[jira] [Work logged] (ARTEMIS-4527) Redistributor race when consumerCount reaches 0 in cluster
[ https://issues.apache.org/jira/browse/ARTEMIS-4527?focusedWorklogId=894820=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894820 ] ASF GitHub Bot logged work on ARTEMIS-4527: --- Author: ASF GitHub Bot Created on: 08/Dec/23 20:18 Start Date: 08/Dec/23 20:18 Worklog Time Spent: 10m Work Description: AntonRoskvist commented on PR #4705: URL: https://github.com/apache/activemq-artemis/pull/4705#issuecomment-1847792682 No, I have only been able to get an idea of what happens after the fact... the window of opportunity for this to happen is really slim... In fact, early in my troubleshooting I tried to add logging in Postoffice and the Clusterconnection for the notifications but doing so seemingly added enough of a delay to not trigger the issue (at least in the setup i used to reproduce, it's possible it would happen given different run values for the reproducer). From what I can gather at least, locally everything happens in the correct order. Local counters have always been correct. My **guess** would be that in some circumstance the servers `createQueue()` can take some time to finish, such that it allows a binding to get added, but before the BINDING_ADDED notification is sent, a call to the ServerConsumers `createConsumer()` is issued... this call requires no synchronization on Postoffice (as far as I can tell) and so its able to finish (and send its notification) before the servers `createQueue()` finishes all the way and sends its own notification. So... my assumption is that something along those lines are causing this, which is why I added synchronization on Postoffice before allowing `createConsumer()` to send its notification (since it's `addBinding()` in Postoffice that sends the BINDING_ADDED notification). After making that change I have been unable to reproduce the issue again. If it where to happen again though, the changes made in `RemoteQueueBindingImpl` should stop the redistributor from causing any issues regardless, but I'd much rather understand everything that's going on here for sure, if nothing else to be able to write a better reproducer for this... Issue Time Tracking --- Worklog Id: (was: 894820) Time Spent: 50m (was: 40m) > Redistributor race when consumerCount reaches 0 in cluster > -- > > Key: ARTEMIS-4527 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4527 > Project: ActiveMQ Artemis > Issue Type: Bug >Reporter: Anton Roskvist >Priority: Major > Time Spent: 50m > Remaining Estimate: 0h > > This is a very rare bug caused by cluster notifications arriving in the wrong > order in some very specific circumstances -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work started] (OPENWIRE-70) Upgrade to Junit 5
[ https://issues.apache.org/jira/browse/OPENWIRE-70?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Work on OPENWIRE-70 started by Matt Pavlovich. -- > Upgrade to Junit 5 > -- > > Key: OPENWIRE-70 > URL: https://issues.apache.org/jira/browse/OPENWIRE-70 > Project: ActiveMQ OpenWire > Issue Type: Task >Reporter: Christopher L. Shannon >Assignee: Matt Pavlovich >Priority: Major > Fix For: 1.0.0 > > > Project is still using the latest Junit 4 version after OPENWIRE-66, we > should upgrade to Junit 5 instead. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4527) Redistributor race when consumerCount reaches 0 in cluster
[ https://issues.apache.org/jira/browse/ARTEMIS-4527?focusedWorklogId=894755=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894755 ] ASF GitHub Bot logged work on ARTEMIS-4527: --- Author: ASF GitHub Bot Created on: 08/Dec/23 16:59 Start Date: 08/Dec/23 16:59 Worklog Time Spent: 10m Work Description: jbertram commented on PR #4705: URL: https://github.com/apache/activemq-artemis/pull/4705#issuecomment-1847526576 Do you have any insight into how/why the `CONSUMER_CREATED` notification is being sent before the `BINDING_ADDED`? Theoretically the `BINDING_ADDED` should always be sent before the `CONSUMER_CREATED` even if they are done in different threads since any operation should block waiting for the `createQueue` to return before continuing on to create the consumer. Issue Time Tracking --- Worklog Id: (was: 894755) Time Spent: 40m (was: 0.5h) > Redistributor race when consumerCount reaches 0 in cluster > -- > > Key: ARTEMIS-4527 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4527 > Project: ActiveMQ Artemis > Issue Type: Bug >Reporter: Anton Roskvist >Priority: Major > Time Spent: 40m > Remaining Estimate: 0h > > This is a very rare bug caused by cluster notifications arriving in the wrong > order in some very specific circumstances -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4522) Slow-Consumer-Handling may get delayed significantly on occupied pool
