kallithea Changeset - 6257de126ec7

Changeset - 6257de126ec7

Parent rev.

Child rev.

[Not reviewed]

default

0 6 0

Mads Kiilerich - 10 years ago 2015-08-17 01:11:42
madski@unity3d.com

docs: improve documentation of beaker session configuration

beaker.session.auto is dropped; it defaults to false and there is no reason to
ever set it true for Kallithea.

beaker.session.cookie_path and secure are dropped; like cookie_domain, they
should automatically be set to the right value.
* * *
beaker.session.cookie_expires MUST have the default value of True to provide the default value of 'browser session lifetime' when not enabling 'remember' in the login box. The cookie life is hardcoded to 365 days when remember is selected.

6 files changed with 91 insertions and 134 deletions:

development.ini

docs/usage/performance.rst

kallithea/bin/template.ini.mako

kallithea/config/deployment.ini_tmpl

kallithea/lib/base.py

test.ini

0 comments (0 inline, 0 general)

development.ini

➞

Show inline comments

@@ @@ -332,88 +332,77 @@ celery.always.eager = false @@
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 beaker.cache.data_dir = %(here)s/data/cache/data
 beaker.cache.lock_dir = %(here)s/data/cache/lock
 beaker.cache.regions = short_term,long_term,sql_cache_short
 beaker.cache.short_term.type = memory
 beaker.cache.short_term.expire = 60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type = memory
 beaker.cache.long_term.expire = 36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type = memory
 beaker.cache.sql_cache_short.expire = 10
 beaker.cache.sql_cache_short.key_length = 256
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Name of session cookie. Should be unique for a given host and path, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 ## Sessions should always only be accessible by the browser, not directly by JavaScript.
 beaker.session.httponly = true
 ## Session lifetime. 2592000 seconds is 30 days.
 beaker.session.timeout = 2592000
 ## Server secret used with HMAC to ensure integrity of cookies.
 beaker.session.secret = development-not-secret
 ## Further, encrypt the data with AES.
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 ## File system storage of session data. (default)
 #beaker.session.type = file
 ## db session ##
 ## Cookie only, store all session data inside the cookie. Requires secure secrets.
 #beaker.session.type = cookie
 ## Database storage of session data.
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 ## encrypted cookie client side session, good for many instances ##
 #beaker.session.type = cookie
 ## file based cookies (default) ##
 #beaker.session.type = file
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 beaker.session.secret = development-not-secret
 ## Secure encrypted cookie. Requires AES and AES python libraries
 ## you must disable beaker.session.secret to use this
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## sets session as invalid if it haven't been accessed for given amount of time
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 ## uncomment for https secure cookie
 beaker.session.secure = false
 ## auto save the session to not to use .save()
 beaker.session.auto = False
 ## default cookie expiration time in seconds `true` expire at browser close ##
 #beaker.session.cookie_expires = 3600
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 ## errormator enabled
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 ## TWEAK AMOUNT OF INFO SENT HERE
 ## enables 404 error logging (default False)
 errormator.report_404 = false
 ## time in seconds after request is considered being slow (default 1)

