What happens when you hit Ops Manager tokens expiration API endpoint
search cancel

What happens when you hit Ops Manager tokens expiration API endpoint

book

Article ID: 298393

calendar_today

Updated On:

Products

VMware Tanzu Application Service for VMs

Issue/Introduction

This article explains what happens when you hit Ops manager Token expiration API Endpoint PUT /api/v0/uaa/tokens_expiration.

You are hitting Ops Manager API endpoint PUT api/v0/uaa/tokens_expiration either manually or through your pipeline 
 

uaac curl "https://opsmgr-##.####-##.#####-###-###.#######.com/api/v0/uaa/tokens_expiration" -X PUT -H "Authorization: Bearer UAA-ACCESS-TOKEN" -H "Content-Type: application/json" -d '{"tokens_expiration": {"access_token_expiration": 200, "refresh_token_expiration": 1400}}' -k


and you notice that its taking a longer time around 10 seconds or more to respond. You also notice CPU usage has increased as well while waiting for the response. This is expected.

 

 

Environment

Product Version: 2.13

Resolution

To get an idea on what is happening during the when hitting PUT api/v0/uaa/tokens_expiration 

ssh into your Ops Manager VM
Go to /var/log/opsmanager/production.log

I, [2023-05-09T06:54:45.077986 #843] INFO -- : Started PUT "/api/v0/uaa/tokens_expiration" for 10.254.212.73 at 2023-05-09 06:54:45 +0000
I, [2023-05-09T06:54:45.080384 #843] INFO -- : Processing by Api::V0::Uaa::TokensExpirationsController#update as */*
I, [2023-05-09T06:54:45.080437 #843] INFO -- : Parameters: {"tokens_expiration"=>"[FILTERED]"}
I, [2023-05-09T06:54:45.153586 #843] INFO -- : Valid UAA token
I, [2023-05-09T06:54:45.191481 #843] INFO -- : Terminating UaaLauncher thread.
I, [2023-05-09T06:54:45.191615 #843] INFO -- : Sending UAA pid 6942 a TERM signal
I, [2023-05-09T06:54:45.192299 #843] INFO -- : Waiting for 6942 to go away...
I, [2023-05-09T06:54:56.216305 #843] INFO -- : Spawned: 8587 for UAA
I, [2023-05-09T06:54:56.218002 #843] INFO -- : Completed 200 OK in 11137ms (Views: 0.4ms | ActiveRecord: 5.6ms | Allocations: 11498)

 

When API is hit. You can see that it is shutting down UAA and starting a new process with new UAA PID

Go to /var/log/opsmanager/uaa logs and you can confirm that this is restarting

09-May-2023 06:54:45.208 INFO [Thread-5] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
...
09-May-2023 06:55:36.803 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [38599] milliseconds

 

Restart of UAA is expected behaviour for the PUT /api/v0/uaa/token_expirations API endpoint. This endpoint is modifying the configuration of UAA, which can only be applied after UAA itself has restarted. While UAA is restarting, you would be unable to do further API calls since it is the underlying authentication system used by Ops Manager and its API.

 

Powered by Wolken Software