Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-61211

QueueItemAuthenticator causes Build Queue contention

    XMLWordPrintable

Details

    • Improvement
    • Status: In Review (View Workflow)
    • Major
    • Resolution: Unresolved
    • core
    • core:2.222

    Description

      When using the Authorize Project plugin to configure authorization for build execution, this has severe consequences on the overall performances of a Jenkins master because it request information repeatedly "trying to get user details for impersonation" from the Security Realm. This can happen during in a thread that hold the Queue.Lock

      An instance will periodically become unavailable or take a very long time in builds especially when the build queue becomes large or when a lot of builds are happening all at the same time.

      If start a fresh instance with 2 master executors, configure a "Project default Build Authorization" under Manage Jenkins > configure Global Security, then create a single pipeline and execute it, you will see through FINE logging of hudson.model.User that the {{User#getUserDetailsForImpersonation} is requested 8 times:

      Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success
Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success
Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success
Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success
Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success
Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success
Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success
Feb 24, 2020 2:42:42 PM FINE hudson.model.User getUserDetailsForImpersonation
Impersonation of the user admin was a success

      Workaround

      Caching can be configured at the Security Realm level depending on the solution (for example for LDAP / Active directory).

      Improvement Proposal

      I do however think that something could be improved and that since impersonation is happening so frequently, maybe the UserDetailsCache can be used to improve performance.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-60111 Pipeline extremely slow when triggered by a user in comparison with the time triggered pipeline

          • Major - Major loss of function.
          • Closed
          links to

          Web Link core #4523

          Activity

            There are no comments yet on this issue.

            People

              allan_burdajewicz Allan BURDAJEWICZ
              allan_burdajewicz Allan BURDAJEWICZ
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: