An error occurred fetching the project authors.
  1. 22 May, 2017 1 commit
  2. 19 May, 2017 1 commit
  3. 17 May, 2017 2 commits
    • Yorick Peterse's avatar
      Hide nested group UI/API support for MySQL · 34974258
      Yorick Peterse authored
      This hides/disables some UI elements and API parameters related to
      nested groups when MySQL is used, since nested groups are not supported
      for MySQL.
      34974258
    • Yorick Peterse's avatar
      Use CTEs for nested groups and authorizations · ac382b56
      Yorick Peterse authored
      This commit introduces the usage of Common Table Expressions (CTEs) to
      efficiently retrieve nested group hierarchies, without having to rely on
      the "routes" table (which is an _incredibly_ inefficient way of getting
      the data). This requires a patch to ActiveRecord (found in the added
      initializer) to work properly as ActiveRecord doesn't support WITH
      statements properly out of the box.
      
      Unfortunately MySQL provides no efficient way of getting nested groups.
      For example, the old routes setup could easily take 5-10 seconds
      depending on the amount of "routes" in a database. Providing vastly
      different logic for both MySQL and PostgreSQL will negatively impact the
      development process. Because of this the various nested groups related
      methods return empty relations when used in combination with MySQL.
      
      For project authorizations the logic is split up into two classes:
      
      * Gitlab::ProjectAuthorizations::WithNestedGroups
      * Gitlab::ProjectAuthorizations::WithoutNestedGroups
      
      Both classes get the fresh project authorizations (= as they should be
      in the "project_authorizations" table), including nested groups if
      PostgreSQL is used. The logic of these two classes is quite different
      apart from their public interface. This complicates development a bit,
      but unfortunately there is no way around this.
      
      This commit also introduces Gitlab::GroupHierarchy. This class can be
      used to get the ancestors and descendants of a base relation, or both by
      using a UNION. This in turn is used by methods such as:
      
      * Namespace#ancestors
      * Namespace#descendants
      * User#all_expanded_groups
      
      Again this class relies on CTEs and thus only works on PostgreSQL. The
      Namespace methods will return an empty relation when MySQL is used,
      while User#all_expanded_groups will return only the groups a user is a
      direct member of.
      
      Performance wise the impact is quite large. For example, on GitLab.com
      Namespace#descendants used to take around 580 ms to retrieve data for a
      particular user. Using CTEs we are able to reduce this down to roughly 1
      millisecond, returning the exact same data.
      
      == On The Fly Refreshing
      
      Refreshing of authorizations on the fly (= when
      users.authorized_projects_populated was not set) is removed with this
      commit. This simplifies the code, and ensures any queries used for
      authorizations are not mutated because they are executed in a Rails
      scope (e.g. Project.visible_to_user).
      
      This commit includes a migration to schedule refreshing authorizations
      for all users, ensuring all of them have their authorizations in place.
      Said migration schedules users in batches of 5000, with 5 minutes
      between every batch to smear the load around a bit.
      
      == Spec Changes
      
      This commit also introduces some changes to various specs. For example,
      some specs for ProjectTeam assumed that creating a personal project
      would _not_ lead to the owner having access, which is incorrect. Because
      we also no longer refresh authorizations on the fly for new users some
      code had to be added to the "empty_project" factory. This chunk of code
      ensures that the owner's permissions are refreshed after creating the
      project, something that is normally done in Projects::CreateService.
      ac382b56
  4. 28 Apr, 2017 1 commit
  5. 13 Apr, 2017 1 commit
  6. 11 Apr, 2017 1 commit
  7. 24 Mar, 2017 1 commit
  8. 22 Mar, 2017 2 commits
  9. 13 Mar, 2017 2 commits
  10. 03 Feb, 2017 1 commit
  11. 27 Jan, 2017 1 commit
  12. 25 Jan, 2017 1 commit
    • Yorick Peterse's avatar
      Fix race conditions for AuthorizedProjectsWorker · 88e627cf
      Yorick Peterse authored
      There were two cases that could be problematic:
      
      1. Because sometimes AuthorizedProjectsWorker would be scheduled in a
         transaction it was possible for a job to run/complete before a
         COMMIT; resulting in it either producing an error, or producing no
         new data.
      
      2. When scheduling jobs the code would not wait until completion. This
         could lead to a user creating a project and then immediately trying
         to push to it. Usually this will work fine, but given enough load it
         might take a few seconds before a user has access.
      
      The first one is problematic, the second one is mostly just annoying
      (but annoying enough to warrant a solution).
      
      This commit changes two things to deal with this:
      
      1. Sidekiq scheduling now takes places after a COMMIT, this is ensured
         by scheduling using Rails' after_commit hook instead of doing so in
         an arbitrary method.
      
      2. When scheduling jobs the calling thread now waits for all jobs to
         complete.
      
      Solution 2 requires tracking of job completions. Sidekiq provides a way
      to find a job by its ID, but this involves scanning over the entire
      queue; something that is very in-efficient for large queues. As such a
      more efficient solution is necessary. There are two main Gems that can
      do this in a more efficient manner:
      
      * sidekiq-status
      * sidekiq_status
      
      No, this is not a joke. Both Gems do a similar thing (but slightly
      different), and the only difference in their name is a dash vs an
      underscore. Both Gems however provide far more than just checking if a
      job has been completed, and both have their problems. sidekiq-status
      does not appear to be actively maintained, with the last release being
      in 2015. It also has some issues during testing as API calls are not
      stubbed in any way. sidekiq_status on the other hand does not appear to
      be very popular, and introduces a similar amount of code.
      
      Because of this I opted to write a simple home grown solution. After
      all, all we need is storing a job ID somewhere so we can efficiently
      look it up; we don't need extra web UIs (as provided by sidekiq-status)
      or complex APIs to update progress, etc.
      
      This is where Gitlab::SidekiqStatus comes in handy. This namespace
      contains some code used for tracking, removing, and looking up job IDs;
      all without having to scan over an entire queue. Data is removed
      explicitly, but also expires automatically just in case.
      
      Using this API we can now schedule jobs in a fork-join like manner: we
      schedule the jobs in Sidekiq, process them in parallel, then wait for
      completion. By using Sidekiq we can leverage all the benefits such as
      being able to scale across multiple cores and hosts, retrying failed
      jobs, etc.
      
      The one downside is that we need to make sure we can deal with
      unexpected increases in job processing timings. To deal with this the
      class Gitlab::JobWaiter (used for waiting for jobs to complete) will
      only wait a number of seconds (30 by default). Once this timeout is
      reached it will simply return.
      
      For GitLab.com almost all AuthorizedProjectWorker jobs complete in
      seconds, only very rarely do we spike to job timings of around a minute.
      These in turn seem to be the result of external factors (e.g. deploys),
      in which case a user is most likely not able to use the system anyway.
      
      In short, this new solution should ensure that jobs are processed
      properly and that in almost all cases a user has access to their
      resources whenever they need to have access.
      88e627cf
  13. 23 Jan, 2017 1 commit
  14. 21 Jan, 2017 1 commit
  15. 15 Jan, 2017 1 commit
  16. 01 Dec, 2016 2 commits
  17. 09 Nov, 2016 1 commit
  18. 08 Nov, 2016 1 commit
  19. 28 Oct, 2016 1 commit
  20. 25 Oct, 2016 1 commit
    • Yorick Peterse's avatar
      Don't schedule ProjectCacheWorker unless needed · 3b4af59a
      Yorick Peterse authored
      This changes ProjectCacheWorker.perform_async so it only schedules a job
      when no lease for the given project is present. This ensures we don't
      end up scheduling hundreds of jobs when they won't be executed anyway.
      3b4af59a
  21. 12 Oct, 2016 1 commit
  22. 06 Oct, 2016 1 commit
  23. 28 Sep, 2016 1 commit
  24. 19 Aug, 2016 1 commit
  25. 09 Aug, 2016 1 commit
  26. 21 Jul, 2016 5 commits
  27. 12 Jul, 2016 2 commits
  28. 07 Jul, 2016 2 commits
  29. 04 Jul, 2016 1 commit
  30. 30 Jun, 2016 1 commit