Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35515

Role Strategy 2.3 cause poor UI performance due to authorities checks (regression in 2.3.0)

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: role-strategy-plugin
    • Labels:
    • Environment:
      Centos 7.2, OpenJDK 1.8.0.91, Jenkins 2.8, Active Directory plugin 1.47, Role Strategy 2.3
    • Similar Issues:

      Description

      Hello, we recently updated the Role Strategy plugin to 2.3 and after the restart Jenkins UI performance became extremely slow. We isolated the issue to using Active Directory groups in our roles, when we switched to explicitly using users the issue went away.

      When we downgraded the version of Role Strategy to 2.2 the issue also went way.

        Attachments

          Issue Links

            Activity

            Hide
            klou Kurt added a comment -

            We're seeing same poor performance here. Effectively we, too, had to downgrade to 2.2 version as 2.3 was unusably slow (it got completely stuck - no more response from Web UI within 15 minutes).

            Environment: Oracle JDK8 (_66) 64bit, Jenkins 2.8, AD Plugin 1.47 (no Domain name or other advanced settings entered, I guess that means we're using ADSI), Windows Server 2008R2 64 bit (Domain Member), Hardware is a VM with 24 GB RAM (of which 9 GB are dedicated to Java mem pool), 6 CPU cores and using an SSD storage cluster.

            Most significant difference to initial report: We're NOT using AD groups at all. Roles are assigned only to users.

            We currently have 37 roles (31 regex-based project roles, 6 global roles) which are assigned to roughly 100 users.
            The Jenkins instance contains ~50000 jobs (organized in folders).

            Show
            klou Kurt added a comment - We're seeing same poor performance here. Effectively we, too, had to downgrade to 2.2 version as 2.3 was unusably slow (it got completely stuck - no more response from Web UI within 15 minutes). Environment: Oracle JDK8 (_66) 64bit, Jenkins 2.8, AD Plugin 1.47 (no Domain name or other advanced settings entered, I guess that means we're using ADSI), Windows Server 2008R2 64 bit (Domain Member), Hardware is a VM with 24 GB RAM (of which 9 GB are dedicated to Java mem pool), 6 CPU cores and using an SSD storage cluster. Most significant difference to initial report: We're NOT using AD groups at all. Roles are assigned only to users. We currently have 37 roles (31 regex-based project roles, 6 global roles) which are assigned to roughly 100 users. The Jenkins instance contains ~50000 jobs (organized in folders).
            Hide
            sschuberth Sebastian Schuberth added a comment -

            I'm seeing a similar issues, but on top of that I cannot login again after logging out, due to

            java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor
            at org.acegisecurity.userdetails.User.<init>(User.java:127)
            at hudson.plugins.script_realm.ScriptSecurityRealm.loadUserByUsername(ScriptSecurityRealm.java:105)
            at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.hasPermission(RoleMap.java:110)
            at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.access$000(RoleMap.java:64)
            at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap$AclImpl.hasPermission(RoleMap.java:341)

            Are you also getting this exception?

            Show
            sschuberth Sebastian Schuberth added a comment - I'm seeing a similar issues, but on top of that I cannot login again after logging out, due to java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor at org.acegisecurity.userdetails.User.<init>(User.java:127) at hudson.plugins.script_realm.ScriptSecurityRealm.loadUserByUsername(ScriptSecurityRealm.java:105) at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.hasPermission(RoleMap.java:110) at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap.access$000(RoleMap.java:64) at com.michelin.cio.hudson.plugins.rolestrategy.RoleMap$AclImpl.hasPermission(RoleMap.java:341) Are you also getting this exception?
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Sebastian Schuberth Error 502 is being tracked as JENKINS-35456.
            Fixing the performance stuff here

            Show
            oleg_nenashev Oleg Nenashev added a comment - Sebastian Schuberth Error 502 is being tracked as JENKINS-35456 . Fixing the performance stuff here
            Show
            oleg_nenashev Oleg Nenashev added a comment - I've created a pull request: https://github.com/jenkinsci/role-strategy-plugin/pull/18 You can try the build from CI: https://jenkins.ci.cloudbees.com/job/plugins/job/role-strategy-plugin/60/org.jenkins-ci.plugins$role-strategy/
            Hide
            sschuberth Sebastian Schuberth added a comment -

            Oleg Nenashev Thanks, but note that I'm not seeing a proxy error 502, just the exception / stack trace I've posted on every page.

            Show
            sschuberth Sebastian Schuberth added a comment - Oleg Nenashev Thanks, but note that I'm not seeing a proxy error 502, just the exception / stack trace I've posted on every page.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Sebastian Schuberth
            Sorry, seems I'm lost in several similar issues. Anyway I'm going to create a pull request for this stacktrace

            Show
            oleg_nenashev Oleg Nenashev added a comment - Sebastian Schuberth Sorry, seems I'm lost in several similar issues. Anyway I'm going to create a pull request for this stacktrace
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
            src/main/java/org/jenkinsci/plugins/rolestrategy/Settings.java
            src/test/java/org/jenkinsci/plugins/rolestrategy/UserAuthoritiesAsRolesTest.java
            http://jenkins-ci.org/commit/role-strategy-plugin/fe8a518169778bc930e230151abffe8e66e78066
            Log:
            JENKINS-35515 - Fix the performance issue (regression in 2.3.0) (#18)

            • JENKINS-35515 - Disable user authorities handling by deefault, allow tweaking cache settings.

