Powered by Algolia

    Increasing memory for OpenIAM services

    In case the system lack memory for OpenIAM services, user might experience problems with synchronization, reconciliation or any other service. They both may go into timeout if you tried to synchronize more than one account. Synchronization also may go over same accounts several times not moving forward, generating a sort of loop, where the only way to stop it is to restart the service. IDM service, in its turn, needs more memory when extensive data should be provisioned and workflow - when lots of requests are generated/approved in parallel.

    When any service requires an increase in memory, you may do it by following the guidelines below for you deployment type.

    Note that steps below should be followed for every service listed in the procedure.

    RPM

    1. Verify if the Cluster and services are running. Before making any changes, ensure that the services are running correctly.
    • Check the status of the OpenIAM CLI.
    openiam-cli status
    • Check if the esb process is running.
    s aux | grep -i esb
    • Check the status of the OpenIAM ESB service.
      systemctl status openiam-esb
    1. Stop OpenIAM services using the CLI...
      openiam-cli stop

    ... and verify the status again.

    openiam-cli status
    1. Now, modify the memory allocation for the OpenIAM services.

    Example below is given for OpenIAM ESB service.

    [root@rhel9 system]# systemctl status openiam-esb
    ● openiam-esb.service - OpenIAM ESB module
         Loaded: loaded (/etc/systemd/system/openiam-esb.service; disabled; preset: disabled)
         Active: active (running) since Mon 2025-02-03 12:47:12 UTC; 17min ago
    TriggeredBy: ● openiam-esb.timer
       Main PID: 34383 (start.sh)
          Tasks: 1895 (limit: 407811)
         Memory: 2.2G
            CPU: 4min 33.270s
         CGroup: /system.slice/openiam-esb.service
                 ├─34383 /bin/bash /usr/local/openiam/services/start.sh openiam-esb "-Xmx4096m -Djdk.tls.client.protocols=TLSv1.2"
                 └─34389 /usr/local/openiam/jdk/bin/java -Dlogging.level.org.elasticsearch.client=ERROR -Dlogging.level.root=ERRO>
    

    Feb 03 12:47:12 rhel9 systemd[1]: Started OpenIAM ESB module.
    Feb 03 12:47:12 rhel9 start.sh[34383]: green
    Feb 03 12:47:23 rhel9 start.sh[34389]: WARNING: An illegal reflective access operation has occurred
    Feb 03 12:47:23 rhel9 start.sh[34389]: WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass (jar:>
    Feb 03 12:47:23 rhel9 start.sh[34389]: WARNING: Please consider reporting this to the maintainers of org.codehaus.groovy.refl>
    Feb 03 12:47:23 rhel9 start.sh[34389]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective ac>
    Feb 03 12:47:23 rhel9 start.sh[34389]: WARNING: All illegal access operations will be denied in a future release
    

    [root@rhel9 system]#
    • Check the current service configuration file.
      cat /etc/systemd/system/openiam-esb.service
    Note: The paths for OpenIAM services other that ESB given as the example here are as follows:
    • /etc/systemd/system/openiam-idm.service.
    • /etc/systemd/system/openiam.service
    • /etc/systemd/system/openiam-ui.service.
    • /etc/systemd/system/openiam-workflow.service.
    • /etc/systemd/system/openiam-auth.service.
    • /etc/systemd/system/openiam-device.service.
    • /etc/systemd/system/openiam-reconciliation.service.
    • /etc/systemd/system/openiam-synchronization.service.
    • /etc/systemd/system/openiam-groovy.service.
    • /etc/systemd/system/openiam-email.service.
    • /etc/systemd/system/openiam-sas.service
    • /etc/systemd/system/openiam-business-rule.service
    • /etc/systemd/system/openiam-adapter@.service
    • /etc/systemd/system/openiam-connector@.service
    • Edit the service configuration file.
      vi /etc/systemd/system/openiam-esb.service
    • Find the ExecStart line and modify the memory allocation (change from -Xmx2048m to -Xmx4096m).

