rfc:socketactivation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rfc:socketactivation [2012/10/18 23:24]
davidstrauss [Introduction]
rfc:socketactivation [2017/09/22 13:28] (current)
Line 3: Line 3:
   * Date: 2012-10-17   * Date: 2012-10-17
   * Author: David Strauss <​david@davidstrauss.net>,​ Jerry Blakley <​jerry@getpantheon.com>​   * Author: David Strauss <​david@davidstrauss.net>,​ Jerry Blakley <​jerry@getpantheon.com>​
-  * Status: ​Under Discussion+  * Status: ​Inactive
   * First Published at: http://​wiki.php.net/​rfc/​socketactivation   * First Published at: http://​wiki.php.net/​rfc/​socketactivation
   * Patches: [[rfc/​socketactivation/​build.patch|build.patch]] (needs to be made optional), [[rfc/​socketactivation/​activate.patch|activate.patch]]   * Patches: [[rfc/​socketactivation/​build.patch|build.patch]] (needs to be made optional), [[rfc/​socketactivation/​activate.patch|activate.patch]]
Line 9: Line 9:
 ===== Introduction ===== ===== Introduction =====
  
-Linux distributions with systemd support a "​socket activation"​ feature that allows systemd to listen on the socket from early in the boot process and start the service when the first client connects. Supporting this in PHP-FPM ​is beneficial to systems with many pools (so they can start on-demand), for administrators that prefer to have a PHP-FPM pool listen on a privileged port or path without having to start it initially as root, and for administrators wanting to resolve a dependency between the web server accepting requests and PHP-FPM'​s socket being able to queue or service them.+Linux distributions with systemd support a "​socket activation"​ feature that allows systemd to listen on the socket from early in the boot process and start the service when the first client connects. 
 + 
 +===== Benefits ===== 
 + 
 +Supporting this in PHP-FPM ​streamlines ​systems with many pools (so they can start on-demand), for administrators that prefer to have a PHP-FPM pool listen on a privileged port or path without having to start it initially as root, and for administrators wanting to resolve a dependency between the web server accepting requests and PHP-FPM'​s socket being able to queue or service them.
  
 launchd and legacy internet superservers support socket activation in similar ways. launchd and legacy internet superservers support socket activation in similar ways.
Line 15: Line 19:
 Socket activation creates no overhead once the daemon has started. systemd does not proxy any traffic; it just hands over the file descriptor. Once the daemon is running and using the systemd-provided socket(s), there'​s no distinction in daemon operation until shutdown, where it skips closing the socket(s). Socket activation creates no overhead once the daemon has started. systemd does not proxy any traffic; it just hands over the file descriptor. Once the daemon is running and using the systemd-provided socket(s), there'​s no distinction in daemon operation until shutdown, where it skips closing the socket(s).
  
-Socket activation allows replacing the entire binary (as with a PHP-FPM security update) without interrupting listening on the socket. PHP-FPM supports reloading to a limited degree, but it doesn'​t seem possible to fully replace the executable.+Socket activation allows replacing the entire binary (as with a PHP-FPM security update) without interrupting listening on the socket. PHP-FPM supports reloading to a limited degree, but it doesn'​t seem possible to fully replace the executable. The suggested configuration below also allows restarting and reloading individual PHP-FPM pools without any effect on others.
  
-There is also work underway to have socket activation on the base system spawn or start full containers (like LXC) on-demand. Since PHP-FPM will, itself, be in the container, something else needs to listen on its behalf.+There is work underway to have socket activation on the base system spawn or start full containers (like LXC) on-demand. Since PHP-FPM will, itself, be in the container, something else needs to listen on its behalf.
  
 Finally, it's a platform consistency issue. As more services move to socket activation in Fedora, Arch, Suse, and Red Hat Enterprise Linux (and its derivatives),​ socket units will become a sort of "​common currency"​ for configuring which services listen where. Finally, it's a platform consistency issue. As more services move to socket activation in Fedora, Arch, Suse, and Red Hat Enterprise Linux (and its derivatives),​ socket units will become a sort of "​common currency"​ for configuring which services listen where.
Line 57: Line 61:
  
 ==== /​etc/​php-fpm.d/​my-php-fpm-pool.conf ==== ==== /​etc/​php-fpm.d/​my-php-fpm-pool.conf ====
 +
 +It's possible the final implementation may move to "​listen = fd:3" or similar syntax to directly request use of an inherited socket rather than requiring a perfect socket configuration match-up between the systemd socket configuration and the PHP-FPM pool configuration. This would make PHP's inheritance more consistent with my nginx proposal.
  
 <​file>​ <​file>​
Line 84: Line 90:
 ==== Why not just use the ondemand process manager? ==== ==== Why not just use the ondemand process manager? ====
  
-The ondemand process manager still keeps considerable memory +The ondemand process manager still keeps considerable memory allocated, and PHP-FPM currently has some idle CPU load when not processing requests. It'​s ​<​1% ​of a core per service, but it adds up when you manage 500+ pools, each as a service for security/​resource isolation, ​on a box
-allocated, and PHP-FPM currently has some idle CPU load (<1% per + 
-service, but it adds up when you manage 500+ pools on a box) when not +The ondemand process manager doesn'​t solve the dependency issue mentioned earlier (a web server requiring PHP-FPM to be readyor allow privileges to be dropped before PHP-FPM gets invoked at all. The latter is useful for platform providers that let users configure PHP-FPM for their individual use cases but want to provide assigned "​listening"​ sockets. 
-processing requests.+==== What about Upstart support? ==== 
 + 
 +Upstart seems to have basic socket activation support, and integrating PHP-FPM with it would be a great follow-on projectAll socket activation basically works the same way, in the sense of a file descriptor getting handed into the daemon. This RFC would pave the way for integration into additional superserver and init daemons. 
 + 
 +==== What about APC opcode cache efficiency? ====
  
-The ondemand process manager doesn'​t solve the dependency issue +In order for pools to share an opcode cache they must be forked from the same parent process. There are ways to work around ​thatbut it requires some fancy fd passing footwork in APC and I guess in many instances you don't actually ​want to share across pools anyway(Abbreviated from Rasmus on PHP internals)
-mentioned earlier (a web server requiring PHP-FPM ​to be ready) or +
-allow privileges ​to be dropped before PHP-FPM gets invoked at all. The +
-latter is useful for platform providers ​that let users configure +
-PHP-FPM for their individual use cases but want to provide assigned +
-"​listening"​ sockets.+
 ===== Changelog ===== ===== Changelog =====
  
 +  * 2012-11-09: Explain a minor configuration change possibility to harmonize this proposal with the one for nginx.
 +  * 2012-10-18: Integrate discussion items from the PHP internals list.
   * 2012-10-18: Patches added.   * 2012-10-18: Patches added.
   * 2012-10-17: Initial version.   * 2012-10-17: Initial version.
rfc/socketactivation.1350602656.txt.gz · Last modified: 2017/09/22 13:28 (external edit)