            This change should solve the reported performance issues.
            https://issues.jenkins-ci.org/browse/JENKINS-35515

            • Fixed the copy-paste error in the test suite
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java src/main/java/org/jenkinsci/plugins/rolestrategy/Settings.java src/test/java/org/jenkinsci/plugins/rolestrategy/UserAuthoritiesAsRolesTest.java http://jenkins-ci.org/commit/role-strategy-plugin/fe8a518169778bc930e230151abffe8e66e78066 Log: JENKINS-35515 - Fix the performance issue (regression in 2.3.0) (#18) JENKINS-35515 - Disable user authorities handling by deefault, allow tweaking cache settings. This change should solve the reported performance issues. https://issues.jenkins-ci.org/browse/JENKINS-35515 JENKINS-35515 - Fix typo Fixed the copy-paste error in the test suite
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/org/jenkinsci/plugins/rolestrategy/Settings.java
            http://jenkins-ci.org/commit/role-strategy-plugin/4ca0ddc4d67d7a23ba41f4a28416f2eaf1333dc7
            Log:
            JENKINS-35515 - Fix typo in the system property name

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/org/jenkinsci/plugins/rolestrategy/Settings.java http://jenkins-ci.org/commit/role-strategy-plugin/4ca0ddc4d67d7a23ba41f4a28416f2eaf1333dc7 Log: JENKINS-35515 - Fix typo in the system property name
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The fix has been released as role-strategy:2.3.2

            Show
            oleg_nenashev Oleg Nenashev added a comment - The fix has been released as role-strategy:2.3.2
            Hide
            mwebber Matthew Webber added a comment -

            There seems to be a problem with the release - when I look at Jenkins --> Plugin Manager, it shows release "2.3.1" (not .2) as the number of the available upgrade.

            Show
            mwebber Matthew Webber added a comment - There seems to be a problem with the release - when I look at Jenkins --> Plugin Manager, it shows release "2.3.1" (not .2) as the number of the available upgrade.
            Hide
            mwebber Matthew Webber added a comment -

            We have also had performance problems with Jenkins' WebUI recently, and I wonder if it could be this problem. We don't use AD, but we do use CAS for authentication. Can the performance regression also occur there?

            Show
            mwebber Matthew Webber added a comment - We have also had performance problems with Jenkins' WebUI recently, and I wonder if it could be this problem. We don't use AD, but we do use CAS for authentication. Can the performance regression also occur there?
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Matthew Webber
            It takes some time to propagate changes in OSS update centers to all mirrors.
            But the release is in place: http://updates.jenkins-ci.org/download/plugins/role-strategy/2.3.2/role-strategy.hpi

            Regarding CAS it may be also a case. Caching approach in 2.3.0 is not perfect, first load always causes a delay

            Show
            oleg_nenashev Oleg Nenashev added a comment - Matthew Webber It takes some time to propagate changes in OSS update centers to all mirrors. But the release is in place: http://updates.jenkins-ci.org/download/plugins/role-strategy/2.3.2/role-strategy.hpi Regarding CAS it may be also a case. Caching approach in 2.3.0 is not perfect, first load always causes a delay
            Hide
            mwebber Matthew Webber added a comment -

            I can now install 2.3.2 from the mirrors, and it seems to have improved the WebUI performance (we are using CAS authentication).

            Thanks for the very quick response!

            Show
            mwebber Matthew Webber added a comment - I can now install 2.3.2 from the mirrors, and it seems to have improved the WebUI performance (we are using CAS authentication). Thanks for the very quick response!
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Yep, 2.3.2 should just restore 2.2.0 performance for all cases by default.
            It does not mean that I'm happy about 2.2.0 performance

            Show
            oleg_nenashev Oleg Nenashev added a comment - Yep, 2.3.2 should just restore 2.2.0 performance for all cases by default. It does not mean that I'm happy about 2.2.0 performance
            Hide
            andreasmandel Andreas Mandel added a comment -

            I want to mention that I still see a performance drop in using 2.2.0 vs 2.3.2 with default settings. It is about 7 seconds load time vs. 3 seconds!

            My setup has ~1000 Jobs, defining ~ 70 project roles linked mostly 1:1 to LDAP_GROUPS.

            Show
            andreasmandel Andreas Mandel added a comment - I want to mention that I still see a performance drop in using 2.2.0 vs 2.3.2 with default settings. It is about 7 seconds load time vs. 3 seconds! My setup has ~1000 Jobs, defining ~ 70 project roles linked mostly 1:1 to LDAP_GROUPS.

              People

              • Assignee:
                oleg_nenashev Oleg Nenashev
                Reporter:
                reillyprocentive Reilly Brogan
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: