This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2024-04-11
Channels
- # announcements (2)
- # babashka (31)
- # beginners (31)
- # calva (30)
- # cider (23)
- # clerk (1)
- # clojure (46)
- # clojure-austin (5)
- # clojure-brasil (1)
- # clojure-europe (47)
- # clojure-nl (1)
- # clojure-norway (72)
- # clojure-uk (2)
- # clojurescript (39)
- # conjure (1)
- # cursive (16)
- # data-science (1)
- # datomic (35)
- # dev-tooling (4)
- # events (5)
- # introduce-yourself (2)
- # jobs-discuss (5)
- # missionary (3)
- # polylith (11)
- # releases (4)
- # scittle (4)
- # shadow-cljs (18)
- # spacemacs (16)
- # specter (2)
- # squint (27)
- # xtdb (6)
A couple of question about sizing datomic.objectCacheMax
on Peers that run as Docker containers: The https://docs.datomic.com/pro/configuration/system-properties.html#peer-properties says the default value is "50% of VM RAM, min 32m". In containers, how is that value computed? Is it from the memory reported by the Docker runtime, which can be limited using resource constrains? Or are we talking about the JVM memory (`-Xmx`/`-XX:MaxRAMPercentage`)?
Is the Object Cache allocated on the Java heap, or off-heap? This matters when configuring the container resource constraints versus the Java heap size.
keep in mind that JVM heap ≠ container memory usage, since java classes are not part of the runtime memory slice
I think older JVM versions were lacking container memory awareness, but new JVMs are fine
In the context of Datomic Ions, is there a way to: 1. disable sending the Server: Jetty (<version>) header in the response 2. override the “Ion execution failed” message with a custom one thanks!
Hey @U0H46T23C , can I ask what you’re trying to achieve?
Are the requests going through the automatically created HTTP API Gateway for ions? Or are you talking about lambda?
HTTP API Gateway. i think we can map/rewrite the headers and output there, but i thought i’d check to see first if there was a config at the HTTP Direct level. i don’t know of a JVM flag that we could use either.
Let me think about it and get back to you. You may be in “ run your own API Gateway” territory
anything other than the server type and version, and the predictable catch-all error message
> You may be in ” run your own API Gateway” territory so a solution here would be to run our own gateway and then rewrite the gateway output?
Yes, for example. Another would be to run your own http server in the VPC under the "apps" security group and do whatever you'd like
I mean from enterprise customers. They were spending close to a million dollars on software and service contracts and stipulated that the software had to at least adhere to a checklist of “best practices“ they read somewhere which always included not sending the server name and version
It's a standard low risk finding in most penetration tests, less exposed info=better
hi @U0CJ19XAM, just revisiting this briefly. what are the actual conditions in which a 500 Ion execution failed
response is produced?
(by the way, remapping the Server response header via the API Gateway was a success, although tedious because it requires an individual mapping per possible status code)
Happy to hear remapping was successful. I’m not sure off the top of my head all the possible scenarios for that 500 error. Is there something you’re looking for specifically?
to recap the original problem, we never want to expose the Ion execution failed error message to our users. API Gateway does not support remapping the response body (just headers as far as i can tell), and we don’t want the additional overhead of maintaining a proxy to intercept responses and rewrite them. if we know the conditions that produce the Ions execution error then perhaps we can never produce them.
You should see a 500 error from any uncaught exception encountered while servicing the http-direct handler (which includes decoding the inputstream and encoding the output stream that wrap the http-direct handler-fn you provide)
You can identify the cause by looking for "event" messages cast to cloudwatch log group with the :msg
of IonHttpDirectException
. There should be an attached throwable included on the CW log message.