Subject: Re: Reminder: Tomorrow Dec 9th 2008 VOM(R)S WG check-point meeting From: Tanya Levshina Date: Mon, 8 Dec 2008 17:05:14 -0600 To: CC: Vincenzo Ciaschini , Dimitar Shiyachki , Miguel Anjo , garzogli , Steve Traylen , Andrea Ceccanti , Valerio Venturi , Eva Dafonte Perez Hi Maria, I understand that the timing is really bad but I've just found out about the voms/trustmanager problem (see below) and would like to ask you to add it as AOB for the tomorrow meeting. We don't need really discuss all the details but I would like to understand how we should proceed with this problem. It is pretty urgent to us. ***************************************************** Ted Hesselroth is working on gPlazma authorization server for dcache. gPlazma is using vomsjapi.jar and trustmanager libraries and it looks like they are causing memory leak: The library vomsjapi.jar from glite-security-voms-api-java-1.8.3-3.tar.gz was used in conjunction with glite-security-trustmanager-1.8.16-1.jar and glite-security-util-java-1.4.0-1.jar. The code was used to extract voms attributes from certificate chains. JVM settings were -Xmx128m -XX:MaxDirectMemorySize=128m. gPlazma normally uses about 80m. When authorizations started, resident memory grew to over 500m, and after about 60 authorizations the JVM hung. Using glite-security-trustmanager-1.8.16-1.jar and glite-security-util-java-1.4.0-1.jar alone also showed a slow memory leak. With the same settings, resident memory went up to about 700m after several thousand authorizations. A java profiler showed that the excess memory was not taken up by any java objects. Using the old glite-security-trustmanager-1.6.3dev.jar and glite-security-util-java-1.0.0dev.jar showed no memory leaks, with resident memory staying at about 80m. For use in dCache, the latter jar has been patched to allow voms rfc attributes (FQAN without /Capability=null field) to be parsed. ******************************************************************************* Thanks a lot, Tanya