[ https://issues.apache.org/jira/browse/ARTEMIS-4522?focusedWorklogId=894736=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894736 ] ASF GitHub Bot logged work on ARTEMIS-4522: --- Author: ASF GitHub Bot Created on: 08/Dec/23 14:48 Start Date: 08/Dec/23 14:48 Worklog Time Spent: 10m Work Description: jbertram closed pull request #4699: ARTEMIS-4522 Dedicated thread pool for flow-control-executor URL: https://github.com/apache/activemq-artemis/pull/4699 Issue Time Tracking --- Worklog Id: (was: 894736) Time Spent: 1h 50m (was: 1h 40m) > Slow-Consumer-Handling may get delayed significantly on occupied pool > - > > Key: ARTEMIS-4522 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4522 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Rico Neubauer >Priority: Major > Time Spent: 1h 50m > Remaining Estimate: 0h > > Slack discussion with [~jbertram] see here: > [https://the-asf.slack.com/archives/CFL910J30/p1699520764243169] > h2. Initial Description > consumers-window-size set to 0 and there some queues, that are heavily used > and have consumers attached, that allow for a concurrency of 500 messages > (larger than thread-pool-client-size). > After some time - unclear what triggers it - the behavior becomes bad in the > way that from those queues only 1-5 messages are fetched and immediately > processed, but then there is a pause of 10 seconds before the next 1-5 > messages are fetched. This continues. > In the thread-dumps, several like the following can be seen: > {noformat} > "Thread-0 (ActiveMQ-client-global-threads)" #640 daemon prio=5 os_prio=0 > cpu=899719.36ms elapsed=354425.44s tid=0x7f904c02e850 nid=0x150d29 > runnable [0x7f8fdbae5000] >java.lang.Thread.State: TIMED_WAITING (parking) > at jdk.internal.misc.Unsafe.park(java.base@17.0.5/Native Method) > - parking to wait for <0x0003f6c9d1d0> (a > org.apache.activemq.artemis.utils.AbstractLatch$CountSync) > at > java.util.concurrent.locks.LockSupport.parkNanos(java.base@17.0.5/LockSupport.java:252) > at > java.util.concurrent.locks.AbstractQueuedSynchronizer.acquire(java.base@17.0.5/AbstractQueuedSynchronizer.java:717) > at > java.util.concurrent.locks.AbstractQueuedSynchronizer.tryAcquireSharedNanos(java.base@17.0.5/AbstractQueuedSynchronizer.java:1074) > at > org.apache.activemq.artemis.utils.AbstractLatch.await(AbstractLatch.java:115) > at > org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.startSlowConsumer(ClientConsumerImpl.java:869) > at > org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.callOnMessage(ClientConsumerImpl.java:1025) > at > org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl$Runner.run(ClientConsumerImpl.java:1154) > at > org.apache.activemq.artemis.utils.actors.OrderedExecutor.doTask(OrderedExecutor.java:42) > at > org.apache.activemq.artemis.utils.actors.OrderedExecutor.doTask(OrderedExecutor.java:31) > at > org.apache.activemq.artemis.utils.actors.ProcessorBase.executePendingTasks(ProcessorBase.java:65) > at > org.apache.activemq.artemis.utils.actors.ProcessorBase$$Lambda$2008/0x0007ce20c000.run(Unknown > Source) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(java.base@17.0.5/ThreadPoolExecutor.java:1136) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(java.base@17.0.5/ThreadPoolExecutor.java:635) > at > org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) > {noformat} > which corresponds to code location with a 10 seconds sleep here: > [https://github.com/apache/activemq-artemis/blob/main/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/client/impl/ClientConsumerImpl.java#L854|https://github.com/seeburger-ag/activemq-artemis/blob/main/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/client/impl/ClientConsumerImpl.java#L854] > It seems it always needs to wait until the 10 seconds are reached, which is > unexpected, since the latch should count-down before, after having sent the > credit to the server. We could assume some bug, that maybe increments the > latch, but misses to decrement, so it is not able to reach 0 ever again, but > that's speculative. > h2. Evaluation > See slack for details, it boils down to the thread-pool in use being out of > free threads, so the slow-consumer-handling is not able to run in good time. > Affected versions: all since at least 2.22.0 up to current - probably since > "ever", involved code derives from HornetQ. > h2. Possible Solutions > We experimented a bit and found a solution for
