upstream/mercurial-mirror Commit - r40058:33eb670e

wireprotov2: define semantics for content redirects...

wireprotov2: define semantics for content redirects When I implemented the clonebundles feature and deployed it on hg.mozilla.org using Amazon S3 as a content server, server-side CPU and bandwidth usage dropped off a cliff and a ton of server scaling headaches went away pretty much the instant clients with support for clonebundles were rolled out to Firefox CI. An obvious takeaway from that experience was that offloading server load to scalable file servers - potentially backed by a CDN - is a really good idea. Another takeaway was that Mercurial's wire protocol wasn't in a good position to support data offload generally. In wire protocol version 1, there isn't a mechanism in the protocol to say "grab the data from over here instead." For HTTP, we could teach the client to follow HTTP redirects. Or we could invent a media type that encoded redirects inline. But for SSH, we were pretty much out of luck because that protocol wasn't very flexible. Wire protocol version 2 offers the opportunity to do something better. The recent generic server-side content caching layer in the wire protocol version 2 server demonstrated that it is possible to have drop-in caching of responses to command requests. This by itself adds tons of value and already makes the built-in server much more scalable. But I don't want to stop there. The existing server-side caching implementation has a big weakness: it requires the server to send data to the client. This means that the Mercurial server is potentially sending gigabytes of data to thousands of clients. This is problematic because compared to scaling static file servers, scaling dynamic servers is *hard*. A solution to this is to "offload" serving of content to something that isn't the Mercurial server. By offloading content serving, you turn the Mercurial server from a centralized monolithic service to a distributed mostly-indexing service. Assuming high rates of content offload, this should drastically reduce the total work performed by the Mercurial server, both in terms of CPU and data transfer. This will make Mercurial servers vastly easier to scale. This commit defines the semantics for "content redirects" in wire protocol version 2. Essentially: * Servers advertise the set of locations a response could be served from. * When making requests, clients advertise the set of locations they are willing to fetch content from. * Servers can then replace the inline response with one that says "get the response from over here instead." This feature - when fully implemented - will allow extending the server-side caching layer to facilitate such things as integrating your server-side cache with a scalable blob store (such as S3 or a CDN) and offloading most data transfer to that external service. This feature could also be leveraged for load balancing. e.g. requests could come into a central server and then get redirected to an available mirror depending on server availability or locality. There's tons of potential :) Differential Revision: https://phab.mercurial-scm.org/D4774

