The saml plugin is impacted by a thread leak for versions 2.0.2 and 2.0.3. This issue might end up with:
-
A
java.lang.OutOfMemoryError: unable to create new native thread. This specifically has a very high impact in OpenShift platforms as OpenShift enforces a default container PID limit of 1024. -
Performance issues in the Controller while accessing to the GUI for example.
To confirm you are impacted by this issue, take a thread dump through $JENKINS_URL/threadDump, or How to generate a thread dump?. Where we will see dozens, or hundreds of threads like the one below. A new thread is created after each login.
"Timer for org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver@f6fe197" id=384439 (0x5ddb7) state=TIMED_WAITING cpu=0%
- waiting on <0x52d088af> (a java.util.TaskQueue)
- locked <0x52d088af> (a java.util.TaskQueue)
at java.lang.Object.wait(Native Method)
at java.util.TimerThread.mainLoop(Timer.java:552)
at java.util.TimerThread.run(Timer.java:505)
Environment
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Managed controller
-
CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
-
CloudBees CI (CloudBees Core) on traditional platforms - Client controller
-
CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
-
CloudBees Jenkins Distribution
-
CloudBees Jenkins Enterprise
Resolution
The issue was tracked as JENKINS-65513.
The solution for this issue is to upgrade the saml plugin to a version equal, or higher than 2.0.5.