Summary:
Today the Crowd server is being addressed on every uncached authentication request every 5 minutes by default.
There is room for improvement when new and uncached requests are handled within (a very large amount) of Crowd groups.
Steps to reproduce:
1. Have a Crowd user with many (2000 was used) groups in Crowd and import them to Artifactory
2. Try to use a repeated action, e.g. deploying builds, with the same user
3. Inspect that every once every 5 minutes (authentication cache is set to 5 minutes by default), you will see slowed requests (happens because of the crowd groups fetching and handling in Artifactory)
- You may lower the authentication cache time to 1 min to have this reproduced faster using:
artifactory.security.authentication.cache.idleTimeSecs=60
- You may use the script below to deploy builds:
#!/bin/bash BUILDS_NUM=$1 username=$2 password=$3 a=1 mkdir builds while [ $a -le $BUILDS_NUM ] ; do echo '{ "version": "1.0.1", "name": "'a$a'", "number": "1", "type": "GENERIC", "buildAgent": { "name": "Generic", "version": "Generic" }, "agent": { "name": "hudson", "version": "2.7.4" }, "started": "2016-09-23T08:06:37.262+0300", "durationMillis": 2176, "principal": "admin", "artifactoryPrincipal": "admin", "artifactoryPluginVersion": "2.7.2", "url": "http://192.168.59.182:8080/job/hgj/4/", "licenseControl": { "runChecks": false, "includePublishedArtifacts": false, "autoDiscover": false, "scopesList": "", "licenseViolationsRecipientsList": "" }, "buildRetention": { "count": -1, "deleteBuildArtifacts": true, "buildNumbersNotToBeDiscarded": [] }, "modules": [{ "id": "hgj:4", "artifacts": [{ "type": "gz", "sha1": "ab078447ae3d3479b6c1a17ad30c9978dd371995", "md5": "578a3b9c44edcadc7e9e32a576910d6f", "name": "git-lfs-linux-amd64-1.2.0.tar.gz" }], "dependencies": [] }], "buildDependencies": [], "governance": { "blackDuckProperties": { "runChecks": false, "includePublishedArtifacts": false, "autoCreateMissingComponentRequests": false, "autoDiscardStaleComponentRequests": false } } }' > builds/buildinfo$a.json time curl -i -Lvv -H 'Content-Type: application/json' -u $username:$password -X PUT -T builds/buildinfo$a.json localhost:8081/artifactory/api/build & sleep 1 a=`expr $a + 1` done
Use this command to run it:
bash -x deployBuilds.sh 100 {someUserWithManyPermissions} password
- Do not use an admin user
Check the request log with the slowed requests:
http-nio-8081-exec-10|20190430133329|4593|REQUEST|0:0:0:0:0:0:0:1|tester|PUT|/api/build|HTTP/1.1|204|1090 http-nio-8081-exec-8|20190430133330|93|REQUEST|0:0:0:0:0:0:0:1|tester|PUT|/api/build|HTTP/1.1|204|1090 http-nio-8081-exec-3|20190430133331|4602|REQUEST|0:0:0:0:0:0:0:1|tester|PUT|/api/build|HTTP/1.1|204|1090 http-nio-8081-exec-4|20190430133332|50|REQUEST|0:0:0:0:0:0:0:1|tester|PUT|/api/build|HTTP/1.1|204|1090 http-nio-8081-exec-7|20190430133333|4321|REQUEST|0:0:0:0:0:0:0:1|tester|PUT|/api/build|HTTP/1.1|204|1090
all the typical requests will take under 100ms to be complete, after the cache gets expired, you'll see a few requests held up to more than a few seconds (depending on the number of groups)