BigW Consortium Gitlab

  1. 25 Jan, 2017 1 commit
    • Fix race conditions for AuthorizedProjectsWorker · 88e627cf
      Yorick Peterse authored
      There were two cases that could be problematic:
      
      1. Because sometimes AuthorizedProjectsWorker would be scheduled in a
         transaction it was possible for a job to run/complete before a
         COMMIT; resulting in it either producing an error, or producing no
         new data.
      
      2. When scheduling jobs the code would not wait until completion. This
         could lead to a user creating a project and then immediately trying
         to push to it. Usually this will work fine, but given enough load it
         might take a few seconds before a user has access.
      
      The first one is problematic, the second one is mostly just annoying
      (but annoying enough to warrant a solution).
      
      This commit changes two things to deal with this:
      
      1. Sidekiq scheduling now takes places after a COMMIT, this is ensured
         by scheduling using Rails' after_commit hook instead of doing so in
         an arbitrary method.
      
      2. When scheduling jobs the calling thread now waits for all jobs to
         complete.
      
      Solution 2 requires tracking of job completions. Sidekiq provides a way
      to find a job by its ID, but this involves scanning over the entire
      queue; something that is very in-efficient for large queues. As such a
      more efficient solution is necessary. There are two main Gems that can
      do this in a more efficient manner:
      
      * sidekiq-status
      * sidekiq_status
      
      No, this is not a joke. Both Gems do a similar thing (but slightly
      different), and the only difference in their name is a dash vs an
      underscore. Both Gems however provide far more than just checking if a
      job has been completed, and both have their problems. sidekiq-status
      does not appear to be actively maintained, with the last release being
      in 2015. It also has some issues during testing as API calls are not
      stubbed in any way. sidekiq_status on the other hand does not appear to
      be very popular, and introduces a similar amount of code.
      
      Because of this I opted to write a simple home grown solution. After
      all, all we need is storing a job ID somewhere so we can efficiently
      look it up; we don't need extra web UIs (as provided by sidekiq-status)
      or complex APIs to update progress, etc.
      
      This is where Gitlab::SidekiqStatus comes in handy. This namespace
      contains some code used for tracking, removing, and looking up job IDs;
      all without having to scan over an entire queue. Data is removed
      explicitly, but also expires automatically just in case.
      
      Using this API we can now schedule jobs in a fork-join like manner: we
      schedule the jobs in Sidekiq, process them in parallel, then wait for
      completion. By using Sidekiq we can leverage all the benefits such as
      being able to scale across multiple cores and hosts, retrying failed
      jobs, etc.
      
      The one downside is that we need to make sure we can deal with
      unexpected increases in job processing timings. To deal with this the
      class Gitlab::JobWaiter (used for waiting for jobs to complete) will
      only wait a number of seconds (30 by default). Once this timeout is
      reached it will simply return.
      
      For GitLab.com almost all AuthorizedProjectWorker jobs complete in
      seconds, only very rarely do we spike to job timings of around a minute.
      These in turn seem to be the result of external factors (e.g. deploys),
      in which case a user is most likely not able to use the system anyway.
      
      In short, this new solution should ensure that jobs are processed
      properly and that in almost all cases a user has access to their
      resources whenever they need to have access.
  2. 25 Nov, 2016 1 commit
    • Refresh project authorizations using a Redis lease · 92b2c74c
      Yorick Peterse authored
      When I proposed using serializable transactions I was hoping we would be
      able to refresh data of individual users concurrently. Unfortunately
      upon closer inspection it was revealed this was not the case. This could
      result in a lot of queries failing due to serialization errors,
      overloading the database in the process (given enough workers trying to
      update the target table).
      
      To work around this we're now using a Redis lease that is cancelled upon
      completion. This ensures we can update the data of different users
      concurrently without overloading the database.
      
      The code will try to obtain the lease until it succeeds, waiting at
      least 1 second between retries. This is necessary as we may otherwise
      end up _not_ updating the data which is not an option.
  3. 23 Nov, 2016 1 commit
  4. 28 Sep, 2016 1 commit
    • Allow Member.add_user to handle access requesters · ec0061a9
      Rémy Coutable authored
      Changes include:
      
      - Ensure Member.add_user is not called directly when not necessary
      - New GroupMember.add_users_to_group to have the same abstraction level as for Project
      - Refactor Member.add_user to take a source instead of an array of members
      - Fix Rubocop offenses
      - Always use Project#add_user instead of project.team.add_user
      - Factorize users addition as members in Member.add_users_to_source
      - Make access_level a keyword argument in GroupMember.add_users_to_group and ProjectMember.add_users_to_projects
      - Destroy any requester before adding them as a member
      - Improve the way we handle access requesters in Member.add_user
        Instead of removing the requester and creating a new member,
        we now simply accepts their access request. This way, they will
        receive a "access request granted" email.
      - Fix error that was previously silently ignored
      - Stop raising when access level is invalid in Member, let Rails validation do their work
      Signed-off-by: 's avatarRémy Coutable <remy@rymai.me>
  5. 18 Sep, 2014 1 commit
  6. 15 Mar, 2014 1 commit
  7. 20 Jun, 2013 1 commit
  8. 05 Apr, 2013 1 commit
  9. 09 Feb, 2013 1 commit
  10. 27 Dec, 2012 1 commit
  11. 13 Nov, 2012 1 commit
  12. 21 Mar, 2012 1 commit
  13. 09 Mar, 2012 1 commit
  14. 15 Dec, 2011 1 commit
  15. 07 Dec, 2011 1 commit
  16. 04 Dec, 2011 2 commits