Mercurial > hg
annotate contrib/hg-ssh @ 40021:c537144fdbef
wireprotov2: support response caching
One of the things I've learned from managing VCS servers over the
years is that they are hard to scale. It is well known that some
companies have very beefy (read: very expensive) servers to power
their VCS needs. It is also known that specialized servers for
various VCS exist in order to facilitate scaling servers. (Mercurial
is in this boat.)
One of the aspects that make a VCS server hard to scale is the
high CPU load incurred by constant client clone/pull operations.
To alleviate the scaling pain associated with data retrieval
operations, I want to integrate caching into the Mercurial wire
protocol server as robustly as possible such that servers can
aggressively cache responses and defer as much server load as
possible.
This commit represents the initial implementation of a general
caching layer in wire protocol version 2.
We define a new interface and behavior for a wire protocol cacher
in repository.py. (This is probably where a reviewer should look
first to understand what is going on.)
The bulk of the added code is in wireprotov2server.py, where we
define how a command can opt in to being cached and integrate
caching into command dispatching.
From a very high-level:
* A command can declare itself as cacheable by providing a callable
that can be used to derive a cache key.
* At dispatch time, if a command is cacheable, we attempt to
construct a cacher and use it for serving the request and/or
caching the request.
* The dispatch layer handles the bulk of the business logic for
caching, making cachers mostly "dumb content stores."
* The mechanism for invalidating cached entries (one of the harder
parts about caching in general) is by varying the cache key when
state changes. As such, cachers don't need to be concerned with
cache invalidation.
Initially, we've hooked up support for caching "manifestdata" and
"filedata" commands. These are the simplest to cache, as they should
be immutable over time. Caching of commands related to changeset
data is a bit harder (because cache validation is impacted by
changes to bookmarks, phases, etc). This will be implemented later.
(Strictly speaking, censoring a file should invalidate caches. I've
added an inline TODO to track this edge case.)
To prove it works, this commit implements a test-only extension
providing in-memory caching backed by an lrucachedict. A new test
showing this extension behaving properly is added. FWIW, the
cacher is ~50 lines of code, demonstrating the relative ease with
which a cache can be added to a server.
While the test cacher is not suitable for production workloads, just
for kicks I performed a clone of just the changeset and manifest data
for the mozilla-unified repository. With a fully warmed cache (of just
the manifest data since changeset data is not cached), server-side
CPU usage dropped from ~73s to ~28s. That's pretty significant and
demonstrates the potential that response caching has on server
scalability!
Differential Revision: https://phab.mercurial-scm.org/D4773
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Wed, 26 Sep 2018 17:16:56 -0700 |
parents | 666d90ace0bb |
children | 99e231afc29c |
rev | line source |
---|---|
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
1 #!/usr/bin/env python |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
2 # |
5191
831ebc408ffb
Adjust contrib/hg-ssh for moved dispatch() function.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1640
diff
changeset
|
3 # Copyright 2005-2007 by Intevation GmbH <intevation@intevation.de> |
8228
eee2319c5895
add blank line after copyright notices and after header
Martin Geisler <mg@lazybytes.net>
parents:
8225
diff
changeset
|
4 # |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
5 # Author(s): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
6 # Thomas Arendsen Hein <thomas@intevation.de> |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
7 # |
8225
46293a0c7e9f
updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents:
5197
diff
changeset
|
8 # This software may be used and distributed according to the terms of the |
10263 | 9 # GNU General Public License version 2 or any later version. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
10 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
11 """ |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
12 hg-ssh - a wrapper for ssh access to a limited set of mercurial repos |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
13 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
14 To be used in ~/.ssh/authorized_keys with the "command" option, see sshd(8): |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
15 command="hg-ssh path/to/repo1 /path/to/repo2 ~/repo3 ~user/repo4" ssh-dss ... |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
16 (probably together with these other useful options: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
17 no-port-forwarding,no-X11-forwarding,no-agent-forwarding) |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
18 |
13996
1cafa0426a1a
hg-ssh: fix duplicate word in docstring
Andreas Freimuth <andreas.freimuth@united-bits.de>
parents:
10263
diff
changeset
|
19 This allows pull/push over ssh from/to the repositories given as arguments. |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
20 |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
21 If all your repositories are subdirectories of a common directory, you can |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
22 allow shorter paths with: |
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
23 command="cd path/to/my/repositories && hg-ssh repo1 subdir/repo2" |
1640
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
24 |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
25 You can use pattern matching of your normal shell, e.g.: |
9a5b778f7e2d
Added hint to hg-ssh that you can use shell pattern matching.