docs/usage/performance.rst

➞

Show inline comments

 .. _performance:
 ================================
 Optimizing Kallithea Performance
 ================================
 When serving a large amount of big repositories, Kallithea can start
 performing slower than expected. Because of the demanding nature of handling large
 amounts of data from version control systems, here are some tips on how to get
 the best performance.
 * Kallithea will perform better on machines with faster disks (SSD/SAN). It's
   more important to have a faster disk than a faster CPU.
 * Slowness on initial page can be easily fixed by grouping repositories, and/or
   increasing cache size (see below). This includes using the lightweight dashboard
   option and ``vcs_full_cache`` setting in .ini file
 Follow these few steps to improve performance of Kallithea system.
 . Increase cache
-    Tweak beaker cache settings in the ini file. That actual effect of that
+    Tweak beaker cache settings in the ini file. The actual effect of that
     is questionable.
 . Switch from sqlite to postgres or mysql
     sqlite is a good option when having a small load on the system. But due to
     locking issues with sqlite, it is not recommended to use it for larger
     deployments. Switching to mysql or postgres will result in an immediate
     performance increase. A tool like SQLAlchemyGrate_ can be used for
     migrating to another database platform.
 . Scale Kallithea horizontally
     Scaling horizontally can give huge performance increases when dealing with
     large traffic (large amount of users, CI servers etc). Kallithea can be
     scaled horizontally on one (recommended) or multiple machines. In order
     to scale horizontally you need to do the following:
     - Each instance needs its own .ini file and unique ``instance_id`` set.
     - Each instance's ``data`` storage needs to be configured to be stored on a
       shared disk storage, preferably together with repositories. This ``data``
       dir contains template caches, sessions, whoosh index and is used for
       task locking (so it is safe across multiple instances). Set the
       ``cache_dir``, ``index_dir``, ``beaker.cache.data_dir``, ``beaker.cache.lock_dir``
       variables in each .ini file to a shared location across Kallithea instances

kallithea/bin/template.ini.mako

➞

Show inline comments

@@ @@ -330,88 +330,77 @@ celery.always.eager = false @@
 <%text>####################################</%text>
 <%text>###         BEAKER CACHE        ####</%text>
 <%text>####################################</%text>
 beaker.cache.data_dir = ${here}/data/cache/data
 beaker.cache.lock_dir = ${here}/data/cache/lock
 beaker.cache.regions = short_term,long_term,sql_cache_short
 beaker.cache.short_term.type = memory
 beaker.cache.short_term.expire = 60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type = memory
 beaker.cache.long_term.expire = 36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type = memory
 beaker.cache.sql_cache_short.expire = 10
 beaker.cache.sql_cache_short.key_length = 256
 <%text>####################################</%text>
 <%text>###       BEAKER SESSION        ####</%text>
 <%text>####################################</%text>
 <%text>## Name of session cookie. Should be unique for a given host and path, even when running</%text>
 <%text>## on different ports. Otherwise, cookie sessions will be shared and messed up.</%text>
 beaker.session.key = kallithea
 <%text>## Sessions should always only be accessible by the browser, not directly by JavaScript.</%text>
 beaker.session.httponly = true
 <%text>## Session lifetime. 2592000 seconds is 30 days.</%text>
 beaker.session.timeout = 2592000
 <%text>## Server secret used with HMAC to ensure integrity of cookies.</%text>
 beaker.session.secret = ${uuid()}
 <%text>## Further, encrypt the data with AES.</%text>
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 <%text>## Type of storage used for the session, current types are</%text>
 <%text>## dbm, file, memcached, database, and memory.</%text>
 <%text>## The storage uses the Container API</%text>
 <%text>## that is also used by the cache system.</%text>
 <%text>## File system storage of session data. (default)</%text>
 #beaker.session.type = file
 <%text>## db session ##</%text>
 <%text>## Cookie only, store all session data inside the cookie. Requires secure secrets.</%text>
 #beaker.session.type = cookie
 <%text>## Database storage of session data.</%text>
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 <%text>## encrypted cookie client side session, good for many instances ##</%text>
 #beaker.session.type = cookie
 <%text>## file based cookies (default) ##</%text>
 #beaker.session.type = file
 <%text>## beaker.session.key should be unique for a given host, even when running</%text>
 <%text>## on different ports. Otherwise, cookie sessions will be shared and messed up.</%text>
 beaker.session.key = kallithea
 beaker.session.secret = ${uuid()}
 <%text>## Secure encrypted cookie. Requires AES and AES python libraries</%text>
 <%text>## you must disable beaker.session.secret to use this</%text>
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 <%text>## sets session as invalid if it haven't been accessed for given amount of time</%text>
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 <%text>## uncomment for https secure cookie</%text>
 beaker.session.secure = false
 <%text>## auto save the session to not to use .save()</%text>
 beaker.session.auto = False
 <%text>## default cookie expiration time in seconds `true` expire at browser close ##</%text>
 #beaker.session.cookie_expires = 3600
 %if error_aggregation_service == 'errormator':
 <%text>############################</%text>
 <%text>## ERROR HANDLING SYSTEMS ##</%text>
 <%text>############################</%text>
 <%text>####################</%text>
 <%text>### [errormator] ###</%text>
 <%text>####################</%text>
 <%text>## Errormator is tailored to work with Kallithea, see</%text>
 <%text>## http://errormator.com for details how to obtain an account</%text>
 <%text>## you must install python package `errormator_client` to make it work</%text>
 <%text>## errormator enabled</%text>
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 <%text>## TWEAK AMOUNT OF INFO SENT HERE</%text>
 <%text>## enables 404 error logging (default False)</%text>
 errormator.report_404 = false

kallithea/config/deployment.ini_tmpl

➞

Show inline comments

@@ @@ -326,88 +326,77 @@ celery.always.eager = false @@
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 beaker.cache.data_dir = %(here)s/data/cache/data
 beaker.cache.lock_dir = %(here)s/data/cache/lock
 beaker.cache.regions = short_term,long_term,sql_cache_short
 beaker.cache.short_term.type = memory
 beaker.cache.short_term.expire = 60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type = memory
 beaker.cache.long_term.expire = 36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type = memory
 beaker.cache.sql_cache_short.expire = 10
 beaker.cache.sql_cache_short.key_length = 256
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Name of session cookie. Should be unique for a given host and path, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 ## Sessions should always only be accessible by the browser, not directly by JavaScript.
 beaker.session.httponly = true
 ## Session lifetime. 2592000 seconds is 30 days.
 beaker.session.timeout = 2592000
 ## Server secret used with HMAC to ensure integrity of cookies.
 beaker.session.secret = ${app_instance_uuid}
 ## Further, encrypt the data with AES.
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 ## File system storage of session data. (default)
 #beaker.session.type = file
 ## db session ##
 ## Cookie only, store all session data inside the cookie. Requires secure secrets.
 #beaker.session.type = cookie
 ## Database storage of session data.
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 ## encrypted cookie client side session, good for many instances ##
 #beaker.session.type = cookie
 ## file based cookies (default) ##
 #beaker.session.type = file
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 beaker.session.secret = ${app_instance_uuid}
 ## Secure encrypted cookie. Requires AES and AES python libraries
 ## you must disable beaker.session.secret to use this
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## sets session as invalid if it haven't been accessed for given amount of time
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 ## uncomment for https secure cookie
 beaker.session.secure = false
 ## auto save the session to not to use .save()
 beaker.session.auto = False
 ## default cookie expiration time in seconds `true` expire at browser close ##
 #beaker.session.cookie_expires = 3600
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 ## errormator enabled
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 ## TWEAK AMOUNT OF INFO SENT HERE
 ## enables 404 error logging (default False)
 errormator.report_404 = false
 ## time in seconds after request is considered being slow (default 1)

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -102,49 +102,50 @@ def _get_access_path(environ): @@
     if org_req:
         path = org_req.environ.get('PATH_INFO')
     return path
 def log_in_user(user, remember, is_external_auth):
     """
     Log a `User` in and update session and cookies. If `remember` is True,
     the session cookie is set to expire in a year; otherwise, it expires at
     the end of the browser session.
     Returns populated `AuthUser` object.
     """
     user.update_lastlogin()
     meta.Session().commit()
     auth_user = AuthUser(dbuser=user,
                          is_external_auth=is_external_auth)
     auth_user.set_authenticated()
     # Start new session to prevent session fixation attacks.
     session.invalidate()
     session['authuser'] = cookie = auth_user.to_cookie()
     # If they want to be remembered, update the cookie
     # If they want to be remembered, update the cookie.
     # NOTE: Assumes that beaker defaults to browser session cookie.
     if remember:
         t = datetime.datetime.now() + datetime.timedelta(days=365)
         session._set_cookie_expires(t)
     session.save()
     log.info('user %s is now authenticated and stored in '
              'session, session attrs %s', user.username, cookie)
     # dumps session attrs back to cookie
     session._update_cookie_out()
     return auth_user
 class BasicAuth(paste.auth.basic.AuthBasicAuthenticator):
     def __init__(self, realm, authfunc, auth_http_code=None):
         self.realm = realm
         self.authfunc = authfunc
         self._rc_auth_http_code = auth_http_code
     def build_authentication(self):
         head = paste.httpheaders.WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)

test.ini

➞

Show inline comments

@@ @@ -332,88 +332,77 @@ celery.always.eager = false @@
 ####################################
 ###         BEAKER CACHE        ####
 ####################################
 beaker.cache.data_dir = %(here)s/data/cache/data
 beaker.cache.lock_dir = %(here)s/data/cache/lock
 beaker.cache.regions = short_term,long_term,sql_cache_short
 beaker.cache.short_term.type = memory
 beaker.cache.short_term.expire = 60
 beaker.cache.short_term.key_length = 256
 beaker.cache.long_term.type = memory
 beaker.cache.long_term.expire = 36000
 beaker.cache.long_term.key_length = 256
 beaker.cache.sql_cache_short.type = memory
 beaker.cache.sql_cache_short.expire = 1
 beaker.cache.sql_cache_short.key_length = 256
 ####################################
 ###       BEAKER SESSION        ####
 ####################################
 ## Name of session cookie. Should be unique for a given host and path, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 ## Sessions should always only be accessible by the browser, not directly by JavaScript.
 beaker.session.httponly = true
 ## Session lifetime. 2592000 seconds is 30 days.
 beaker.session.timeout = 2592000
 ## Server secret used with HMAC to ensure integrity of cookies.
 beaker.session.secret = {74e0cd75-b339-478b-b129-07dd221def1f}
 ## Further, encrypt the data with AES.
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## Type of storage used for the session, current types are
 ## dbm, file, memcached, database, and memory.
 ## The storage uses the Container API
 ## that is also used by the cache system.
 ## File system storage of session data. (default)
 #beaker.session.type = file
 ## db session ##
 ## Cookie only, store all session data inside the cookie. Requires secure secrets.
 #beaker.session.type = cookie
 ## Database storage of session data.
 #beaker.session.type = ext:database
 #beaker.session.sa.url = postgresql://postgres:qwe@localhost/kallithea
 #beaker.session.table_name = db_session
 ## encrypted cookie client side session, good for many instances ##
 #beaker.session.type = cookie
 ## file based cookies (default) ##
 #beaker.session.type = file
 ## beaker.session.key should be unique for a given host, even when running
 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
 beaker.session.key = kallithea
 beaker.session.secret = {74e0cd75-b339-478b-b129-07dd221def1f}
 ## Secure encrypted cookie. Requires AES and AES python libraries
 ## you must disable beaker.session.secret to use this
 #beaker.session.encrypt_key = <key_for_encryption>
 #beaker.session.validate_key = <validation_key>
 ## sets session as invalid if it haven't been accessed for given amount of time
 beaker.session.timeout = 2592000
 beaker.session.httponly = true
 #beaker.session.cookie_path = /<your-prefix>
 ## uncomment for https secure cookie
 beaker.session.secure = false
 ## auto save the session to not to use .save()
 beaker.session.auto = False
 ## default cookie expiration time in seconds `true` expire at browser close ##
 #beaker.session.cookie_expires = 3600
 ############################
 ## ERROR HANDLING SYSTEMS ##
 ############################
 ####################
 ### [errormator] ###
 ####################
 ## Errormator is tailored to work with Kallithea, see
 ## http://errormator.com for details how to obtain an account
 ## you must install python package `errormator_client` to make it work
 ## errormator enabled
 errormator = false
 errormator.server_url = https://api.errormator.com
 errormator.api_key = YOUR_API_KEY
 ## TWEAK AMOUNT OF INFO SENT HERE
 ## enables 404 error logging (default False)
 errormator.report_404 = false
 ## time in seconds after request is considered being slow (default 1)

0 comments (0 inline, 0 general)