commit | 6aaf973f366100cc02bc185458a0eb02a1cd2d56 | [log] [tgz] |
---|---|---|
author | Luca Milanesio <luca.milanesio@gmail.com> | Sat May 25 12:51:06 2024 +0100 |
committer | Luca Milanesio <luca.milanesio@gmail.com> | Thu Jul 04 11:51:44 2024 +0100 |
tree | 6759cbf91fc957148e98b0af68250bc9063fa7db | |
parent | 54bc17d2531b2165e7a1b1c24d6eb967b18cfe4f [diff] |
Implement the PermissionBackend.filterQueryChanges() for queries speedup When filtering a large site like GerritHub.io and selecting a small number of projects, it is paramount to reduce the cardinality of the results returned by Lucene and avoid CPU and memory overload of post filtering a large number of changes. Use the projects configuration in virtualhost.config for adding an extra query filter and slash the number of entries to filter for permissions. Depends-On: Change 426537 Change-Id: I2dd78a6053baecd5d37fcce1ae5fe458b23e4a80
Gerrit lib module to split the projects' space into virtual hosts similarly of what you would do with an HTTP Server and different domain names.
Build this module as it was a Gerrit plugin:
virtualhost
directory to Gerrit /plugins/virtualhost
bazel build plugins/virtualhost
virtualhost.jar
module is generated under /bazel-genfiles/plugins/virtualhost/
Copy virtualhost.jar
library to Gerrit /lib
and add the following two extra settings to gerrit.config
:
[gerrit] installModule = com.gerritforge.gerrit.modules.virtualhost.GuiceModule [httpd] filterClass = com.gerritforge.gerrit.modules.virtualhost.VirtualHostFilter
X-Forwarded-Host
Header:When Gerrit is hidden behind multiple service layers (eg. reverse-proxy and load balancer), it is essential to ensure the propagation from the upstream proxy of the header X-Forwarded-Host from the upstream proxy.
/etc/virtualhost.config contains the definition of the virtual hosts and the set of projects included.
Each server
section defines a virtual host and contains a set of projects included. Projects are defined using Gerrit ref-matching expressions and can be repeated multiple times to include multiple matchers.
Example to include all the projects starting with team1/
and the ones starting with the username:
[server "team1.mycompany.com"] projects = team1/* projects = ${username}/*
For all the other server names that are not defined and for SSH access, there is a special default section that lists of visible projects.
Example to include all the projects by default:
[default] projects = ^.*
NOTE: The
^.*
is the only regular expression supported by the virtualhost module because of the potential performance implication of a generic regular expression evaluation during the ACLs. Bear in mind that any possible action perform in Gerrit will go through the virtualhost module filtering and therefore it is paramount to minimize the potential performance impact.