.0.0.1:5004/katello </Proxy> Alias /katello/assets "/usr/share/katello/public/assets" Alias /katello/images "/usr/share/katello/public/images" Alias /katello/fonts "/usr/share/katello/public/fonts" Alias /katello/javascripts "/usr/share/katello/public/javascripts" ProxyPass /katello/assets ! ProxyPass /katello/images ! ProxyPass /katello/fonts ! ProxyPass /katello/javascripts ! ProxyPass /katello balancer://thinservers ProxyPassReverse /katello balancer://thinservers ProxyPassReverse /katello/assets ! ProxyPassReverse /katello/images ! ProxyPassReverse /katello/fonts ! ProxyPassReverse /katello/javascripts ! <Location /katello> RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" SSLVerifyClient optional SSLRenegBufferSize 262144 SSLVerifyDepth 2 </Location> <Location /katello/api> # report to CLI and RHSM nicely when Katello is down ErrorDocument 500 '{"displayMessage": "Internal error, contact administrator", "errors": ["Internal error, contact administrator"], "status": "500" }' ErrorDocument 503 '{"displayMessage": "Service unavailable or restarting, try later", "errors": ["Service unavailable or restarting, try later"], "status": "503" }' </Location> </VirtualHost> NameVirtualHost *:80 <VirtualHost *:80> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule /katello(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost>
Manifest imports are async and won't block UI