The current status of OpenMRS ID subsystem

Hi everyone,

As you are aware, I’ve been working a lot on the OpenMRS ID subsystem this year, as it was incredibly unstable. It was jeopardizing both our issue tracker and wiki availability and usability, and more. So let me update you on what I’m doing.

First, check our updated OpenMRS ID - Architecture docs. I think it’s now in a state anyone can understand it.

I recently deleted around 80 thousand users that were created more than a year ago and never logged in to talk, jira or wiki. I believe a couple more can be deleted, and will soon be working on it. That allowed me to enable Crowd cache and incremental sync, which means that:

a) Login doesn’t randomly stop working every 30 minutes to Jira and Confluence. We are now on the ‘supported’ realm for number of users.

b) We don’t have those weird ‘inactive’ users (for users that didn’t login recently)

c) We can tag anyone again in Wiki!

I’m still working with Atlassian support to get rid of the ‘ghost’ of those users, as I believe that’s the reason why Wiki requires a) so much memory to run and b) takes 5-6 hours on every upgrade. I do hope to fix those problems soon.

I had to create our LDAP database from scratch, as the data wasn’t clean and the application was refusing to start with the data we were giving it. Which mean we have now an ldap in docker that has the full hierarchy as production.

I also fixed a problem in dashboard that was deleting all users that haven’t logged in 2 days, which seemed to cause users to ‘disappear’.

Next steps:

  • Kill the ‘ghost’ users in Confluence. Hopefully next confluence upgrades will be faster
  • Delete even more users that are not being used
  • Delete old LDAP groups
  • Find out how to maintain the number of users to a reasonable number
  • Fix the ldap to get the new certificate when the old one is expiring (I’ve been maintaining it manually so far)
  • Change ID Dashboard so they don’t think that login via email is possible.

cc @dkayiwa @burke @jwnasambu


Also Crowd is not dying daily anymore.

Thanks @cintiadr for all the great work and updating us! :rose:

Thanks so much for doing all this @cintiadr!

Oops, I didn’t realise that restarting LDAP caused trouble. ID was a little bit messed up today, it’s now fixed.

1 Like

@cintiadr Thank you for all the great infrastructure work that you are doing for the community!

Will you be coming for OMRS 19, would be great to see you again and hand over some local gifts from Uganda a token of appreciation for all that you do!

1 Like

Unfortunately not this year :slight_smile: I’ve just changed jobs, so I won’t have enough annual leave for me to go to Africa this year :smiley: