apacheGH-371: Re-implement the channel pool of an SftpFileSystem

The previous implementation always put unused SftpClients back into
the pool, but SftpClients in the pool were never closed (unless the
whole SSH session was closed).

Let this pool work more like a Java thread pool: besides a maximum
size, give it a minimum "core" size, and a maximum life time for idle
channels in the pool, and remove them from the pool and close them
when they expire. By default, the maximum pool size is 8, the core size
1, and the idle life time 10 seconds.

Also drain the pool when the file system closes, and close all channels.

Remove the ThreadLocal. This mechanism was questionable anyway; it was
the source of multiple earlier bug reports and there are some scenarios
that it just cannot handle correctly. This change will mean that an
application using more threads on an SftpFileSystem instance than the
pool size may see poor SFTP performance on the extra threads. In this
case, the pool size should be increased, or the application redesigned.

Add some technical documentation on all this.

Ensure in SftpFileSystem.readDir(String) that the SftpClient on the
SftpIterableDirEntry is the wrapper. We don't want to close the
underlying pooled channel. Ditto for InputStream and OutputStream
returned from read or write: those also must use the wrapper to react
properly when the wrapper is closed.

Ensure the behavior of an SftpDirectoryStream is correct when the stream
is closed. According to the javadoc on DirectoryStream, the iterator may
continue to produce already cached entries, but then may exhaust early.

Bug: apache#371

Author: tomaswolf

CHANGES.md

@@ -27,7 +27,27 @@
 ## Bug Fixes
 
 * [GH-370](https://github.com/apache/mina-sshd/issues/370) Also compare file keys in `ModifiableFileWatcher`.
+* [GH-371](https://github.com/apache/mina-sshd/issues/371) Fix channel pool in `SftpFileSystem`.
 
 
 * [SSHD-1310](https://issues.apache.org/jira/browse/SSHD-1310) `SftpFileSystem`: do not close user session.
 * [SSHD-1327](https://issues.apache.org/jira/browse/SSHD-1327) `ChannelAsyncOutputStream`: remove write future when done.
+
+## New Features
+
+* [GH-356](https://github.com/apache/mina-sshd/issues/356) Publish snapshot maven artifacts to the [Apache Snapshots](https://repository.apache.org/content/repositories/snapshots) maven repository.
+
+
+## Major Code Re-factoring
+
+As part of the fix for [GH-371](https://github.com/apache/mina-sshd/issues/371)
+the channel pool in `SftpFileSystem` was rewritten completely. Previous code also
+used `ThreadLocal`s to store `SftpClient`s, which could cause memory leaks.
+
+These `ThreadLocal`s have been removed, and the channel pool has been rewritten
+to function similar to a Java `ThreadPool`: the pool has a maximum size; it has
+an expiration duration after which an idle channel is removed and closed, and
+it has a "core size" of channels to keep even if they are idle. If a channel is
+closed for any reason it is evicted from the pool.
+
+Properties to configure these pool parameters have been added to `SftpModuleProperties`.

docs/sftp.md

@@ -307,6 +307,8 @@ does not allow colon (`:`) in either one in order to avoid parsing confusion. Se
 >> deprecated ... Applications may choose to ignore or reject such
 >> data when it is received as part of a reference...
 
+See also the technical notes on the [SftpFileSystem](./technical/sft_filesystem.md).
+
 #### Configuring the `SftpFileSystemProvider`
 
 When "mounting" a new file system one can provide extra configuration parameters using either the

