Mercurial > hg
view tests/test-trusted.py @ 26623:5a95fe44121d
clonebundles: support for seeding clones from pre-generated bundles
Cloning can be an expensive operation for servers because the server
generates a bundle from existing repository data at request time. For
a large repository like mozilla-central, this consumes 4+ minutes
of CPU time on the server. It also results in significant network
utilization. Multiplied by hundreds or even thousands of clients and
the ensuing load can result in difficulties scaling the Mercurial server.
Despite generation of bundles being deterministic until the next
changeset is added, the generation of bundles to service a clone request
is not cached. Each clone thus performs redundant work. This is
wasteful.
This patch introduces the "clonebundles" extension and related
client-side functionality to help alleviate this deficiency. The
client-side feature is behind an experimental flag and is not enabled by
default.
It works as follows:
1) Server operator generates a bundle and makes it available on a
server (likely HTTP).
2) Server operator defines the URL of a bundle file in a
.hg/clonebundles.manifest file.
3) Client `hg clone`ing sees the server is advertising bundle URLs.
4) Client fetches and applies the advertised bundle.
5) Client performs equivalent of `hg pull` to fetch changes made since
the bundle was created.
Essentially, the server performs the expensive work of generating a
bundle once and all subsequent clones fetch a static file from
somewhere. Scaling static file serving is a much more manageable
problem than scaling a Python application like Mercurial. Assuming your
repository grows less than 1% per day, the end result is 99+% of CPU
and network load from clones is eliminated, allowing Mercurial servers
to scale more easily. Serving static files also means data can be
transferred to clients as fast as they can consume it, rather than as
fast as servers can generate it. This makes clones faster.
Mozilla has implemented similar functionality of this patch on
hg.mozilla.org using a custom extension. We are hosting bundle files in
Amazon S3 and CloudFront (a CDN) and have successfully offloaded
>1 TB/day in data transfer from hg.mozilla.org, freeing up significant
bandwidth and CPU resources. The positive impact has been stellar and
I believe it has proved its value to be included in Mercurial core. I
feel it is important for the client-side support to be enabled in core
by default because it means that clients will get faster, more reliable
clones and will enable server operators to reduce load without
requiring any client-side configuration changes (assuming clients are
up to date, of course).
The scope of this feature is narrowly and specifically tailored to
cloning, despite "serve pulls from pre-generated bundles" being a valid
and useful feature. I would eventually like for Mercurial servers to
support transferring *all* repository data via statically hosted files.
You could imagine a server that siphons all pushed data to bundle files
and instructs clients to apply a stream of bundles to reconstruct all
repository data. This feature, while useful and powerful, is
significantly more work to implement because it requires the server
component have awareness of discovery and a mapping of which changesets
are in which files. Full, clone bundles, by contrast, are much simpler.
The wire protocol command is named "clonebundles" instead of something
more generic like "staticbundles" to leave the door open for a new, more
powerful and more generic server-side component with minimal backwards
compatibility implications. The name "bundleclone" is used by Mozilla's
extension and would cause problems since there are subtle differences
in Mozilla's extension.
Mozilla's experience with this idea has taught us that some form of
"content negotiation" is required. Not all clients will support all
bundle formats or even URLs (advanced TLS requirements, etc). To ensure
the highest uptake possible, a server needs to advertise multiple
versions of bundles and clients need to be able to choose the most
appropriate from that list one. The "attributes" in each
server-advertised entry facilitate this filtering and sorting. Their
use will become apparent in subsequent patches.
