RE: Crash After Upgrade from 1.32.1 to 1.35.0

@joshua said in Crash After Upgrade from 1.32.1 to 1.35.0:

@matt-1

Can you confirm that you have applied the migrations in order, and what database engine you are using?

Thanks,
Josh

Ohhh, I did NOT apply the upgrades in order. I was trying to just apply the latest directly. I haven't had a chance to revisit this, but I will revisit it and do just that, then let you know if that resolves it. Thanks.

@joshua When I try to perform the database migration in development/management mode, after clicking submit on the web page to 'Upgrade FusionAuth database', it pauses and then crashes with the following:

2022-03-27 10:24:04.514 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
2022-03-27 10:24:04.515 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.3.205:9011]
2022-03-27 10:24:04.515 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration -
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [database.mysql.connector-version] with value [8.0.21]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2022-03-27 10:24:04.515 AM INFO  com.inversoft.maintenance.MaintenanceModePoller - Poller started to Wait for configuration to be completed.
2022-03-27 10:24:22.480 AM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [d8oGXA] Execute migration script [1.33.0]
2022-03-27 10:24:28.495 AM WARN  org.primeframework.mvc.action.DefaultActionMappingWorkflow - The action class [com.inversoft.maintenance.action.MaintenanceModeWorkflowAction] does not have a valid execute method for the HTTP method [POST]
2022-03-27 10:24:28.498 AM ERROR org.primeframework.mvc.servlet.PrimeFilter - Error encountered
org.primeframework.mvc.PrimeException: Missing result for action class [class com.inversoft.maintenance.action.MaintenanceModeWorkflowAction] URI [/maintenance-mode-workflow] and result code [not-allowed]
	at org.primeframework.mvc.action.result.AbstractForwardResult.locateDefault(AbstractForwardResult.java:161)
	at org.primeframework.mvc.action.result.AbstractForwardResult.buildFullyQualifiedPath(AbstractForwardResult.java:122)
	at org.primeframework.mvc.action.result.AbstractForwardResult.execute(AbstractForwardResult.java:92)
	at org.primeframework.mvc.action.result.DefaultResultInvocationWorkflow.perform(DefaultResultInvocationWorkflow.java:108)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.message.DefaultMessageWorkflow.perform(DefaultMessageWorkflow.java:44)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.scope.DefaultScopeStorageWorkflow.perform(DefaultScopeStorageWorkflow.java:62)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.workflow.DefaultErrorWorkflow.perform(DefaultErrorWorkflow.java:46)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:51)
	at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:96)
	at org.primeframework.mvc.workflow.DefaultWorkflowChain.continueWorkflow(DefaultWorkflowChain.java:44)
	at org.primeframework.mvc.servlet.FilterWorkflowChain.continueWorkflow(FilterWorkflowChain.java:50)
	at org.primeframework.mvc.servlet.PrimeFilter.doFilter(PrimeFilter.java:78)
	at com.inversoft.maintenance.servlet.MaintenanceModePrimeFilter.doFilter(MaintenanceModePrimeFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at com.inversoft.servlet.UTF8Filter.doFilter(UTF8Filter.java:27)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:196)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:364)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:624)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:831)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1650)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:833)

@joshua Hi Josh - that is what I suspected, as I didn't see a schema update or anything kick off, as usual. We have another node in this cluster that is still running the previous version without issue. I'll take them both offline and re-try the upgrade over the weekend and if it fails, I'll make sure to capture all the logs for review.

After a dpkg upgrade of FusionAuth from 1.32.1 to 1.35.0, fusionauth-app will start and assume the master role, but a few seconds after it starts throwing the following errors:

2022-03-22 5:05:28.476 PM ERROR io.fusionauth.app.primeframework.error.ExceptionExceptionHandler - An unhandled exception was thrown
org.apache.ibatis.exceptions.PersistenceException:
### Error updating database.  Cause: org.postgresql.util.PSQLException: ERROR: column "token_hash" of relation "refresh_tokens" does not exist
  Position: 45
### The error may exist in io/fusionauth/api/domain/RefreshTokenMapper.xml
### The error may involve defaultParameterMap
### The error occurred while setting parameters
### SQL: INSERT INTO refresh_tokens (id, tenants_id, token_hash, token_text, users_id, applications_id, insert_instant, data, start_instant)       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
### Cause: org.postgresql.util.PSQLException: ERROR: column "token_hash" of relation "refresh_tokens" does not exist

Any idea what is causing this and how I can go about fixing it? Thanks.

@joshua said in Hakari CP DB Settings?:

It is not necessarily about FusionAuth honoring timeouts as much as it is about the managed database properly informing the connection pool when it intends to remove or modify a database connection. [...] As probably evidenced from the related thread - tuning a managed database so that it properly integrates with a connection pool is a task unto itself. I would recommend reviewing Hikari docs, and. the documentation. that comes with the DB that you are working with.

I believe you're missing the point. I'm simply asking you to let me know if I have put the settings into your application configuration file to that they are passed to Hakari properly. I'm not asking you to solve the managed DB problem for me.

That said, it seems they are because we haven't seen the DB timeouts in 6 FusionAuth environments in over 2 weeks now.

@joshua Hi, that is the thread where I got the links to the settings from. However, I don't see any indication that FusionAuth is honoring them, although I think it is because we've gone 5 days now with no DB timeout errors.

Is there a dev at FusionAuth who can comment as to whether the settings, as I have specified them, are the correct way to have them honored in the fusionauth.properties file?

Can anyone help?

Hi, I found a post where an official linked to the Hikari "Knobs" page and said that most of those should be able to be set in the fusionauth.properties file. I have set several of them while trying to troubleshoot a managed Postgres DB timeout issue, but I am unsure if they are being utilized.

1. Can someone confirm if I have set the following values correctly in the .properties file?

# settings necessary to avoid AWS RDS timeouts
database.initializationFailTimeout=5000
database.minimumIdle=5
database.maximumPoolSize=10
database.maxLifetime=300000
database.keepaliveTime=30000

2. Is there a logging mode or some way for me to determine if FusionAuth is picking up and honoring the settings I have specified?

We have an FusionAuth instance that is the IDP for our web application. We would like to deploy content to Azure Blob Storage and use FusionAuth to control access to that content. However, everything we seem to find on the topic is about using FusionAuth to authenticate against Azure AD, which I don't think we want to do since our users live in FusionAuth and we have no presence in Azure AD at all.

For clarity, we would like the authentication to flow something like this:

1. User logs into our web app and is authenticated via FusionAuth (this is in place already and working well)
2. User requests URL which is a piece of content hosted in an Azure Storage Blob.
3. Azure Storage Blog (or some intermediary) authenticates backs to FusionAuth to check whether the user is authorized for the piece of content or not.

Does anyone have any suggestions or pointers for what we're trying to do, or even if it's possible?