Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Jenkins / Google Summer of Code Office Hours / 21 Aug 2019
Jenkins / Google Summer of Code Office Hours / 21 Aug 2019
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: GSoC 2019: Abhyudaya Sharma - Role Strategy Performance improvements

Description

In this video Abhyudaya Sharma presents his Google Summer of Code project: Micro-benchmarking framework for Jenkins plugins, Role Strategy Performance Improcements, and the new Folder Authorization Plugin.

Links:

* https://jenkins.io/projects/gsoc/2019/role-strategy-performance/
* https://jenkins.io/blog/2019/06/21/performance-testing-jenkins/
* https://jenkins.io/blog/2019/08/16/folder-auth-plugin/

A

So it's being recorded now, hi.

B

Hi everyone I'm, a beauty and I- have been working on improving the performance of the road strategy plugin for my d-sub project, I now, I last show you a small presentation about it. I'm just sharing my screen.

B

Ok,.

B

So we discussed about three things today, corresponding to the three phases of ji-suk, the first, we will discuss about the micro benchmarking frameworks and running micro, been and gmh benchmarks in Jenkins, both for plugins and now even for the core. Then we will talk about the performance, improvements to role, strategy, plug-in and then we'll finally discuss about the new folder' authorization plugin. So there were a lot of reported performance issues in the RO strategy plugin. So this is where this project starts from.

B

So what we did in the first phase was to create a benchmarking framework for Jenkins, which would enable users and plug-in developers to run jmh benchmarks all of these benchmarks. This framework is now available through the Jenkins test harness to everyone, and we have several e methods for making it easy to run. We have maven profile for running the benchmarks locally, and we have a build step in the pipeline library for running it on CI, Jenkins IO, and we can use configuration as code to configure the instance that is started for the benchmark.

B

So this basically works Travis Jenkins test harness and people we and we have a profile in the plugin form which would get inherited to the plugin.

B

For example, we had benchmarks in the road strategy plugins which plan as a part of the CI pipeline, and we started improving the performance from there. These benchmarks on the CI Jenkins our instance, are run using the run benchmark step that was added to the pipeline library and we have added the ability to use a configuration and score to set up the instances. Data said that started for the benchmarks.

B

Now we will discuss about the improvements to row strategy plugin. So the first time we made a couple of major improvements. The first one was to avoid matching regular expressions again and again so a row strategy plug-in before version 2.7. It used to match all regular expressions that were there for the given roll type for every permission, checking request, toilet and got so to improve the performance.

B

We now cache the collection of rolls that match a given regular expression and we take care of the invalidation of the cache which gets invalidated whenever a new roll is added or modified. So this has given us a lot of improvement in the performance and the benchmarks which were created using the benchmarking framework show improved, shows improvements of about 3,300 percent.

B

The other change we made was to cache implying permissions, so the gen the permission model, that's used by Jenkins, follows a tree like structure, so one permission can imply the other, for example, this the administrator permission, which implicitly gives the user the permission to read any job. So row strategy plug-in used to calculate all of these implying permissions every time it was us to perform a permission check and what we do now to improve the the speed of the permissions X's. We cache the set of permissions, which are implied by any given permissions.

B

This happens when the class is loaded for Jenkins when the plugin is loaded. So this does not waste any time at runtime.

B

Now, like I said, we measured the performance improvements using the benchmark framework and they were visualized using gmh visualizer.

B

Now, after all of these changes, we were able to have a performance improvements of about 10,000 percent in our cases in our test cases, these were some synthetic benchmarks and some of them were user-provided benchmarks, so we covered them all here and for to make it even better. We created the brand new folder authorization plugin. The plugin has just released last week and is now available to everyone through the plugin to the up dragon update center, and this frees us from the backward compatibility of flawed strategy plugin and just like it.

B

This also supports blow builders folders, which I like project rows from growth strategy and agent roles for configuring, permissions to agents, the global rules, just like what strategy plugins global rules and they become applicable everywhere in Jenkins. Now what we introduced is folders, which work on folders from the folders plugins and the permissions to a folder plug-in are inherited to all of the children agent rules.

B

Agent rules actually have agent Rose, which allows us to configure permissions for multiple agents that are connected to Jenkins and we have REST API is for adding in as for managing rules and with swagger JSON support. We also support Jenkins configuration as good out of the works, so this is what a typical configuration for config from configuration s code looks like, and this is the swagger API this. This API is available through swagger hub and you can download stubs for running these API calls from multiple languages.

B

Now, let's go for a quick demo of the folder authorization, plugin.

B

So, let's just first log in as the admin and let's go to where we manage a role.

B

Now we can just add rows here, so let me just add the role and the role was added, not.

A

Longer screen Schenck.

A

They put like one u.s. agent to the demo. You stop sunshine.

B

Yeah so I'll show it again, I'll add another row here and you can assign multiple permissions to the rule and.

B

The room gets hard, and now you can aside any s IDS of the users to the road and the SAT gets a sign and you can see all the permissions that destroy gives us now.

B

Let's just show how the folio rosewood, so we have a couple of rolls. This is this. This is the configure, the less important job role which allows user one to modify all jobs, data inside folder one and it's child folder, and now this provides all the permissions to modify a job and we have another one. That's allows the that's law uses that allows uses one and user to to read the job. So, let's just log in through to user, 1.

B

Now what we see here is there were actually three folders, but this user only has access to one of them and now, when we come head, when the user gets the read access to folder one, he or she automatically gets the access the read access to all its children. Now, let's see this important job and the user does not have any permissions here.

B

But if you remember what we did when we were when I was showing the roles, we have the less important job here and the user gets the permission to build and run the Pro and delete the project in the same, in the same way for agent roles, we've given user one, the permissions to delete agent one, but the user does not have the permissions for agent two.

B

Right now, let's just return, let's just switch to the swagger, her breasts api's. So this is what the swagger of API looks like. We have a yam defile her and this the this list. All the rest API, is that we have so when you go to when you want to look at a particular API, you get the full JSON schema that you need to that.

B

You need to send as a request and you can get some you can get the coil API you can get the server api is, and in coil boy, how can I'm yeah? So you can generate the client sdk in multiple languages.

B

Now the performance, earth folder refrigeration, plugin with the strategy plug-in 2.13, which contains the performance improvements I earlier talked about. So the global rules for a test case of about 500 rolls was, is about nine hundred and thirty four times faster than the rolls in strategy plugin for checking the permission and the folder rolls for an equivalent regular expression based configuration is about fifteen times faster. You can see this get a pull request for a benchmark results.

B

Now some of the challenges that I faced was to have efficient permission takes this took a lot of time and my mentors really helped me here. So the global rolls permission texts now happen in constant time. That is a bigger one. Now the other thing was configuration is called support, so the data band configurator in the configuration is called plugin did not support. Import did not support either import, northern or export of sets. So there were a couple of pull requests there and finally, the thread: safety and safe serialization for the folder folder authorization.

B

Plugin was another challenge, so what we did was make the authorization strategy object immutable. You can see the pull request for all of these changes and finally, I'd like to thank my great mentors, Oleg, Ranjha and sukoon, and please do share your feedback through either your through the gator chart or through the journey begins developer mailing list. Thank you.

A

Thanks for the presentation, so yeah I will stop the recording and we can discuss a little bit vitam. Okay. She won't be this. Video posted Thanks who's watching it.