- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: Management API Error: delete-objects-batch fai...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Management API Error: delete-objects-batch failed
Hello,
I am unable to delete some objects via the delete-objects-batch call, I get the following error:
Batch operation failed. java.lang.RuntimeException: an eclipse error has occurred enable logging on EclipseLinkExceptionHandler to see full error; nested exception is javax.persistence.PersistenceException: java.lang.RuntimeException: an eclipse error has occurred enable logging on EclipseLinkExceptionHandler to see full error
The request payload is just a list of group names:
{"objects":[{"type":"group","list":[{"name":"my_first_group"},{"name":"my_second_group"}]}]}
This call is made on the active server in a MDS domain running version R81.20. (Check Point Security Management Server R81.20 - Build 440)
Looking online I found an SK: https://support.checkpoint.com/results/sk/sk152592
However there are no pending changes and restarting the mds processes does not seem to solve the issue.
I cannot see any errors in the $FWDIR logs.
EDIT: The issue only occurs when there are 5 or more objects to be deleted, 1 to 4 objects works fine. The issues does not seem to be linked with a specific object.
EDIT 2: When reaching more than 100 objects to be deleted in the payload the error is masked and the task shows a "Batch operation completed successfully" message even though the operation failed (objects were not deleted).
Does someone have any leads where to search for ?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Single command or a script? Can you delete an object with the same command, if only a single group is in the list?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This request was sent both manually and via a script but I got the same result on both.
I did manage to delete a single object via the batch api.
Would this indicate that one of the groups is causing the issue ? And if so would there be a way to see which one in the server logs ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Experimenting further I figured that the issue only occured when there were 5 or more objects to be deleted, 1 to 4 objects works fine. The issues does not seem to be linked with a specific object.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Continuing my tests I found a new edge case :
When reaching more than 100 objects to be deleted in the payload the error is masked and the task shows a "Batch operation completed successfully" message even though the operation failed (objects were not deleted).
Hoping this could help narrow down the cause.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I suspect the issue is that you're trying to do too many things at once without a "publish" operation.
We generally recommend this after 100 operations or so.
I would think the batch APIs would handle more than this, which is why it's probably worth a TAC case to investigate: https://help.checkpoint.com
However, I suspect you'll have to do this in smaller batches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anything you're aware of @Omer_Kleinstern?