Univention Bugzilla – Bug 56828
Global connection limit of ten between UMC-Server and all running module processes
Last modified: 2023-11-29 14:56:15 CET
Global connection limit of ten between umc server and all running module processes `tornado.httpclient.AsyncHTTPClient` returns a global singleton by default. That has `max_clients` set to ten by default. If you start more requests, they are just queued and not started. https://www.tornadoweb.org/en/stable/httpclient.html#tornado.httpclient.AsyncHTTPClient - Why can this be a problem? As long as all modules answer requests reasonable fast and not many users are active, this is fine. But with more users and slower modules these ten connections can quickly cloak up which prevents users from connecting to their module processes. We noticed this in the computerroom module. Multiple users had the "Watch" overview page open which creates a lot of slow requests for screenshots from student computers. That results in an unusable slow umc for all users because requests to other modules, like the password reset module, end up in the same queue. - How to reproduce: To make testing easier I artificially slowed down a request. In my case the rooms requests from the computerroom. But it should work with any module. Add to /usr/lib/python3/dist-packages/univention/management/console/modules/computerroom/__init__.py::"def rooms" ``` import time time.sleep(60) ``` I used the following snippet for testing: ``` from univention.lib.umc import Client import concurrent.futures def load_room(): return c.umc_command("computerroom/rooms", options={"school": "school1"}).data def pool_runner(): with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor: futures = [executor.submit(load_room) for i in range(100)] for future in concurrent.futures.as_completed(futures): print(future.result()) c = Client() c.authenticate("Administrator", "univention") pool_runner() ``` If you now try to open a umc module you should notice that it got significantly slower. - Possible fix: I propose to use `force_instance=true` in https://git.knut.univention.de/univention/ucs/-/blob/5.0-5/management/univention-management-console/src/univention/management/console/resources.py?ref_type=heads#L120 so each module process has its own independent instance. That would imitate the old behavior.
great, can you create a MR?
MR: https://git.knut.univention.de/univention/ucs/-/merge_requests/967
The suggested patch has been applied. univention-management-console.yaml 773af91d1c2d | fix(umc): allow more than 10 parallel requests to module processes univention-management-console (12.0.31-18) 773af91d1c2d | fix(umc): allow more than 10 parallel requests to module processes … Note: Apache starts queuing requests at 150 open requests. See `ucr get apache2/maxclients`. If you want to test more extreme scenarios, you need to increase `apache2/max-request-workers` and `apache2/server-limit`. While `apache2/server-limit` needs to be at least as big as `apache2/max-request-workers`. Warning: each open connection equals one Apache process, which uses around 4 MB of RAM. ucs-test (10.0.19-32) c49452b58a29 | test(umc): add test for maximum connection and timeout
`joinscript()` only works on primaries and backups (missing credentials?) :( ``` root@slave:~# python3 -c "from univention.management.console.modules.ucstest import joinscript; joinscript()" Object exists: cn=UMC,cn=univention,dc=ucs,dc=test Object exists: cn=UMC,cn=policies,dc=ucs,dc=test Object exists: cn=operations,cn=UMC,cn=univention,dc=ucs,dc=test Object exists: cn=default-umc-all,cn=UMC,cn=policies,dc=ucs,dc=test No modification: cn=Domain Admins,cn=groups,dc=ucs,dc=test Object exists: cn=default-umc-users,cn=UMC,cn=policies,dc=ucs,dc=test No modification: cn=Domain Users,cn=groups,dc=ucs,dc=test Permission denied. ``` I adjusted the test to run only on a primary and increased the timeout a little to get it more stable. Missed the test window for tonight... [5.0-5 46e4e3b78d] Bug #56828: Run test case only on primary and increase timeout Package: ucs-test Version: 10.0.19-36 Branch: ucs_5.0-0 Scope: errata5.0-5
Tests look better now -> Verified
<https://errata.software-univention.de/#/?erratum=5.0x889>