[Jenkins-infra] [#74296] https://repo.jenkins-ci.org/ is really slow and/or unreachable

Daniel Beck ml at beckweb.net
Thu Dec 28 20:00:01 UTC 2017

> On 28. Dec 2017, at 20:01, support at jfrog.com wrote:
> We have noticed that the load on your server has increased, and we are still looking into the exact root cause. We do know with certainty that the load is related to what appears to be a script that runs on your side, that updates/creates Permission Targets via the api/security/permissions endpoint, using a user with username 'permission-updater'. We've noticed that this script is running every 30 minutes, and this, along with repository browsing that happens constantly in the background, causes the load on your server to spike every 30 minutes. We are still looking into the root cause of the increase in load, to see if it's related to a change in one of the recent versions of Artifactory. 
> In the meantime, can you kindly elaborate on the use-case behind updating the permission targets every 30 minutes?


Thanks for the update!

Regarding the use case for periodic updates:
We periodically run a script to update permissions defined in a Git repository[1] into Artifactory so we can manage them transparently, and at a fine-grained level. Unfortunately, Artifactory only knows about users from our LDAP once they've logged in to Artifactory at least once. This means that we can have legal permission definitions (based on our LDAP user directory) that only fail as long as a user has not already logged in to Artifactory. We try to catch those manually in PR review (as we don't run code from PRs in an environment with Artifactory admin credentials), but if they get in anyway, we want permissions to be applied soon after a user actually did log in without further manual intervention by our infra admins, hence the execution every 30 minutes.

We've been doing the above for more than a year now, with only modest growth in the data -- of currently 1655 permission targets managed via this Git repo, 1321 have existed since August 2016 when we started to do this, and we've periodically run essentially the same script at the same frequency since September 2016.

I've changed the frequency of the periodic updates to once per day, as the use case is basically just a fallback for premature PR merges. This means that the script will now run an estimated 1-4 times per day (once periodically, plus whenever we merge a PR), rather than the ~50 times it was before.

While you're looking into load and performance, please also consider our support request #73645, in case it's related, or can give you additional information.


1: https://github.com/jenkins-infra/repository-permissions-updater

More information about the Jenkins-infra mailing list