mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-14 00:31:05 +01:00
Cache generation of the SSH authentication keyfile for sshd
Summary: Ref T11469. This isn't directly related, but has been on my radar for a while: building SSH keyfiles (particular for installs with a lot of keys, like ours) can be fairly slow. At least one cluster instance is making multiple clone requests per second. While that should probably be rate limited separately, caching this should mitigate the impact of these requests. This is pretty straightforward to cache since it's exactly the same every time, and only changes when users modify SSH keys (which is rare). Test Plan: - Ran `bin/auth-ssh`, saw authfile generate. - Ran it again, saw it read from cache. - Changed an SSH key. - Ran it again, saw it regenerate. Reviewers: chad Reviewed By: chad Maniphest Tasks: T11469 Differential Revision: https://secure.phabricator.com/D16744
This commit is contained in:
parent
eb80f3fcd5
commit
c21a71f024
5 changed files with 106 additions and 63 deletions
|
@ -4,18 +4,23 @@
|
||||||
$root = dirname(dirname(dirname(__FILE__)));
|
$root = dirname(dirname(dirname(__FILE__)));
|
||||||
require_once $root.'/scripts/__init_script__.php';
|
require_once $root.'/scripts/__init_script__.php';
|
||||||
|
|
||||||
$keys = id(new PhabricatorAuthSSHKeyQuery())
|
$cache = PhabricatorCaches::getMutableCache();
|
||||||
|
$authfile_key = PhabricatorAuthSSHKeyQuery::AUTHFILE_CACHEKEY;
|
||||||
|
$authfile = $cache->getKey($authfile_key);
|
||||||
|
|
||||||
|
if ($authfile === null) {
|
||||||
|
$keys = id(new PhabricatorAuthSSHKeyQuery())
|
||||||
->setViewer(PhabricatorUser::getOmnipotentUser())
|
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||||
->withIsActive(true)
|
->withIsActive(true)
|
||||||
->execute();
|
->execute();
|
||||||
|
|
||||||
if (!$keys) {
|
if (!$keys) {
|
||||||
echo pht('No keys found.')."\n";
|
echo pht('No keys found.')."\n";
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
$bin = $root.'/bin/ssh-exec';
|
$bin = $root.'/bin/ssh-exec';
|
||||||
foreach ($keys as $ssh_key) {
|
foreach ($keys as $ssh_key) {
|
||||||
$key_argv = array();
|
$key_argv = array();
|
||||||
$object = $ssh_key->getObject();
|
$object = $ssh_key->getObject();
|
||||||
if ($object instanceof PhabricatorUser) {
|
if ($object instanceof PhabricatorUser) {
|
||||||
|
@ -71,7 +76,12 @@ foreach ($keys as $ssh_key) {
|
||||||
$options = implode(',', $options);
|
$options = implode(',', $options);
|
||||||
|
|
||||||
$lines[] = $options.' '.$type.' '.$key."\n";
|
$lines[] = $options.' '.$type.' '.$key."\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
$authfile = implode('', $lines);
|
||||||
|
$ttl = phutil_units('24 hours in seconds');
|
||||||
|
$cache->setKey($authfile_key, $authfile, $ttl);
|
||||||
}
|
}
|
||||||
|
|
||||||
echo implode('', $lines);
|
echo $authfile;
|
||||||
exit(0);
|
exit(0);
|
||||||
|
|
|
@ -191,6 +191,20 @@ final class PhabricatorAuthSSHKeyEditor
|
||||||
return 'ssh-key-'.$object->getPHID();
|
return 'ssh-key-'.$object->getPHID();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function applyFinalEffects(
|
||||||
|
PhabricatorLiskDAO $object,
|
||||||
|
array $xactions) {
|
||||||
|
|
||||||
|
// After making any change to an SSH key, drop the authfile cache so it
|
||||||
|
// is regenerated the next time anyone authenticates.
|
||||||
|
$cache = PhabricatorCaches::getMutableCache();
|
||||||
|
$authfile_key = PhabricatorAuthSSHKeyQuery::AUTHFILE_CACHEKEY;
|
||||||
|
$cache->deleteKey($authfile_key);
|
||||||
|
|
||||||
|
return $xactions;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
protected function getMailTo(PhabricatorLiskDAO $object) {
|
protected function getMailTo(PhabricatorLiskDAO $object) {
|
||||||
return $object->getObject()->getSSHKeyNotifyPHIDs();
|
return $object->getObject()->getSSHKeyNotifyPHIDs();
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,6 +3,8 @@
|
||||||
final class PhabricatorAuthSSHKeyQuery
|
final class PhabricatorAuthSSHKeyQuery
|
||||||
extends PhabricatorCursorPagedPolicyAwareQuery {
|
extends PhabricatorCursorPagedPolicyAwareQuery {
|
||||||
|
|
||||||
|
const AUTHFILE_CACHEKEY = 'ssh.authfile';
|
||||||
|
|
||||||
private $ids;
|
private $ids;
|
||||||
private $phids;
|
private $phids;
|
||||||
private $objectPHIDs;
|
private $objectPHIDs;
|
||||||
|
|
17
src/applications/cache/PhabricatorCaches.php
vendored
17
src/applications/cache/PhabricatorCaches.php
vendored
|
@ -99,6 +99,23 @@ final class PhabricatorCaches extends Phobject {
|
||||||
return $caches;
|
return $caches;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function getMutableCache() {
|
||||||
|
static $cache;
|
||||||
|
if (!$cache) {
|
||||||
|
$caches = self::buildMutableCaches();
|
||||||
|
$cache = self::newStackFromCaches($caches);
|
||||||
|
}
|
||||||
|
return $cache;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function buildMutableCaches() {
|
||||||
|
$caches = array();
|
||||||
|
|
||||||
|
$caches[] = new PhabricatorKeyValueDatabaseCache();
|
||||||
|
|
||||||
|
return $caches;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* -( Repository Graph Cache )--------------------------------------------- */
|
/* -( Repository Graph Cache )--------------------------------------------- */
|
||||||
|
|
||||||
|
|
|
@ -98,7 +98,7 @@ final class PhabricatorKeyValueDatabaseCache
|
||||||
$this->establishConnection('w'),
|
$this->establishConnection('w'),
|
||||||
'DELETE FROM %T WHERE cacheKeyHash IN (%Ls)',
|
'DELETE FROM %T WHERE cacheKeyHash IN (%Ls)',
|
||||||
$this->getTableName(),
|
$this->getTableName(),
|
||||||
$keys);
|
$map);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this;
|
return $this;
|
||||||
|
|
Loading…
Reference in a new issue