docs/technical/sftp_filesystem.md

@@ -0,0 +1,124 @@
+# The `SftpFileSystem`
+
+Class `SftpFileSystem` is an implementation of `java.nio.file.FileSystem` and
+lets client code treat an SFTP server like any other file system. It is a
+*remote* file system, though, and that has some effects that clients have
+to aware of. Because operations are *remote* operations involving network
+requests and answers, the performance characteristics are different than
+most other file systems.
+
+# Creating an `SftpFileSystem`
+
+An `SftpFileSystem` needs an SSH session to be able to talk to the SFTP server.
+
+There are two ways to create an `SftpFileSystem`:
+
+1. If you already have an SSH `ClientSession`, you can create the file system
+   off that session using `SftpClientFactory.instance().createSftpFileSystem()`.
+   The file system remains valid until it is closed, or until the session is
+   closed. When the file system is closed, the session will *not* be closed.
+   
+2. You can create an `SftpFileSystem` with a `sftp://` URI using the standard
+   Java factory `java.nio.file.FileSystems.newFileSystem()`. This will automatically
+   create an `SshClient` with default settings, and the file system will open
+   an SSH session itself. This session has heartbeats enabled to keep it open
+   for as long as the file system is open. The file system remains valid until
+   closed, at which point it will close the session it had created.
+
+In either case, the file system will be closed if the session closes.
+
+# SSH Resource Management
+
+Most operations on an `SftpFileSystem`, or on streams returned, produce SFTP
+requests over the network, and wait for a reply to be received. This works
+internally by using `SftpClient` to talk to the SFTP server. An `SftpClient`
+is the client-side implementation of the SFTP protocol over an SSH channel
+(a `ChannelSession`).
+
+The SSH channel and the `SftpClient` are tightly coupled: the channel is
+opened when the `SftpClient`is initialized, and the channel is closed when
+the `SftpClient` is closed, and when the channel closes, so is the `SftpClient`.
+
+For `SftpFileSystem` it would be rather inefficient to use a new `SftpClient`
+for each new operation. That would create a new channel every time, and tear
+it down after the operation. But channels have a setup cost, and the SFTP
+protocol also has to initialized, both of which involve exchanging messages
+over the network. This is not efficient if one wants to perform multiple
+operations, such as transferring multiple files with `java.nio.file.Files.copy()`.
+
+## The Channel Pool
+
+The `SftpFileSystem` thus employs a *pool* of `SftpClient`s. This pool is
+initially empty. The first operation will create an `SftpClient`, initialize
+it, and then perform its operation. But then it will add the still open
+`SftpClient` to the pool for use by subsequent operations instead of closing
+it. The next operation can then simply grab this already initialized `SftpClient`
+with its open channel and perform its operation.
+
+The pool is limited by a maximum size of `SftpModuleProperties.POOL_SIZE` (by
+default 8). The pool can grow to this size if there are that many threads that
+perform operations on the `SftpFileSystem` concurrently.
+
+`SftpClient`s in the pool need to be closed at some point. Consider an application
+that has a burst of file transfers and uses 8 threads to perform them. Afterwards,
+the pool will contain 8 `SftpClient`s: that's 8 open SSH channels, each with an SFTP
+subsystem at the server's end. If the application then does only little, like
+transferring a few files sequentially over the next few hours, until the next burst
+(which may never come), then we don't want to keep all 8 channels open and consuming
+resources not only in the client but also on the server side.
+
+(This assumes that the whole SSH session remains open for that long, which can be
+accomplished by using heartbeats on the session.)
+
+The `SftpFileSystem` handles this by expiring inactive clients from the pool. If a
+client has been in the pool for `SftpModuleProperties.POOL_LIFE_TIME` (default is 10
+seconds), it is removed from the pool and closed. (If it was in the pool for that
+time, this means it was idle for that time: no operation was performed on it.) If
+no operation on the `SftpFileSystem` occurs at all for this time, it's possible that
+the pool is emptied, and the next operation has to create and initialize a new
+`SftpClient`and channel.
+
+If an application doesn't want this, it can define `SftpModuleProperties.POOL_CORE_SIZE`,
+which must be smaller than `POOL_SIZE`. By default, it is zero. If greater than zero,
+that many `SftpClient`s are kept in the pool (and that many channels are kept open)
+even if they are idle.
+
+It should be noted that the SFTP server may also decide to close channels whenever
+it wants. This will close the channel and the `SftpClient`on the client side. If it
+happens while a client-side operation is ongoing, the operation will fail with an
+exception; it it happens on an idle `SftpClient` in the pool, the `SftpClient` is
+simply removed from the pool.
+
+If the whole SSH session is closed, the `SftpFileSystem` is closed. When a
+`SftpFileSystem` is closed, all `SftpClient`s in the pool are closed, and no new
+clients will be added to the pool.
+
+## Choosing the Pool Size
+
+If there are more then `POOL_SIZE` threads using the same `SftpFileSystem`, it is
+possible that all `POOL_SIZE` clients are already in use when a thread tries to
+do a file system operation. In this case, a new `SftpClient` is created, which
+will be closed after the operation. This is a sign of the `POOL_SIZE` being too 
+small for the application, or that the application is badly designed. Using too
+many threads for remote file operations is not a good idea in SFTP: all traffic
+in the end goes over a single network connection anyway. Using a limited number
+of threads may bring some speedup compared to strictly sequential operations
+because the handling of the data received is offloaded to these threads, while
+the next message can already be sent or received. But copying 1000 files using
+1000 threads and SSH channels is nonsense; it's far better to handle that many
+files in batches with a smaller number of threads (maybe 8).
+
+In any case, `SftpModuleProperties.POOL_SIZE` should be large enough to accommodate
+the number of threads the client application is going to use for operations on
+the `SftpFileSystem`. If there are more threads, performance may degrade.
+
+Versions of Apache MINA sshd <= 2.10.0 tried to mitigate this performance drop
+for such "extra" threads by keeping the `SftpClient` in a `ThreadLocal`, so that
+such "extra" threads could re-use the `SftpClient`. This mechanism has been *removed*
+because it sometimes caused memory leaks. The mechanism was also flawed because
+there were use cases where it just could not work correctly.
+
+Design your application such that is uses a small maximum number of threads that
+perform operations on a `SftpFileSystem`instance. Set `SftpModuleProperties.POOL_SIZE`
+such that it is >= the maximum number of threads that operate concurrently on the
+file system. The default pool size is 8.