Thomas Arendsen Hein <thomas@intevation.de>
parents:
1537
diff
changeset
|
26 command="cd repos && hg-ssh user/thomas/* projects/{mercurial,foo}" |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
27 |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
28 You can also add a --read-only flag to allow read-only access to a key, e.g.: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
29 command="hg-ssh --read-only repos/*" |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
30 """ |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
31 from __future__ import absolute_import |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
32 |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
33 import os |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
34 import shlex |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
35 import sys |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
36 |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
37 # enable importing on demand to reduce startup time |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
38 import hgdemandimport ; hgdemandimport.enable() |
5197
55860a45bbf2
Enable demandimport only in scripts, not in importable modules (issue605)
Thomas Arendsen Hein <thomas@intevation.de>
parents:
5191
diff
changeset
|
39 |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
40 from mercurial import ( |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
41 dispatch, |
38109
666d90ace0bb
py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents:
38107
diff
changeset
|
42 pycompat, |
33891
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
43 ui as uimod, |
42bc7f39376b
contrib: update hg-ssh to conform with import style checks
Augie Fackler <raf@durin42.com>
parents:
32050
diff
changeset
|
44 ) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
45 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
46 def main(): |
37944
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
47 # Prevent insertion/deletion of CRs |
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
48 dispatch.initstdio() |
dc1ed7fe33e4
sshserver: do setbinary() by caller (API)
Yuya Nishihara <yuya@tcha.org>
parents:
33891
diff
changeset
|
49 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
50 cwd = os.getcwd() |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
51 readonly = False |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
52 args = sys.argv[1:] |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
53 while len(args): |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
54 if args[0] == '--read-only': |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
55 readonly = True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
56 args.pop(0) |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
57 else: |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
58 break |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
59 allowed_paths = [os.path.normpath(os.path.join(cwd, |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
60 os.path.expanduser(path))) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
61 for path in args] |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
62 orig_cmd = os.getenv('SSH_ORIGINAL_COMMAND', '?') |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
63 try: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
64 cmdargv = shlex.split(orig_cmd) |
28047
863075fd4cd0
misc: use modern exception syntax
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
28045
diff
changeset
|
65 except ValueError as e: |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
66 sys.stderr.write('Illegal command "%s": %s\n' % (orig_cmd, e)) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
67 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
68 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
69 if cmdargv[:2] == ['hg', '-R'] and cmdargv[3:] == ['serve', '--stdio']: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
70 path = cmdargv[2] |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
71 repo = os.path.normpath(os.path.join(cwd, os.path.expanduser(path))) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
72 if repo in allowed_paths: |
38109
666d90ace0bb
py3: use pycompat.fsencode to convert path to bytes
Pulkit Goyal <7895pulkit@gmail.com>
parents:
38107
diff
changeset
|
73 cmd = [b'-R', pycompat.fsencode(repo), b'serve', b'--stdio'] |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
74 req = dispatch.request(cmd) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
75 if readonly: |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
76 if not req.ui: |
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
77 req.ui = uimod.ui.load() |
38107
44ef9bb7ccd9
py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents:
37944
diff
changeset
|
78 req.ui.setconfig(b'hooks', b'pretxnopen.hg-ssh', |
44ef9bb7ccd9
py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents:
37944
diff
changeset
|
79 b'python:__main__.rejectpush', b'hg-ssh') |
44ef9bb7ccd9
py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents:
37944
diff
changeset
|
80 req.ui.setconfig(b'hooks', b'prepushkey.hg-ssh', |
44ef9bb7ccd9
py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents:
37944
diff
changeset
|
81 b'python:__main__.rejectpush', b'hg-ssh') |
32050
77eaf9539499
dispatch: protect against malicious 'hg serve --stdio' invocations (sec)
Augie Fackler <augie@google.com>
parents:
28047
diff
changeset
|
82 dispatch.dispatch(req) |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
83 else: |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
84 sys.stderr.write('Illegal repository "%s"\n' % repo) |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
85 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
86 else: |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
87 sys.stderr.write('Illegal command "%s"\n' % orig_cmd) |
16607
feb1fd2d13a9
hg-ssh: exit with 255 instead of -1 on error
Mads Kiilerich <mads@kiilerich.com>
parents:
16606
diff
changeset
|
88 sys.exit(255) |
1537
583b3696d24d
Added hg-ssh - a wrapper for ssh access to a limited set of mercurial repos
Thomas Arendsen Hein <thomas@intevation.de>
parents:
diff
changeset
|
89 |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
90 def rejectpush(ui, **kwargs): |
38107
44ef9bb7ccd9
py3: add b'' prefixes in contrib/hg-ssh
Pulkit Goyal <7895pulkit@gmail.com>
parents:
37944
diff
changeset
|
91 ui.warn((b"Permission denied\n")) |
16836
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
92 # mercurial hooks use unix process conventions for hook return values |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
93 # so a truthy return means failure |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
94 return True |
1ba3e17186c8
hg-ssh: read-only flag
David Schleimer <dschleimer@fb.com>
parents:
16779
diff
changeset
|
95 |
16779
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
96 if __name__ == '__main__': |
67bfe7f64e57
hg-ssh: refactor to have main() method
David Schleimer <dschleimer@fb.com>
parents:
16607
diff
changeset
|
97 main() |