The method {{{ipaclient.remote_plugins.schema.Schema._write_schema}}} is not multiprocess concurrency safe. If multiple processes happen to fetch and update the API schema at the same time, they old write to the same file at the same time. I ran into the issue when I was stress-testing vault with multiple parallel processes.
Instead of writing to final file, the writer should use safe atomic operations:
This operation is safe even if multiple processes create the schema cache at the same time. They all end up to write to different files but only the last rename will win.
I made this ticket a blocker for https://fedorahosted.org/freeipa/ticket/6651 because it is potentially relevant for Custoda IPA Vault integration. A failed cache will trigger a reload of the cache. Since Custodia uses a forking server, it might trigger the issue. It's less likely but may cause hard to debug performance issues. The fix is trivial.
Metadata Update from @cheimes: - Issue assigned to dkupka - Issue set to the milestone: FreeIPA 4.5
Metadata Update from @cheimes: - Custom field affects_doc reset - Custom field blocking reset - Custom field component reset - Custom field on_review reset - Custom field rhbz reset - Custom field type reset - Issue close_status updated to: duplicate - Issue set to the milestone: None (was: FreeIPA 4.5) - Issue status updated to: Closed (was: Open)
Fixed in 3be696c as part of #6690
Metadata Update from @cheimes: - Custom field affects_doc reset
Login to comment on this ticket.