product-is: WSO2 IS Kubernetes - tenant creation error and PoolExhaustedException

Hi We are using WSO2 IS 5.10 deployed on private kubernetes cluster.

We installed it and it was working. Then we tried to add a tenant and we got an error. In the log file we saw the following: Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Unable to put resource Failed to add properties to the resource /_system/governance/repository/security/key-stores/tenant-demo-it.jks. ERRORE: il valore è troppo lungo per il tipo character varying(1000) at org.wso2.carbon.registry.core.jdbc.handlers.builtin.MountHandler.put(MountHandler.java:299) at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.put(HandlerManager.java:2505) at org.wso2.carbon.registry.core.jdbc.handlers.UserDefinedHandlerManager.put(UserDefinedHandlerManager.java:204) at org.wso2.carbon.registry.core.jdbc.handlers.HandlerLifecycleManager.put(HandlerLifecycleManager.java:950) at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.put(EmbeddedRegistry.java:705) at org.wso2.carbon.registry.core.caching.CacheBackedRegistry.put(CacheBackedRegistry.java:591) at org.wso2.carbon.registry.core.session.UserRegistry.putInternal(UserRegistry.java:840) at org.wso2.carbon.registry.core.session.UserRegistry.access$1000(UserRegistry.java:73) at org.wso2.carbon.registry.core.session.UserRegistry$11.run(UserRegistry.java:816) at org.wso2.carbon.registry.core.session.UserRegistry$11.run(UserRegistry.java:813) at java.base/java.security.AccessController.doPrivileged(Native Method) at org.wso2.carbon.registry.core.session.UserRegistry.put(UserRegistry.java:813) at org.wso2.carbon.security.keystore.KeyStoreAdmin.addKeyStore(KeyStoreAdmin.java:260) ... 86 more Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Failed to add properties to the resource /_system/governance/repository/security/key-stores/tenant-demo-it.jks. ERRORE: il valore è troppo lungo per il tipo character varying(1000) at org.wso2.carbon.registry.core.jdbc.dao.JDBCResourceDAO.addProperties(JDBCResourceDAO.java:1653) at org.wso2.carbon.registry.core.jdbc.dao.JDBCResourceDAO.add(JDBCResourceDAO.java:457)

We solved it by modifying the 2 columns in 2 tables. Basically we modifed the column description of table reg_resource and the column reg_value of table reg_property by increasing their dimension from 1000 to 4000.

By doing this modification we successfully created the tenant. But then we noticed this error:

Caused by: org.wso2.carbon.identity.base.IdentityRuntimeException: org.apache.tomcat.jdbc.pool.PoolExhaustedException: [https-jsse-nio-9443-exec-15] Timeout: Pool empty. Unable to fetch a connection in 60 seconds, none available[size:5; busy:5; idle:0; lastwait:60000].

I attach the full container log

This is a fragment of my deployment.toml configuration: `[user_store] type = “database_unique_id” properties.CaseInsensitiveUsername = false

[database.user] url = “jdbc:postgresql://host:port/WSO2IS_SHARED_DB” username = “username” password = “password” driver = “org.postgresql.Driver”

[database.user.pool_options] maxActive = “5” maxWait = “60000” minIdle = “1” maxIdle = “2” testOnBorrow = true validationQuery = “SELECT 1; COMMIT” validationInterval = “30000” defaultAutoCommit = false

[database.identity_db] url = “jdbc:postgresql://host:port/WSO2IS_IDENTITY_DB” username = “username” password = “password” driver = “org.postgresql.Driver”

[database.identity_db.pool_options] maxActive = “5” maxWait = “60000” minIdle = “1” maxIdle = “2” testOnBorrow = true validationQuery = “SELECT 1; COMMIT” validationInterval = “30000” defaultAutoCommit = false

[database.shared_db] url = “jdbc:postgresql://host:port/WSO2IS_SHARED_DB” username = “username” password = “password” driver = “org.postgresql.Driver”

[database.shared_db.pool_options] maxActive = “5” maxWait = “60000” minIdle = “1” maxIdle = “2” testOnBorrow = true validationQuery = “SELECT 1; COMMIT” validationInterval = “30000” defaultAutoCommit = false

[database.bps_database] url = “jdbc:postgresql://host:port/WSO2IS_BPS_DB” username = “username” password = “password” driver = “org.postgresql.Driver”

[database.bps_database.pool_options] maxActive = “5” maxWait = “60000” minIdle = “1” maxIdle = “2” testOnBorrow = true validationQuery = “SELECT 1; COMMIT” validationInterval = “30000” defaultAutoCommit = true

[[datasource]] id = “WSO2ConsentDS” url = “jdbc:postgresql://host:port/WSO2IS_CONSENT_DB” username = “username” password = “password” driver = “org.postgresql.Driver” pool_options.validationQuery = “SELECT 1; COMMIT” pool_options.maxActive = 50 pool_options.maxWait = 60000 # wait in milliseconds pool_options.testOnBorrow = true pool_options.jmxEnabled = false [authentication.consent] data_source = “jdbc/WSO2ConsentDS”`

Now we can’t use the IS anymore. How can we solve this issue? ws02_is.log

About this issue

  • Original URL
  • State: open
  • Created 4 years ago
  • Reactions: 1
  • Comments: 21 (10 by maintainers)

Most upvoted comments

I confirm that the bug was the one we found. We modified the JAR and deployed the new WSO2 IS image in our K8S cluster with the new org.wso2.carbon.identity.oauth_6.4.2.jar All works pretty good.

+2
angeloimm on Nov 19, 2020
Read more comments on GitHub
← product-is: unable to login to application after upgrading to IS 5.11 with <EnableEmailUserName>true</EnableEmailUserName>
product-microgateway: Build failure is observed for arm64 →