Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20660

/ui/artifactbuilds endpoint can cause extreme load

    XMLWordPrintable

    Details

    • Severity:
      High

      Description

      Symptoms: Java Garbage Collection is very slow, and there are very long running queries in the Artifactory database.

      The problem comes from the Artifacts Browser menu's "builds" section. This endpoint can find which builds an artifact belongs to, including if it is a dependency. Normally this is fine, but for very popular dependencies, for example the JUnit Java package, can be linked to thousands or hundreds of thousands of builds.

      When this happens, visiting the UI endpoint causes very heavy load on Artifactory, both on the database and the JVM heap. I believe this is because the heap stores the SQL results in memory without pagination.

       

      The number of builds an artifact can belong to is potentially infinite, this endpoint will cause problems for popular build dependencies.

       

      Steps to reproduce: 

      1. Deploy one artifact to Artifactory, note its checksum
      2. Deploy around 10,000 buildinfo.json files that list this artifact as a dependency
      3. Attempt to browse to the Artifacts -> Repository -> Artifact -> "Builds" menu, observe an extremely long response time

      This response time grows the more builds that are added, presenting a linear scaling issue.

      The current suggested workaround is to block the /ui/artifactBuilds endpoint. Other endpoints are available to gather this information.

      #7k builds linked
      20191119184241| [7 seconds] 7251|REQUEST|RESTRICTED_IP|admin|GET|/ui/artifactbuilds|HTTP/1.1|200|0

      #15k builds linked
      20191119185634| [12 seconds] 12715|REQUEST|RESTRICTED_IP|admin|GET|/ui/artifactbuilds|HTTP/1.1|200|0

      #30k builds linked
      20191119193239| [24 seconds]24990|REQUEST|RESTRICTED_IP|anonymous|GET|/ui/artifactbuilds|HTTP/1.1|200|0

        Attachments

        1. build-deps-1.json
          0.4 kB
          Patrick Russell
        2. dep-simulate.sh
          2 kB
          Patrick Russell
        3. Screen Shot 2019-11-19 at 11.49.23 AM.png
          87 kB
          Patrick Russell

          Activity

              People

              Assignee:
              barh Bar Haim
              Reporter:
              patrickr Patrick Russell
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-20660 -
                  SYNCHRONIZED
                  • Last Sync Date: