Guacamole Deadlock when creating multiple users

[knorr3]

Hi,
I get the following errors when trying to create multiple users.

Terraform Version

Terraform v1.3.9
on darwin_amd64

Affected Resource(s)

• guacamole_user

Terraform Configuration Files

I want to create three different users. All of them are configured like this:

resource "guacamole_user" "user" {
  username    = var.username1
  password    = "password"
  connections = [
    guacamole_connection_rdp.rdp.id
  ]

  lifecycle {
    ignore_changes = [password]
  }
}

Debug Output

Terraform Log:

module.vm-connections["vm-01"].guacamole_user.user: Creating...
Error: request &{Method:POST URL:http://localhost:8080/guacamole-1.5.0/api/session/data/mysql/users Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Content-Type:[application/json] Guacamole-Token:[<token>]] Body:{Reader:} GetBody:0x835340 ContentLength:65 TransferEncoding:[] Close:false Host:localhost:8080 Form:map[] PostForm:map[] MultipartForm:<nil> Trailer:map[] RemoteAddr: RequestURI: TLS:<nil> Cancel:<nil> Response:<nil> ctx:0xc00012e200}
failed with status code 500
response map[expected:<nil> message:Unexpected internal error statusCode:<nil> translatableMessage:map[key:APP.TEXT_UNTRANSLATED variables:map[MESSAGE:Unexpected internal error]] type:INTERNAL_ERROR]
&{Status:500  StatusCode:500 Proto:HTTP/1.1 ProtoMajor:1 ProtoMinor:1 Header:map[Content-Length:[203] Content-Type:[application/json] Date:[Thu, 09 Mar 2023 09:34:45 GMT]] Body:0xc0007299c0 ContentLength:203 TransferEncoding:[] Close:true Uncompressed:false Trailer:map[] Request:0xc000158a00 TLS:<nil>}

with module.vm-connections["vm-01"].guacamole_user.user,
on modules/vm/guacamole.tf line 6, in resource "guacamole_user" "user":
  6: resource "guacamole_user" "user" {

Tomcat/Guacamole-Client Log:

### Error updating database.  Cause: com.mysql.cj.jdbc.exceptions.MySQLTransactionRollbackException: Deadlock found when trying to get lock; try restarting transaction
### The error may exist in org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
### The error may involve org.apache.guacamole.auth.jdbc.permission.UserPermissionMapper.insert-Inline
### The error occurred while setting parameters
### SQL: INSERT IGNORE INTO guacamole_user_permission (             entity_id,             permission,             affected_user_id         )         SELECT DISTINCT             permissions.entity_id,             permissions.permission,             affected_user.user_id         FROM              (                   SELECT ?         AS entity_id,                        ?             AS permission,                        ? AS affected_name              UNION ALL                  SELECT ?         AS entity_id,                        ?             AS permission,                        ? AS affected_name              UNION ALL                  SELECT ?         AS entity_id,                        ?             AS permission,                        ? AS affected_name              UNION ALL                  SELECT ?         AS entity_id,                        ?             AS permission,                        ? AS affected_name              UNION ALL                  SELECT ?         AS entity_id,                        ?             AS permission,                        ? AS affected_name              )          AS permissions         JOIN guacamole_entity affected_entity ON                 affected_entity.name = permissions.affected_name             AND affected_entity.type = 'USER'         JOIN guacamole_user affected_user ON affected_user.entity_id = affected_entity.entity_id
### Cause: com.mysql.cj.jdbc.exceptions.MySQLTransactionRollbackException: Deadlock found when trying to get lock; try restarting transaction

And the problematic SQL query from above in a nicer format:

INSERT IGNORE INTO guacamole_user_permission (
        entity_id,
        permission,
        affected_user_id
    )
SELECT DISTINCT permissions.entity_id,
    permissions.permission,
    affected_user.user_id
FROM (
        SELECT ? AS entity_id,
            ? AS permission,
            ? AS affected_name
        UNION ALL
        SELECT ? AS entity_id,
            ? AS permission,
            ? AS affected_name
        UNION ALL
        SELECT ? AS entity_id,
            ? AS permission,
            ? AS affected_name
        UNION ALL
        SELECT ? AS entity_id,
            ? AS permission,
            ? AS affected_name
        UNION ALL
        SELECT ? AS entity_id,
            ? AS permission,
            ? AS affected_name
    ) AS permissions
    JOIN guacamole_entity affected_entity ON affected_entity.name = permissions.affected_name
    AND affected_entity.type = 'USER'
    JOIN guacamole_user affected_user ON affected_user.entity_id = affected_entity.entity_id

Expected Behavior

All three users are created successfully.

Actual Behavior

Only one user gets created while for the other two users, I get the error messages from above.

Important Factoids

Guacamole and MySQL DB are running in an AWS EC2 instance. I connect to Guacamole with the AWS session manager "AWS-StartPortForwardingSession" document.

I don't know where to go from here. This probably is a problem with the guacamole client, right?
My first idea for a workaround would be to put a sleep instruction before client.CreateUser(&user) in resource_user.go with a random amount of milliseconds.

Thank you very much in advance! :-)

[techBeck03]

@knorr3, I tested this with guacamole 1.4 with 50 users and it worked every time. I then tested this with 1.5 and ran into issues. My suggestion would be to test on 1.4 while i try to figure out what breaking change happened with 1.5. Thanks

[knorr3]

Hi,
I just got the same error with 1.4.0 (client and server).
It just seems to occur much less frequently then with 1.5.0.