Drop the lastUsedOn fields from AccountSshKeys, AccountExternalIds
By dropping this column we avoid updating the database during the authentication phase for a new web session, or a new SSH session. Avoiding this update on read-only slaves can improve performance if they have very slow connectivity to the master database. On the master node, avoiding the update saves a few relatively useless disk IOs on the database. This change also removes one of the issues we had with converting the user account schema to GiMD. Updating the account database in Git every time a user authenticates would create thousands of objects per hour on busy servers, all of them almost completely useless to the system administrator. This change makes a trade-off of faster session authentication, in return for a bit less information about account usage. Instead of pulling account usage from the database, we'll have to start writing to local log files instead. Change-Id: Ie335f5e6e0f5ff16b987d4e2698bc25ff14bd989 Signed-off-by: Shawn O. Pearce <sop@google.com>
This commit is contained in:
Shawn O. Pearce
@@ -15,8 +15,6 @@
|
||||
package com.google.gerrit.sshd;
|
||||
|
||||
import com.google.gerrit.reviewdb.AccountSshKey;
|
||||
import com.google.gerrit.reviewdb.ReviewDb;
|
||||
import com.google.gwtorm.client.SchemaFactory;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
|
||||
@@ -35,12 +33,10 @@ import java.security.PublicKey;
|
||||
@Singleton
|
||||
class DatabasePubKeyAuth implements PublickeyAuthenticator {
|
||||
private final SshKeyCacheImpl sshKeyCache;
|
||||
private final SchemaFactory<ReviewDb> schema;
|
||||
|
||||
@Inject
|
||||
DatabasePubKeyAuth(final SshKeyCacheImpl skc, final SchemaFactory<ReviewDb> sf) {
|
||||
DatabasePubKeyAuth(final SshKeyCacheImpl skc) {
|
||||
sshKeyCache = skc;
|
||||
schema = sf;
|
||||
}
|
||||
|
||||
public boolean authenticate(final String username,
|
||||
@@ -63,7 +59,6 @@ class DatabasePubKeyAuth implements PublickeyAuthenticator {
|
||||
}
|
||||
}
|
||||
|
||||
key.updateLastUsed(schema);
|
||||
session.setAttribute(SshUtil.CURRENT_ACCOUNT, key.getAccount());
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -16,20 +16,10 @@ package com.google.gerrit.sshd;
|
||||
|
||||
import com.google.gerrit.reviewdb.Account;
|
||||
import com.google.gerrit.reviewdb.AccountSshKey;
|
||||
import com.google.gerrit.reviewdb.ReviewDb;
|
||||
import com.google.gwtorm.client.OrmException;
|
||||
import com.google.gwtorm.client.SchemaFactory;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.security.PublicKey;
|
||||
import java.util.Collections;
|
||||
|
||||
class SshKeyCacheEntry {
|
||||
private static final Logger log =
|
||||
LoggerFactory.getLogger(SshKeyCacheEntry.class);
|
||||
|
||||
private final AccountSshKey.Id id;
|
||||
private final PublicKey publicKey;
|
||||
|
||||
@@ -45,21 +35,4 @@ class SshKeyCacheEntry {
|
||||
boolean match(final PublicKey inkey) {
|
||||
return publicKey.equals(inkey);
|
||||
}
|
||||
|
||||
void updateLastUsed(final SchemaFactory<ReviewDb> schema) {
|
||||
try {
|
||||
final ReviewDb db = schema.open();
|
||||
try {
|
||||
final AccountSshKey k = db.accountSshKeys().get(id);
|
||||
if (k != null) {
|
||||
k.setLastUsedOn();
|
||||
db.accountSshKeys().update(Collections.singleton(k));
|
||||
}
|
||||
} finally {
|
||||
db.close();
|
||||
}
|
||||
} catch (OrmException e) {
|
||||
log.warn("Failed to update \"" + id + "\" SSH key used", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user