[peruser] Status of peruser and other questions

Andrew andyukguy at gmail.com
Thu Aug 27 07:38:26 MDT 2009


Thanks for the replies guys.

> The dc3 indeed is currently the most up-to-date branch of peruser, but
> I would suggest waiting for peruser 0.4.0 as the current dc3 (and  
> older)
> don't really have a good configuration validation - so if you are  
> new to
> peruser, it may be hard to get it running if all you see is seg  
> faults.

I currently have peruser running with dc3. No segfaults so far :) if  
you could also add the additional SSL patch I'd sure appreciate it,  
the more compatible and fully featured peruser is the better for all!

> Although the main process runs under root, it does no connection
> handling. All it does, is maintenance on the children and (re)spawns
> them if necessary. The multiplexers all sit directly on the accept
> socket(s) (pretty much like prefork has all it's children sitting on  
> the
> accept socket).

So in other words it doesn't suffer from the same issue that MPM-itk  
does? It's more akin to prefork than the itk in this respect?

> Currently peruser does not spawn all the required children at startup.
> This is to reduce memory overhead, if the server has some processors
> defined that nobody uses. So if you benchmarked peruser without  
> running
> any other requests on it before, it may take some time for the  
> server to
> spawn the first children.
>
> Running ab for 1000 requests with concurrency at 1 on my test machine
> gave 1.21s for prefork and 1.36s for peruser.

I've managed to get the performance of peruser and prefork remarkably  
close now, it was a configuration problem on the prefork server (it  
wasn't actually pulling the correct PHP file d'oh). How many failed  
requests do you see with peruser when running ab? About 900 of the  
initial 1000 connections fail on a first run then 0 on the second run  
straight after. I assume this is due to peruser not being able to  
spawn quickly enough to cope with the flood as you describe? If so  
this is fine and expected behaviour.


On 27 Aug 2009, at 14:12, Taavi Sannik wrote:

> stefan.klingner at mephisto23.com wrote:
>> if we have a list with all patches, someone who knows how to do it  
>> should
>> create a new release, which we can use as a base for further  
>> development.
>> again i will ask, if someone is interested in a fork...:)
>>
>
> Hi, guys!
>
> Just for all of you to know, Sean contacted me last week and asked  
> if I
> want to become the maintainer of this project. At that time, I did,  
> but
> due to unforeseen circumstances, I will be gone in a month and will
> return in a year - I may be able to have a peek in the mailing lists  
> in
> the mean time, but that's it. So unfortunately I cannot accept this
> position, but it seems that Stefan is a good candidate for a new
> maintainer :).
>
> This still leaves us with one problem and that is project hosting. I
> think Sean wouldn't mind if we move it to somewhere else (I personally
> would prefer Google Code, but we must upgrade peruser license to  
> Apache
> Software License 2.0 to host there). I just hope Sean comes around and
> has the time to accept this and forward the old peruser page to a new
> one. Any ideas on this one is greatly appreciated.
>
> I am currently working on a 0.4.0 release which would include the dc3
> patch, the freebsd 7.2 fixes and other bugfixes. I will also try to
> squeeze in the SSL NameVirtualhost patch and better configuration
> validation. Hopefully I will get it ready by the end of the week.
>
>
> andyukguy at gmail.com wrote:
>> Judging from these lists the current consensus is that dc3 is the  
>> best
>> current implementation/extension of the peruser code base? Is this
>> correct? Is there a different branch that offers more?
> The dc3 indeed is currently the most up-to-date branch of peruser, but
> I would suggest waiting for peruser 0.4.0 as the current dc3 (and  
> older)
> don't really have a good configuration validation - so if you are  
> new to
> peruser, it may be hard to get it running if all you see is seg  
> faults.
>
>> SSL support is now possible, but again I see it's best achieved  
>> with a
>> patch. Where can I get this patch? Is it maintained by anyone at a
>> particular site or is it best to just see what gets posted to the
>> mailing list?
> dc3 peruser should work with SSL as long as you don't set
> NameVirtualhost on the SSL listen ip/port combination. The mentioned
> patch adds support for NameVirtualhost.
>
>> - One process runs as root and passes requests to the multiplexer.
>> Does this not introduce the same problems that MPM-itk has with
>> potential full root security holes if say mod_ssl gets exploited?
> Although the main process runs under root, it does no connection
> handling. All it does, is maintenance on the children and (re)spawns
> them if necessary. The multiplexers all sit directly on the accept
> socket(s) (pretty much like prefork has all it's children sitting on  
> the
> accept socket).
>
>> - What sort of performance should I be expecting to see from peruser?
>> I was lead to believe by http://blog.stuartherbert.com/php/2008/03/20/using-mpm-peruser-to-secure-a-shared-server/
>>  that peruser gave very similar performance to mod_php + prefork.
>> However my experience is very much different, ab (simplistic as it  
>> is)
>> running 100 or 1000 requests typically sees peruser being a lot  
>> slower
>> e.g. 1000 requests in 0.8s for mod_php + prefork but 7s for  
>> peruser. I
>> tried tweaking various settings but couldn't change the results in  
>> any
>> significant way. Perhaps this is typical performance and I shouldn't
>> be worried that I'm doing something wrong?
> Currently peruser does not spawn all the required children at startup.
> This is to reduce memory overhead, if the server has some processors
> defined that nobody uses. So if you benchmarked peruser without  
> running
> any other requests on it before, it may take some time for the  
> server to
> spawn the first children.
>
> Running ab for 1000 requests with concurrency at 1 on my test machine
> gave 1.21s for prefork and 1.36s for peruser.
>
> --
> Taavi Sannik
> DataCode OY
> _______________________________________________
> Peruser mailing list
> Peruser at telana.com
> http://www.telana.com/mailman/listinfo/peruser



More information about the Peruser mailing list