![The Spectral Density of Scale-free Networks · The Spectral Density of Scale-free Networks Taro Nagao (Graduate School of Mathematics, Nagoya University) References: [1]T. Nagao and](https://static.fdocuments.us/doc/165x107/5f0a93867e708231d42c4fc7/the-spectral-density-of-scale-free-networks-the-spectral-density-of-scale-free-networks.jpg)
PHP at Density and Scale
18
PHP at Density and Scale How Pantheon sees the future of computing.
-
Upload
david-strauss -
Category
Technology
-
view
575 -
download
5
description
Transcript of PHP at Density and Scale
PHP at Density and ScaleHow Pantheon sees the future of computing.
About Me
● Four Kitchens● Drupal.org● Pressflow● Pantheon● systemd
Topics● Performance
○ Socket activation○ Automount/autofs○ cgroups○ “Customer Experience Monitor”○ Migration
● Security○ Users○ Namespaces○ Defense-in-depth○ Non-disruptive fixes
Traditional server sockets: overview
...
nginxTCP80Client
nginxTCP81If you want a service
available, the daemon has to be running.
Socket activation: overview
systemd
TCP80Client
TCP81
nginxfd=3
Only a socket in systemd has to run for service availability.
Socket activation: details
● systemd squats on all listeners○ Looks for incoming traffic with EPOLL○ Starts the services/containers on-demand○ Passes socket to daemon as fd=3
● Not a proxy (same performance)● No client awareness
Socket activation: Pantheon’s use
● nginx and PHP-FPM● MariaDB soon
○ Using an alternative now● Allows 90%+ containers to be idle● Makes bootup sensible● Reconfiguration pattern is stop, not restart
Socket Activation
Demo
Automount/autofs
● Like socket activation for file system mounts○ Kernel squats on mount path and looks for traffic○ Brings up file mount lazily
● Used for FuseDAV (Valhalla client)
Automount Demo
cgroups
● Many options○ Pantheon uses CPUShares and BlockIOWeight
● Keeps things fair under contention○ Kind of like adding purple ropes when people are
queueing
Contentionwith cgroups Demo
Customer Experience Monitor
● Runs a representative Drupal site on every container host
● Reports scores to the API and monitoring● Influences migration and container
placement
Migration
● At density, rebalancing is important● Keep state lightweight
○ No OS○ No runtime
● Mutiny: migration as replication + promotion
Isolation for security
● Users● Namespaces
Defense in depth● Application
○ Drupal● Runtime
○ nginx, PHP-FPM, FuseDAV● Container: “binding” certificate
○ Linux user, namespaces, etc.● Container host: “endpoint” certificate
○ Only trusted for the containers assigned● Platform: root certificate
Non-disruptive fixes
● Kernel upgrades via migration● Rolling daemon and library upgrades
○ Heartbleed
Heartbleed Fix Demo