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894699=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894699 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 12:40 Start Date: 08/Dec/23 12:40 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420383505 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java: ## @@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } + private static void checkPemProviderLoaded(String keystoreType) { + if (keystoreType != null && keystoreType.startsWith("PEM")) { + if (Security.getProvider("PEM") == null) { +Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10)); + } + } + } Review Comment: You think people expect non-10 numbers to be specified? It confusingly makes it look like you are specifying a position for the provider. There is no reason to specify this here when an API exists entirely so you dont have to. Issue Time Tracking --- Worklog Id: (was: 894699) Time Spent: 4h 10m (was: 4h) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 4h 10m > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894698=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894698 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 12:35 Start Date: 08/Dec/23 12:35 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420378266 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java: ## @@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } + private static void checkPemProviderLoaded(String keystoreType) { + if (keystoreType != null && keystoreType.startsWith("PEM")) { + if (Security.getProvider("PEM") == null) { +Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10)); + } + } + } Review Comment: so you don't have to know the default. for me, i like to see it provided rather than have to peek under the hood to see. Don't have a strong opinion on this one. Issue Time Tracking --- Worklog Id: (was: 894698) Time Spent: 4h (was: 3h 50m) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 4h > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (OPENWIRE-71) Align OpenWire project major version to protocol major version (12.0.0)
[ https://issues.apache.org/jira/browse/OPENWIRE-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794669#comment-17794669 ] Christopher L. Shannon commented on OPENWIRE-71: I was thinking more about this and I think either versioning is probably ok, I think you could make an argument for either. We can leave this open for now and just figure out the versioning later before we release but as of now I still think I'm more in favor of the approach [~tabish] suggested and not tying the version to the implementation so we would just keep it as version 1.0.0 to start and document what is there. > Align OpenWire project major version to protocol major version (12.0.0) > --- > > Key: OPENWIRE-71 > URL: https://issues.apache.org/jira/browse/OPENWIRE-71 > Project: ActiveMQ OpenWire > Issue Type: Improvement >Reporter: Matt Pavlovich >Assignee: Matt Pavlovich >Priority: Major > > OpenWire v12 should be served by activemq-openwire-12.0.0.jar -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894683=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894683 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 11:49 Start Date: 08/Dec/23 11:49 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420330419 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java: ## @@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } + private static void checkPemProviderLoaded(String keystoreType) { + if (keystoreType != null && keystoreType.startsWith("PEM")) { + if (Security.getProvider("PEM") == null) { +Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10)); + } + } + } Review Comment: So, original question - do we need to bother with specifying the radix 10 when it is 10 by default? Would be far more readable without it. Issue Time Tracking --- Worklog Id: (was: 894683) Time Spent: 3h 50m (was: 3h 40m) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 3h 50m > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894673=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894673 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 11:13 Start Date: 08/Dec/23 11:13 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420295487 ## artemis-core-client-osgi/pom.xml: ## @@ -74,6 +74,7 @@ *;scope=compile|runtime;groupId=org.apache.activemq org.glassfish.json*;resolution:=optional, + de.dentrassi.crypto.pem;resolution:=optional, Review Comment: Not seeing why all the existing 'java centric' non-karaf usages, i.e most current uses, are really any different in terms of getting deps they may never need. Feels like everyone should get it or noone, not a mix. Issue Time