sshd-sftp/src/main/java/org/apache/sshd/sftp/SftpModuleProperties.java

@@ -60,11 +60,38 @@ public final class SftpModuleProperties {
             = Property.duration("sftp-channel-open-timeout", Duration.ofSeconds(15L));
 
     /**
-     * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystem}.
+     * The maximum size of the channel pool used by an {@link org.apache.sshd.sftp.client.fs.SftpFileSystem}; by default
+     * 8. The value must be > zero.
+     *
+     * @see org.apache.sshd.sftp.client.fs.SftpFileSystem
      */
     public static final Property<Integer> POOL_SIZE
             = Property.integer("sftp-fs-pool-size", 8);
 
+    /**
+     * A timeout after which idle channels in the pool of an {@link org.apache.sshd.sftp.client.fs.SftpFileSystem} are
+     * removed from the pool and closed; by default 10 seconds. If set to zero, channels in the pool will not expire and
+     * will be closed only then the file system is closed, or if the server closes them.
+     * <p>
+     * The duration should not be shorter than 1 millisecond. If it is, 1 millisecond will be assumed.
+     * </p>
+     *
+     * @see org.apache.sshd.sftp.client.fs.SftpFileSystem
+     */
+    public static final Property<Duration> POOL_LIFE_TIME
+            = Property.duration("sftp-fs-pool-life-time", Duration.ofSeconds(10));
+
+    /**
+     * If &gt;= 0, that many channels may be kept open in the channel pool of an
+     * {@link org.apache.sshd.sftp.client.fs.SftpFileSystem} even if they are idle; by default 1. If &gt;=
+     * {@link #POOL_SIZE}, channels will not expire and will be closed only then the file system is closed, or if the
+     * server closes them.
+     *
+     * @see org.apache.sshd.sftp.client.fs.SftpFileSystem
+     */
+    public static final Property<Integer> POOL_CORE_SIZE
+            = Property.integer("sftp-fs-pool-core-size", 1);
+
     /**
      * See {@link org.apache.sshd.sftp.client.fs.SftpFileSystemProvider}.
      */

sshd-sftp/src/main/java/org/apache/sshd/sftp/client/fs/SftpDirectoryStream.java

@@ -34,6 +34,7 @@
  */
 public class SftpDirectoryStream implements SftpClientHolder, DirectoryStream<Path> {
     protected SftpPathIterator pathIterator;
+    protected boolean pathIteratorConsumed;
 
     private final SftpPath path;
     private final Filter<? super Path> filter;
@@ -93,17 +94,19 @@ public Iterator<Path> iterator() {
         /*
          * According to documentation this method can be called only once
          */
-        if (pathIterator == null) {
+        if (pathIteratorConsumed) {
             throw new IllegalStateException("Iterator has already been consumed");
         }
 
-        Iterator<Path> iter = pathIterator;
-        pathIterator = null;
-        return iter;
+        pathIteratorConsumed = true;
+        return pathIterator;
     }
 
     @Override
     public void close() throws IOException {
+        if (pathIterator != null) {
+            pathIterator.close();
+        }
         sftp.close();
     }
 }