Initial inspiration and credit for the idea of cloning from static files
belongs to Augie Fackler and his "lookaside clone" extension proof of
concept.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Fri, 09 Oct 2015 11:22:01 -0700 |
| parents | 56b2bcea2529 |
| children | b4048ce003fb |
line wrap: on
line source
# Since it's not easy to write a test that portably deals # with files from different users/groups, we cheat a bit by # monkey-patching some functions in the util module import os from mercurial import ui, util, error hgrc = os.environ['HGRCPATH'] f = open(hgrc) basehgrc = f.read() f.close() def testui(user='foo', group='bar', tusers=(), tgroups=(), cuser='foo', cgroup='bar', debug=False, silent=False, report=True): # user, group => owners of the file # tusers, tgroups => trusted users/groups # cuser, cgroup => user/group of the current process # write a global hgrc with the list of trusted users/groups and # some setting so that we can be sure it was read f = open(hgrc, 'w') f.write(basehgrc) f.write('\n[paths]\n') f.write('global = /some/path\n\n') if tusers or tgroups: f.write('[trusted]\n') if tusers: f.write('users = %s\n' % ', '.join(tusers)) if tgroups: f.write('groups = %s\n' % ', '.join(tgroups)) f.close() # override the functions that give names to uids and gids def username(uid=None): if uid is None: return cuser return user util.username = username def groupname(gid=None): if gid is None: return 'bar' return group util.groupname = groupname def isowner(st): return user == cuser util.isowner = isowner # try to read everything #print '# File belongs to user %s, group %s' % (user, group) #print '# trusted users = %s; trusted groups = %s' % (tusers, tgroups) kind = ('different', 'same') who = ('', 'user', 'group', 'user and the group') trusted = who[(user in tusers) + 2*(group in tgroups)] if trusted: trusted = ', but we trust the ' + trusted print '# %s user, %s group%s' % (kind[user == cuser], kind[group == cgroup], trusted) u = ui.ui() u.setconfig('ui', 'debug', str(bool(debug))) u.setconfig('ui', 'report_untrusted', str(bool(report))) u.readconfig('.hg/hgrc') if silent: return u print 'trusted' for name, path in u.configitems('paths'): print ' ', name, '=', path print 'untrusted' for name, path in u.configitems('paths', untrusted=True): print '.', u.config('paths', name) # warning with debug=True print '.', u.config('paths', name, untrusted=True) # no warnings print name, '=', path print return u os.mkdir('repo') os.chdir('repo') os.mkdir('.hg') f = open('.hg/hgrc', 'w') f.write('[paths]\n') f.write('local = /another/path\n\n') f.close() #print '# Everything is run by user foo, group bar\n' # same user, same group testui() # same user, different group testui(group='def') # different user, same group testui(user='abc') # ... but we trust the group testui(user='abc', tgroups=['bar']) # different user, different group testui(user='abc', group='def') # ... but we trust the user testui(user='abc', group='def', tusers=['abc']) # ... but we trust the group testui(user='abc', group='def', tgroups=['def']) # ... but we trust the user and the group testui(user='abc', group='def', tusers=['abc'], tgroups=['def']) # ... but we trust all users print '# we trust all users' testui(user='abc', group='def', tusers=['*']) # ... but we trust all groups print '# we trust all groups' testui(user='abc', group='def', tgroups=['*']) # ... but we trust the whole universe print '# we trust all users and groups' testui(user='abc', group='def', tusers=['*'], tgroups=['*']) # ... check that users and groups are in different namespaces print "# we don't get confused by users and groups with the same name" testui(user='abc', group='def', tusers=['def'], tgroups=['abc']) # ... lists of user names work print "# list of user names" testui(user='abc', group='def', tusers=['foo', 'xyz', 'abc', 'bleh'], tgroups=['bar', 'baz', 'qux']) # ... lists of group names work print "# list of group names" testui(user='abc', group='def', tusers=['foo', 'xyz', 'bleh'], tgroups=['bar', 'def', 'baz', 'qux']) print "# Can't figure out the name of the user running this process" testui(user='abc', group='def', cuser=None) print "# prints debug warnings" u = testui(user='abc', group='def', cuser='foo', debug=True) print "# report_untrusted enabled without debug hides warnings" u = testui(user='abc', group='def', cuser='foo', report=False) print "# report_untrusted enabled with debug shows warnings" u = testui(user='abc', group='def', cuser='foo', debug=True, report=False) print "# ui.readconfig sections" filename = 'foobar' f = open(filename, 'w') f.write('[foobar]\n') f.write('baz = quux\n') f.close() u.readconfig(filename, sections=['foobar']) print u.config('foobar', 'baz') print print "# read trusted, untrusted, new ui, trusted" u = ui.ui() u.setconfig('ui', 'debug', 'on') u.readconfig(filename) u2 = u.copy() def username(uid=None): return 'foo' util.username = username u2.readconfig('.hg/hgrc') print 'trusted:' print u2.config('foobar', 'baz') print 'untrusted:' print u2.config('foobar', 'baz', untrusted=True) print print "# error handling" def assertraises(f, exc=error.Abort): try: f() except exc as inst: print 'raised', inst.__class__.__name__ else: print 'no exception?!' print "# file doesn't exist" os.unlink('.hg/hgrc') assert not os.path.exists('.hg/hgrc') testui(debug=True, silent=True) testui(user='abc', group='def', debug=True, silent=True) print print "# parse error" f = open('.hg/hgrc', 'w') f.write('foo') f.close() try: testui(user='abc', group='def', silent=True) except error.ParseError as inst: print inst try: testui(debug=True, silent=True) except error.ParseError as inst: print inst