Tracking --- Worklog Id: (was: 894673) Time Spent: 3h 40m (was: 3.5h) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 3h 40m > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894671=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894671 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 11:12 Start Date: 08/Dec/23 11:12 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420294383 ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java: ## @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.ssl; + +import java.lang.management.ManagementFactory; +import java.net.URL; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException; +import org.apache.activemq.artemis.api.core.Message; +import org.apache.activemq.artemis.api.core.QueueConfiguration; +import org.apache.activemq.artemis.api.core.SimpleString; +import org.apache.activemq.artemis.api.core.TransportConfiguration; +import org.apache.activemq.artemis.api.core.client.ActiveMQClient; +import org.apache.activemq.artemis.api.core.client.ClientConsumer; +import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.api.core.client.ClientProducer; +import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.api.core.client.ServerLocator; +import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; +import org.apache.activemq.artemis.core.security.Role; +import org.apache.activemq.artemis.core.server.ActiveMQServer; +import org.apache.activemq.artemis.core.server.ActiveMQServers; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; +import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager; +import org.apache.activemq.artemis.tests.integration.security.SecurityTest; +import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; +import org.apache.activemq.artemis.utils.RandomUtil; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ +public class SslPEMTest extends ActiveMQTestBase { + + static { + String path = System.getProperty("java.security.auth.login.config"); + if (path == null) { + URL resource = SecurityTest.class.getClassLoader().getResource("login.config"); + if (resource != null) { +path = resource.getFile(); +System.setProperty("java.security.auth.login.config", path); + } + } + } + + private TransportConfiguration tc; + private SimpleString QUEUE; + + @Test + public void testPemKeyAndTrustStore() throws Exception { + + tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); + tc.getParams().put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, "PEM"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-key-cert.pem"); + tc.getParams().put(TransportConstants.PORT_PROP_NAME, "61617"); + + ServerLocator producerLocator; + ClientSessionFactory producerSessionFactory; + ClientSession producerSession; + + // first without trust store + try { + producerLocator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); + producerSessionFactory = createSessionFactory(producerLocator); + producerSessionFactory.createSession(false, true, true); + } catch (ActiveMQNotConnectedException expected) { + } Review Comment: It is a format/wrapper issue, and testing the format/wrapping usage was the point,
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894666=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894666 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:58 Start Date: 08/Dec/23 10:58 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420278577 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java: ## @@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } + private static void checkPemProviderLoaded(String keystoreType) { + if (keystoreType != null && keystoreType.startsWith("PEM")) { + if (Security.getProvider("PEM") == null) { +Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10)); + } + } + } Review Comment: it is not totally intuitive, but order (or someones need for it) is the important bit. corrected. thanks! Issue Time Tracking --- Worklog Id: (was: 894666) Time Spent: 3h 20m (was: 3h 10m) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 3h 20m > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894665=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894665 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:55 Start Date: 08/Dec/23 10:55 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420275362 ## tests/integration-tests/pom.xml: ## @@ -440,6 +440,7 @@ mockito-core test + Review Comment: done, thanks Issue Time Tracking --- Worklog Id: (was: 894665) Time Spent: 3h 10m (was: 3h) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 3h 10m > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894664=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894664 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:50 Start Date: 08/Dec/23 10:50 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420269679 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java: ## @@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } + private static void checkPemProviderLoaded(String keystoreType) { + if (keystoreType != null && keystoreType.startsWith("PEM")) { + if (Security.getProvider("PEM") == null) { +Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10)); + } + } + } Review Comment: It actually inserts at the end with "0" since thats used as the "next available position" (see addProvider impl) plus the provider list is explicitly 1-based. Issue Time Tracking --- Worklog Id: (was: 894664) Time Spent: 3h (was: 2h 50m) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 3h > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894663=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894663 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:33 Start Date: 08/Dec/23 10:33 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420250254 ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java: ## @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.ssl; + +import java.lang.management.ManagementFactory; +import java.net.URL; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException; +import org.apache.activemq.artemis.api.core.Message; +import org.apache.activemq.artemis.api.core.QueueConfiguration; +import org.apache.activemq.artemis.api.core.SimpleString; +import org.apache.activemq.artemis.api.core.TransportConfiguration; +import org.apache.activemq.artemis.api.core.client.ActiveMQClient; +import org.apache.activemq.artemis.api.core.client.ClientConsumer; +import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.api.core.client.ClientProducer; +import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.api.core.client.ServerLocator; +import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; +import org.apache.activemq.artemis.core.security.Role; +import org.apache.activemq.artemis.core.server.ActiveMQServer; +import org.apache.activemq.artemis.core.server.ActiveMQServers; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; +import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager; +import org.apache.activemq.artemis.tests.integration.security.SecurityTest; +import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; +import org.apache.activemq.artemis.utils.RandomUtil; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ +public class SslPEMTest extends ActiveMQTestBase { + + static { + String path = System.getProperty("java.security.auth.login.config"); + if (path == null) { + URL resource = SecurityTest.class.getClassLoader().getResource("login.config"); + if (resource != null) { +path = resource.getFile(); +System.setProperty("java.security.auth.login.config", path); + } + } + } + + private TransportConfiguration tc; + private SimpleString QUEUE; + + @Test + public void testPemKeyAndTrustStore() throws Exception { + + tc.getParams().put(TransportConstants.SSL_ENABLED_PROP_NAME, true); + tc.getParams().put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, "PEM"); + tc.getParams().put(TransportConstants.KEYSTORE_PATH_PROP_NAME, "client-key-cert.pem"); + tc.getParams().put(TransportConstants.PORT_PROP_NAME, "61617"); + + ServerLocator producerLocator; + ClientSessionFactory producerSessionFactory; + ClientSession producerSession; + + // first without trust store + try { + producerLocator = addServerLocator(ActiveMQClient.createServerLocatorWithoutHA(tc)); + producerSessionFactory = createSessionFactory(producerLocator); + producerSessionFactory.createSession(false, true, true); + } catch (ActiveMQNotConnectedException expected) { + } Review Comment: there are two ends at play, the PEM on the server and on the client, leaving out one
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894662=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894662 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:24 Start Date: 08/Dec/23 10:24 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420238748 ## artemis-core-client-osgi/pom.xml: ## @@ -74,6 +74,7 @@ *;scope=compile|runtime;groupId=org.apache.activemq org.glassfish.json*;resolution:=optional, + de.dentrassi.crypto.pem;resolution:=optional, Review Comment: I want the broker and broker client to be able to work out of the box with out additional deps when the PEM type is configured. In karaf container land, it is java focused so the need for raw pem may never arise. If the features need to be updated in the future we can wrap the