Webservice-Gateway (Java process) associated with DCF consumes high amount of CPU
References from top command output:
Tasks: 240 total, 1 running, 239 sleeping, 0 stopped, 0 zombie
%Cpu(s): 99.8 us, 0.1 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi, 0.1 si, 0.0 st
KiB Mem : 12118248 total, 150016 free, 6807444 used, 5160788 buff/cache
KiB Swap: 4194300 total, 3540676 free, 653624 used. 4927304 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
123864 apg 20 0 7136232 1.0g 10408 S 398.3 8.5 88366:33 java
Process Details:
apg 123864 1 99 Jan10 ? 61-08:40:13 /opt/InCharge/DCF/Java/Sun-JRE/11.0u5/bin/java -javaagent:/opt/InCharge/DCF/bin/.runtime/service/1.13u2/apg-bootstrap-agent.jar -Djava.util.logging.config.file=conf/logging.properties -Djava.util.logging.manager=com.watch4net.apg.logging.jul.ClassLoaderLogManager -Dcom.watch4net.webservice.server.ssl.sslEnabledProtocols=TLSv1.2 -Dcom.watch4net.webservice.server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -cp /opt/InCharge/DCF/bin/.runtime/service/1.13u2/apg-service-bootstrap.jar:lib/bootstrap.jar:/opt/InCharge/DCF/Java/Sun-JRE/11.0u5/lib/tools.jar:lib/apg-logging-jul.jar:lib/apg-logging-slf4j.jar:lib/jersey-container-jdk-http-2.26.jar:lib/jersey-media-multipart-2.26.jar:lib/mimepull-1.9.7.jar:lib/yasson-1.0.1.jar:lib/javax.ws.rs-api-2.1.jar:lib/hk2-api-2.5.0-b42.jar:lib/hk2-locator-2.5.0-b42.jar:lib/hk2-utils-2.5.0-b42.jar:lib/javassist-3.22.0-CR2.jar:lib/javax.annotation-api-1.2.jar:lib/javax.inject-1.jar:lib/javax.inject-2.5.0-b42.jar:lib/javax.json-1.1.jar:lib/javax.json-api-1.1.jar:lib/javax.json.bind-api-1.0.jar:lib/javax.servlet-api-3.0.1.jar:lib/jaxb-api-2.2.7.jar:lib/validation-api-1.1.0.Final.jar:lib/jersey-client.jar:lib/jersey-common.jar:lib/jersey-container-servlet-core.jar:lib/jersey-container-servlet.jar:lib/jersey-hk2.jar:lib/jersey-media-jaxb.jar:lib/jersey-media-json-binding.jar:lib/jersey-media-sse.jar:lib/jersey-server.jar com.watch4net.apg.module.plugin.service.Bootstrap com.watch4net.apg.webservice.proxy.Bootstrap main
1) According to the VMWare Smart Assurance DCF design, while communicating to DCF's webservice-gateway, the SSL handshake/authentication will be attempted first, and password-based authentication will be used if SSL authentication fails.
2) However, as we are covering this issue from the performance perspective, the CPU cycles are still engaged every time this webservice gateway attempts connection via SSL authentication for HTTPS based connectivity,
3) In order to correctly terminate each exchange, the output stream must be closed, even if no response body is being sent. However according to reference JDK bug, there seems to be an issue with SSLStreams.doClosure method.
To to disable the HTTPS and run the gateway in HTTP mode and avoid further CPU growth please follow the below:
Before:
com.watch4net.webservice.server.url=https://0.0.0.0:8443/
After:
com.watch4net.webservice.server.url=http://0.0.0.0:8080/
Open the Polling & Thresholds settings for the AMPM Domain à Device Access Tab à DataCollector Access Group à DataCollector Access Setting
Please subscribe to this article to be informed when updates are published.