Gregory Szorc -

r40058:33eb670e default

parent child

Collapse all files

mercurial/help/internals/wireprotocolrpc.txt

0 +130 0

@@ -115,6 +115,22 b' args'
115	Each command defines its own set of argument names and their expected	115	Each command defines its own set of argument names and their expected
116	types.	116	types.
117		117
		118	redirect (optional)
		119	(map) Advertises client support for following response redirects.
		120
		121	This map has the following bytestring keys:
		122
		123	targets
		124	(array of bytestring) List of named redirect targets supported by
		125	this client. The names come from the targets advertised by the
		126	server's capabilities message.
		127
		128	hashes
		129	(array of bytestring) List of preferred hashing algorithms that can
		130	be used for content integrity verification.
		131
		132	See the Content Redirects section below for more on content redirects.
		133
118	This frame type MUST ONLY be sent from clients to servers: it is illegal	134	This frame type MUST ONLY be sent from clients to servers: it is illegal
119	for a server to send this frame to a client.	135	for a server to send this frame to a client.
120		136
@@ -506,6 +522,9 b' status'
506	error	522	error
507	There was an error processing the command. More details about the	523	There was an error processing the command. More details about the
508	error are encoded in the ``error`` key.	524	error are encoded in the ``error`` key.
		525	redirect
		526	The response for this command is available elsewhere. Details on
		527	where are in the ``location`` key.
509		528
510	error (optional)	529	error (optional)
511	A map containing information about an encountered error. The map has the	530	A map containing information about an encountered error. The map has the
@@ -515,5 +534,116 b' error (optional)'
515	(array of maps) A message describing the error. The message uses the	534	(array of maps) A message describing the error. The message uses the
516	same format as those in the ``Human Output Side-Channel`` frame.	535	same format as those in the ``Human Output Side-Channel`` frame.
517		536
		537	location (optional)
		538	(map) Presence indicates that a content redirect has occurred. The map
		539	provides the external location of the content.
		540
		541	This map contains the following bytestring keys:
		542
		543	url
		544	(bytestring) URL from which this content may be requested.
		545
		546	mediatype
		547	(bytestring) The media type for the fetched content. e.g.
		548	``application/mercurial-*``.
		549
		550	In some transports, this value is also advertised by the transport.
		551	e.g. as the ``Content-Type`` HTTP header.
		552
		553	size (optional)
		554	(unsigned integer) Total size of remote object in bytes. This is
		555	the raw size of the entity that will be fetched, minus any
		556	non-Mercurial protocol encoding (e.g. HTTP content or transfer
		557	encoding.)
		558
		559	fullhashes (optional)
		560	(array of arrays) Content hashes for the entire payload. Each entry
		561	is an array of bytestrings containing the hash name and the hash value.
		562
		563	fullhashseed (optional)
		564	(bytestring) Optional seed value to feed into hasher for full content
		565	hash verification.
		566
		567	serverdercerts (optional)
		568	(array of bytestring) DER encoded x509 certificates for the server. When
		569	defined, clients MAY validate that the x509 certificate on the target
		570	server exactly matches the certificate used here.
		571
		572	servercadercerts (optional)
		573	(array of bytestring) DER encoded x509 certificates for the certificate
		574	authority of the target server. When defined, clients MAY validate that
		575	the x509 on the target server was signed by CA certificate in this set.
		576
		577	# TODO support for giving client an x509 certificate pair to be used as a
		578	# client certificate.
		579
		580	# TODO support common authentication mechanisms (e.g. HTTP basic/digest
		581	# auth).
		582
		583	# TODO support custom authentication mechanisms. This likely requires
		584	# server to advertise required auth mechanism so client can filter.
		585
		586	# TODO support chained hashes. e.g. hash for each 1MB segment so client
		587	# can iteratively validate data without having to consume all of it first.
		588
518	TODO formalize when error frames can be seen and how errors can be	589	TODO formalize when error frames can be seen and how errors can be
519	recognized midway through a command response.	590	recognized midway through a command response.
		591
		592	Content Redirects
		593	=================
		594
		595	Servers have the ability to respond to ANY command request with a
		596	redirect to another location. Such a response is referred to as a *redirect
		597	response*. (This feature is conceptually similar to HTTP redirects, but is
		598	more powerful.)
		599
		600	A redirect response MUST ONLY be issued if the client advertises support
		601	for a redirect target.
		602
		603	A redirect response MUST NOT be issued unless the client advertises support
		604	for one.
		605
		606	Clients advertise support for redirect responses after looking at the server's
		607	capabilities data, which is fetched during initial server connection
		608	handshake. The server's capabilities data advertises named targets for
		609	potential redirects.
		610
		611	Each target is described by a protocol name, connection and protocol features,
		612	etc. The server also advertises target-agnostic redirect settings, such as
		613	which hash algorithms are supported for content integrity checking. (See
		614	the documentation for the capabilities command for more.)
		615
		616	Clients examine the set of advertised redirect targets for compatibility.
		617	When sending a command request, the client advertises the set of redirect
		618	target names it is willing to follow, along with some other settings influencing
		619	behavior.
		620
		621	For example, say the server is advertising a ``cdn`` redirect target that
		622	requires SNI and TLS 1.2. If the client supports those features, it will
		623	send command requests stating that the ``cdn`` target is acceptable to use.
		624	But if the client doesn't support SNI or TLS 1.2 (or maybe it encountered an
		625	error using this target from a previous request), then it omits this target
		626	name.
		627
		628	If the client advertises support for a redirect target, the server MAY
		629	substitute the normal, inline response data for a redirect response -
		630	one where the initial CBOR map has a ``status`` key with value ``redirect``.
		631
		632	The redirect response at a minimum advertises the URL where the response
		633	can be retrieved.
		634
		635	The redirect response MAY also advertise additional details about that
		636	content and how to retrieve it. Notably, the response may contain the
		637	x509 public certificates for the server being redirected to or the
		638	certificate authority that signed that server's certificate. Unless the
		639	client has existing settings that offer stronger trust validation than what
		640	the server advertises, the client SHOULD use the server-provided certificates
		641	when validating the connection to the remote server in place of any default
		642	connection verification checks. This is because certificates coming from
		643	the server SHOULD establish a stronger chain of trust than what the default
		644	certification validation mechanism in most environments provides. (By default,
		645	certificate validation ensures the signer of the cert chains up to a set of
		646	trusted root certificates. And if an explicit certificate or CA certificate
		647	is presented, that greadly reduces the set of certificates that will be
		648	recognized as valid, thus reducing the potential for a "bad" certificate
		649	to be used and trusted.)

mercurial/help/internals/wireprotocolv2.txt

0 +32 0

@@ -111,6 +111,38 b' rawrepoformats'
111	requirements can be used to determine whether a client can read a	111	requirements can be used to determine whether a client can read a
112	raw copy of file data available.	112	raw copy of file data available.
113		113
		114	redirect
		115	A map declaring potential content redirects that may be used by this
		116	server. Contains the following bytestring keys:
		117
		118	targets
		119	(array of maps) Potential redirect targets. Values are maps describing
		120	this target in more detail. Each map has the following bytestring keys:
		121
		122	name
		123	(bytestring) Identifier for this target. The identifier will be used
		124	by clients to uniquely identify this target.
		125
		126	protocol
		127	(bytestring) High-level network protocol. Values can be
		128	``http``, ```https``, ``ssh``, etc.
		129
		130	uris
		131	(array of bytestrings) Representative URIs for this target.
		132
		133	snirequired (optional)
		134	(boolean) Indicates whether Server Name Indication is required
		135	to use this target. Defaults to False.
		136
		137	tlsversions (optional)
		138	(array of bytestring) Indicates which TLS versions are supported by
		139	this target. Values are ``1.1``, ``1.2``, ``1.3``, etc.
		140
		141	hashes
		142	(array of bytestring) Indicates support for hashing algorithms that are
		143	used to ensure content integrity. Values include ``sha1``, ``sha256``,
		144	etc.
		145
114	changesetdata	146	changesetdata
115	-------------	147	-------------
116		148

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages