[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16129841#comment-16129841 ] John Shen commented on TC-44: - lower to minor as discussed in slack-dev > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen >Priority: Minor > Fix For: 2.1.0, 2.2.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16128867#comment-16128867 ] Hank Beatty commented on TC-44: --- That makes sense about the CrConfig. Should be done earlier in the process. What about not letting it be set to active and throwing an error if there are no certs? > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen > Fix For: 2.1.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16128850#comment-16128850 ] David Neuman commented on TC-44: Trevor doesn't work on this project anymore. I don't think this is a major issue as it's the result of a misconfiguration. If a HTTPS DS does not have certificates it should not be set to active. I don't know that the snapshot CrConfig check is something we want to do to fix this, but I would have to think about that a little more. > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen > Fix For: 2.1.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16121518#comment-16121518 ] Hank Beatty commented on TC-44: --- [~weifensh] [~tackerman] [~neuman] Does this still exist? If so, are we planning on fixing for 2.1? > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen > Fix For: 2.1.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16051611#comment-16051611 ] John Shen commented on TC-44: - Hi Ryan, it shall still be there as far as I know. > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen > Fix For: 2.1.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16049640#comment-16049640 ] Ryan Durfey commented on TC-44: --- Is this resolved? > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen > Fix For: 2.1.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15833255#comment-15833255 ] ASF GitHub Bot commented on TC-44: -- Github user weifensh closed the pull request at: https://github.com/apache/incubator-trafficcontrol/pull/176 > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen > Fix For: 1.9.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (TC-44) TR fd leak observed when new HTTPS DS is added without certificate
[ https://issues.apache.org/jira/browse/TC-44?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15817674#comment-15817674 ] John Shen commented on TC-44: - RC is that the certificate waiting loop blocks the threads which shall process the HTTP response from TM. Details: TR polls TM's CrConfig and CrState. They share the same AsyncHttpClient to send requests and receive responses. The requests and responses are async. And the AsyncHttpClient callback onCompleted() is processed by a thread pool to handle responses. When there is an HTTPS delivery service without cert/key configured, the onCompleted() will be blocked by the ConfigHandler.processConfig() which is waiting for the availability of key/cert. Thus finally all the threads in the thread pool will be blocked, no thread is available to process the onCompleted() callback. So all the TCP connections will remain CLOSE_WAIT. > TR fd leak observed when new HTTPS DS is added without certificate > -- > > Key: TC-44 > URL: https://issues.apache.org/jira/browse/TC-44 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Router >Affects Versions: 1.7.0 >Reporter: John Shen >Assignee: John Shen > Fix For: 1.9.0 > > > In TC 1.7, when a new HTTPS DS (HTTP 302 routing) is added without > certificate, there will be fd leak observed on TR. The connections to TM stay > in CLOSE-WAIT, which begins to show ~20mins after a new DS without cert/key > is added. > And CrState appears to be blocked in ~20mins as well, i.e. no request from TR > to TM to fetch CrState. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