dependencies etc, at the moment there are no osgi bundles in central. Issue Time Tracking --- Worklog Id: (was: 894662) Time Spent: 2h 40m (was: 2.5h) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 2h 40m > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894659=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894659 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:19 Start Date: 08/Dec/23 10:19 Worklog Time Spent: 10m Work Description: gtully commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1420233055 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java: ## @@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } + private static void checkPemProviderLoaded(String keystoreType) { + if (keystoreType != null && keystoreType.startsWith("PEM")) { + if (Security.getProvider("PEM") == null) { +Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10)); + } + } + } Review Comment: it inserts at the start, at the moment I am not aware of any other PEM keystore type provider, but order may be important to some in the future, hence the possibility to configure if that ever arises. Issue Time Tracking --- Worklog Id: (was: 894659) Time Spent: 2.5h (was: 2h 20m) > TLS support PEM format for key and trust store type > --- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration >Affects Versions: 2.31.0 >Reporter: Gary Tully >Assignee: Gary Tully >Priority: Major > Fix For: 2.32.0 > > Time Spent: 2.5h > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type
[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894657=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894657 ] ASF GitHub Bot logged work on ARTEMIS-4528: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:09 Start Date: 08/Dec/23 10:09 Worklog Time Spent: 10m Work Description: gemmellr commented on code in PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#discussion_r1419413344 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java: ## @@ -351,6 +353,14 @@ private static KeyStore loadKeystore(final String keystoreProvider, return ks; } + private static void checkPemProviderLoaded(String keystoreType) { + if (keystoreType != null && keystoreType.startsWith("PEM")) { + if (Security.getProvider("PEM") == null) { +Security.insertProviderAt(new PemKeyStoreProvider(), Integer.parseInt(System.getProperty("artemis.pemProvider.insertAt", "0"), 10)); + } + } + } Review Comment: Do we need to pass the radix literal when parsing the sys prop value? 10 is the default. Might be more readable with that parsing on its own line too. (I assume you added the insertProviderAt usage vs prior addProvider usage, in case it was necessary to insertAt earlier than the end for some reason?) ## artemis-core-client-osgi/pom.xml: ## @@ -74,6 +74,7 @@ *;scope=compile|runtime;groupId=org.apache.activemq org.glassfish.json*;resolution:=optional, + de.dentrassi.crypto.pem;resolution:=optional, Review Comment: This seems a little odd - its not an optional dep on the client or broker, but it is an optional dep for both their osgi bits? ## tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java: ## @@ -0,0 +1,150 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.ssl; + +import java.lang.management.ManagementFactory; +import java.net.URL; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.activemq.artemis.api.core.ActiveMQNotConnectedException; +import org.apache.activemq.artemis.api.core.Message; +import org.apache.activemq.artemis.api.core.QueueConfiguration; +import org.apache.activemq.artemis.api.core.SimpleString; +import org.apache.activemq.artemis.api.core.TransportConfiguration; +import org.apache.activemq.artemis.api.core.client.ActiveMQClient; +import org.apache.activemq.artemis.api.core.client.ClientConsumer; +import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.api.core.client.ClientProducer; +import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.api.core.client.ServerLocator; +import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; +import org.apache.activemq.artemis.core.security.Role; +import org.apache.activemq.artemis.core.server.ActiveMQServer; +import org.apache.activemq.artemis.core.server.ActiveMQServers; +import org.apache.activemq.artemis.core.settings.HierarchicalRepository; +import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; +import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager; +import org.apache.activemq.artemis.tests.integration.security.SecurityTest; +import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; +import org.apache.activemq.artemis.utils.RandomUtil; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +/** + * See the tests/security-resources/build.sh script for details on the security resources used. + */ +public class SslPEMTest extends ActiveMQTestBase { + + static { + String path =
