lhotari commented on code in PR #23634:
URL: https://github.com/apache/pulsar/pull/23634#discussion_r1860282231
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/common/configuration/VipStatus.java:
##########
@@ -38,25 +44,71 @@ public class VipStatus {
public static final String ATTRIBUTE_STATUS_FILE_PATH = "statusFilePath";
public static final String ATTRIBUTE_IS_READY_PROBE = "isReadyProbe";
+ // log a full thread dump when a deadlock is detected in status check once
every 10 minutes
+ // to prevent excessive logging
+ private static final long LOG_THREADDUMP_INTERVAL_WHEN_DEADLOCK_DETECTED =
600000L;
+ private static volatile long lastCheckStatusTimestamp;
+
+ // Rate limit status checks to every 500ms to prevent DoS
+ private static final long CHECK_STATUS_INTERVAL = 500L;
+ private static volatile boolean lastCheckStatusResult;
+
@Context
protected ServletContext servletContext;
@GET
public String checkStatus() {
- String statusFilePath = (String)
servletContext.getAttribute(ATTRIBUTE_STATUS_FILE_PATH);
- @SuppressWarnings("unchecked")
- Supplier<Boolean> isReadyProbe = (Supplier<Boolean>)
servletContext.getAttribute(ATTRIBUTE_IS_READY_PROBE);
+ // Locking classes to avoid deadlock detection in multi-thread
concurrent requests.
+ synchronized (VipStatus.class) {
+ if (System.currentTimeMillis() - lastCheckStatusTimestamp <
CHECK_STATUS_INTERVAL) {
+ lastCheckStatusTimestamp = System.currentTimeMillis();
+ if (lastCheckStatusResult) {
+ return "OK";
+ } else {
+ throw new
WebApplicationException(Status.SERVICE_UNAVAILABLE);
+ }
+ }
+ lastCheckStatusTimestamp = System.currentTimeMillis();
Review Comment:
Adding tests will be useful since validating logic just by looking at the
code isn't a good practice. You might have to modify some details to inject
mocks. For example, there could be a separate constructor for tests where the
`ThreadTXBean` is injected. In the default constructor used in production code,
`ManagementFactory,getThreadMXBean()` method call could be used to pass the
value. In test code, a mock could be passed. It's also useful to refactor the
code to use a `java.time.Clock.millis()` instead of
`System.currentTimeMillis()` and also have the `Clock` instance in the
constructor so that test code could pass a mock implementation where it's
possible to make time jump forward when validating the logic.
`Clock.systemUTC()` could be used in the default constructor for production
code.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