    Before:

      ExecStart=/usr/local/openiam/services/start.sh openiam-esb "-Xmx2048m -Djdk.tls.client.protocols=TLSv1.2"

    After:

      ExecStart=/usr/local/openiam/services/start.sh openiam-esb "-Xmx4096m -Djdk.tls.client.protocols=TLSv1.2"
    1. After updating the configuration, reload the systemd daemon and restart the service to apply the changes.
    • Reload the systemd daemon.
      sudo systemctl daemon-reload
    • Restart the OpenIAM ESB service.
      sudo systemctl restart openiam-esb
    • Verify the status of the OpenIAM ESB service.
      sudo systemctl status openiam-esb
    • Start OpenIAM.
    Openiam-cli start
    • Verify the esb process is running.
      ps aux | grep -i esb

    Check the status of the OpenIAM CLI again.

      openiam-cli status
    1. Repeat the above steps to change memory allocation for the following OpenIAM services:
    • OpenIAM ESB: systemctl status openiam-esb.
    • OpenIAM IDM: systemctl status openiam-idm.
    • OpenIAM UI: systemctl status openiam-ui.
    • OpenIAM Workflow: systemctl status openiam-workflow.
    • OpenIAM Auth: systemctl status openiam-auth.
    • OpenIAM Device: systemctl status openiam-device.
    • OpenIAM Reconciliation: systemctl status openiam-reconciliation.
    • OpenIAM Synchronization: systemctl status openiam-synchronization.
    • OpenIAM Groovy: systemctl status openiam-groovy.
    • OpenIAM Email: systemctl status openiam-email.
    Notes:
    • Ensure that the "-Xmx" value is adjusted according to the available system memory.
    • Do not exceed the total available physical memory.
    • Always verify that the services are running correctly after restarting.
    • We recommend to check the logs for any errors if the services do not start after the restart.

    Docker Swarm

    1. Verify if all containers and running by running the following command. 
    docker ps

    Example below is given for synchronization and ESB services.

    Pre-Change Status

    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker ps | grep sync
    9737857c24ba   openiamdocker/synchronization:debian-4.2.1.10-prod  "docker-entrypoint.sh"  About a minute ago  Up About a minute (healthy)  openiam_synchronization.5g76napx1b01sam0lpf8x8zo2.p6d5s7xemcc905arofsgb1oeg
    • To inspect memory settings of the synchronization service, use the following.
    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker inspect 9737857c24ba | grep -i memory
                "Memory": 643825664,
                "MemoryReservation": 0,
                "MemorySwap": 1287651328,
                "MemorySwappiness": null,
    • For ESB service use the following.
    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker ps | grep esb
    01eef3106dd4   openiamdocker/esb:debian-4.2.1.10-prod  "docker-entrypoint.sh"  2 minutes ago  Up 2 minutes (healthy)  9080/tcp  openiam_esb.5g76napx1b01sam0lpf8x8zo2.9rq4rfb7lc5swglf8vautpltc
    • To inspect memory settings of the ESB service, use commands below.
    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker inspect 550982db7529 | grep -i memory
                "Memory": 2415919104,
                "MemoryReservation": 0,
                "MemorySwap": 4831838208,
                "MemorySwappiness": null,
    1. Navigate to the service directory 
    cd /usr/local/openiam/openiam-docker-compose/3.2/services
    Note: Same path will be applicable for the rest of the services.
    1. Edit the docker-compose.yaml file by running the following command.
    vi docker-compose.yaml

    docker-compose.yaml edited

    1. Shutdown and restart the cluster to apply the changes with the following commands.
    sudo ./shutdown.sh
    sudo ./startup.sh
    1. Validate changes. First, check the running containers by running the following command.
    docker ps
    1. After all containers are up, verify the updated memory allocation as follows.
    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker ps | grep sync
    aa1727057c65   openiamdocker/synchronization:debian-4.2.1.10-prod  "docker-entrypoint.sh"  About a minute ago  Up About a minute (healthy)  openiam_synchronization.5g76napx1b01sam0lpf8x8zo2.p6d5s7xemcc905arofsgb1oeg
    1. Inspect the memory settings for the synchronization service, as shown below.
    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker inspect aa1727057c65 | grep -i memory
                "Memory": 1287651328,
                "MemoryReservation": 0,
                "MemorySwap": 2575302656,
                "MemorySwappiness": null,
    • For the ESB service.
    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker ps | grep esb
    01eef3106dd4   openiamdocker/esb:debian-4.2.1.10-prod  "docker-entrypoint.sh"  2 minutes ago  Up 2 minutes (healthy)  9080/tcp  openiam_esb.5g76napx1b01sam0lpf8x8zo2.9rq4rfb7lc5swglf8vautpltc
    • Inspect the memory settings for the ESB service.
    root@ubuntu:/usr/local/openiam/openiam-docker-compose# docker inspect 01eef3106dd4 | grep -i memory
                "Memory": 3464495104,
                "MemoryReservation": 0,
                "MemorySwap": 6928990208,
                "MemorySwappiness": null,

    This ensures that the memory configurations have been successfully updated for the individual services.

    Previous
    Flyway version issue
    Next
    Running out of disk space