[jira] [Work logged] (ARTEMIS-4522) Slow-Consumer-Handling may get delayed significantly on occupied pool
[ https://issues.apache.org/jira/browse/ARTEMIS-4522?focusedWorklogId=894656=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894656 ] ASF GitHub Bot logged work on ARTEMIS-4522: --- Author: ASF GitHub Bot Created on: 08/Dec/23 10:08 Start Date: 08/Dec/23 10:08 Worklog Time Spent: 10m Work Description: MrEasy commented on code in PR #4708: URL: https://github.com/apache/activemq-artemis/pull/4708#discussion_r1420214338 ## artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/client/ActiveMQClient.java: ## @@ -309,7 +306,7 @@ public static int getGlobalScheduledThreadPoolSize() { */ public static void initializeGlobalThreadPoolProperties() { - setGlobalThreadPoolProperties(Integer.valueOf(System.getProperty(ActiveMQClient.THREAD_POOL_MAX_SIZE_PROPERTY_KEY, "" + ActiveMQClient.DEFAULT_GLOBAL_THREAD_POOL_MAX_SIZE)), Integer.valueOf(System.getProperty(ActiveMQClient.SCHEDULED_THREAD_POOL_SIZE_PROPERTY_KEY, "" + ActiveMQClient.DEFAULT_SCHEDULED_THREAD_POOL_MAX_SIZE))); + setGlobalThreadPoolProperties(Integer.valueOf(System.getProperty(ActiveMQClient.THREAD_POOL_MAX_SIZE_PROPERTY_KEY, "" + ActiveMQClient.DEFAULT_GLOBAL_THREAD_POOL_MAX_SIZE)), Integer.valueOf(System.getProperty(ActiveMQClient.SCHEDULED_THREAD_POOL_SIZE_PROPERTY_KEY, "" + ActiveMQClient.DEFAULT_SCHEDULED_THREAD_POOL_MAX_SIZE)), Integer.valueOf(System.getProperty(ActiveMQClient.FLOW_CONTROL_THREAD_POOL_SIZE_PROPERTY_KEY, "" + ActiveMQClient.DEFAULT_FLOW_CONTROL_THREAD_POOL_MAX_SIZE))); Review Comment: Integer.parseInt would avoid the boxing ## artemis-core-client/src/main/java/org/apache/activemq/artemis/core/client/ActiveMQClientLogger.java: ## @@ -347,4 +347,7 @@ public interface ActiveMQClientLogger { @LogMessage(id = 214034, value = "{} has negative counts {}\n{}", level = LogMessage.Level.ERROR) void negativeRefCount(String message, String count, String debugString); + + @LogMessage(id = 214035, value = "Couldn't finish the client globalFlowControlThreadPool in less than 10 seconds, interrupting it now", level = LogMessage.Level.WARN) Review Comment: thanks for the added warning. Would recommend "Could not" instead of "Couldn't" like in other messages Issue Time Tracking --- Worklog Id: (was: 894656) Time Spent: 1h 40m (was: 1.5h) > Slow-Consumer-Handling may get delayed significantly on occupied pool > - > > Key: ARTEMIS-4522 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4522 > Project: ActiveMQ Artemis > Issue Type: Improvement >Reporter: Rico Neubauer >Priority: Major > Time Spent: 1h 40m > Remaining Estimate: 0h > > Slack discussion with [~jbertram] see here: > [https://the-asf.slack.com/archives/CFL910J30/p1699520764243169] > h2. Initial Description > consumers-window-size set to 0 and there some queues, that are heavily used > and have consumers attached, that allow for a concurrency of 500 messages > (larger than thread-pool-client-size). > After some time - unclear what triggers it - the behavior becomes bad in the > way that from those queues only 1-5 messages are fetched and immediately > processed, but then there is a pause of 10 seconds before the next 1-5 > messages are fetched. This continues. > In the thread-dumps, several like the following can be seen: > {noformat} > "Thread-0 (ActiveMQ-client-global-threads)" #640 daemon prio=5 os_prio=0 > cpu=899719.36ms elapsed=354425.44s tid=0x7f904c02e850 nid=0x150d29 > runnable [0x7f8fdbae5000] >java.lang.Thread.State: TIMED_WAITING (parking) > at jdk.internal.misc.Unsafe.park(java.base@17.0.5/Native Method) > - parking to wait for <0x0003f6c9d1d0> (a > org.apache.activemq.artemis.utils.AbstractLatch$CountSync) > at > java.util.concurrent.locks.LockSupport.parkNanos(java.base@17.0.5/LockSupport.java:252) > at > java.util.concurrent.locks.AbstractQueuedSynchronizer.acquire(java.base@17.0.5/AbstractQueuedSynchronizer.java:717) > at > java.util.concurrent.locks.AbstractQueuedSynchronizer.tryAcquireSharedNanos(java.base@17.0.5/AbstractQueuedSynchronizer.java:1074) > at > org.apache.activemq.artemis.utils.AbstractLatch.await(AbstractLatch.java:115) > at > org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.startSlowConsumer(ClientConsumerImpl.java:869) > at > org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.callOnMessage(ClientConsumerImpl.java:1025) > at > org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl$Runner.run(ClientConsumerImpl.java:1154) > at >