Re: Re: Anyone interested in a patch to mod_fcgid(with pay)

[Pqf 潘庆峰]

Yes, split process control from mod_fcgid, merge proxy_fcgi(with 
load balance) and mod_fcgid(with authXX support) is a good idea,
admins can use httpd as process manager, or 3rd party process managers as they 
like.
But don't just make a patch to make mod_fcgid support TCP/IP, it's ugly...



 
  Hi, guys
 A company need a TCP/IP patch of mod_fcgid or alternative, and
  will pay for it, anyone interested? I really like to take it but I
  don't have too much time... Anyone interested please reply to me and
  I will forward the email address of them.
  
  ...
  Neti only listens on TCP/IP socket, it assumes both an authorizer
  role and a responder role in the Fast CGI request. Here's the 3
  candidate Apache modules to interface Neti:
  ...
 
  2. Mod_proxy_fcgi: this module supports TCP socket, it can connect to
  Neti, but it doesn't support authorizer role. So in the first FCGI
  request, it forwards the request to Neti as a responder instead of an
  authorizer, Neti cannot simply let it through without properly
  authorizing it first, thus the request fails;
  
  3. Mod_fcgid: this module supports authorizer role while doesn't
  support TCP connection. We cannot confirm its authorizer role since
  it doesn't even connect to Neti due to lack of TCP;
  
  So our choice is between either adding authorizer role to
  mod_proxy_fcgi or adding TCP/IP to mod_fcgid. 
  
  We’re really willing to pay to have this project done, I mean either
  adding proxy to mod_fcgid or adding authorizer to mod_proxy_fcgi. Are
  you willing to work on this with reward or do you know anyone else
  who’s interested in doing so with pay, for example, author of
  mod_proxy_fcgi? (I cannot find his name)
 
 No cycles myself at this instant, but it seems overtime to break apart
 the mod_fcgid process-control so that it can then stack on top of a
 single mod_proxy_fcgi communications pipe, dispatched through different
 fcgi-stream methods (including child process stdio), including the
 various authn/authz roles.  It would take more time to refactor it in
 this way, but would get rid of any discrepancies between proxy_fcgi
 and fcgid and serve as a good excuse to draw the remaining mod_fcgid
 development back into trunk/, now that fcgid is generally sufficient
 for 2.2 users.
 
 
 

Anyone interested in a patch to mod_fcgid(with pay)

[Pqf 潘庆峰]

Hi, guys
   A company need a TCP/IP patch of mod_fcgid or alternative, and will pay 
for it, anyone interested? I really like to take it but I don't have too much 
time...
   Anyone interested please reply to me and I will forward the email address of 
them.


Our company is hosting a website with a lot of users. Each user needs login to 
access our server. We have an in-house FCGI program responsible for 
authenticate user's credentials. The FCGI program is called “Neti”;. Right now 
Neti works fine with Zeus server, however we want to switch to Apache server.

Neti only listens on TCP/IP socket, it assumes both an authorizer role and a 
responder role in the Fast CGI request. Here's the 3 candidate Apache modules 
to interface Neti:

1. Mod_fastcgi: this module has NOT been updated since 2007. It will break 
randomly, (not only with Neti, but with some other FCGIs), so we're not 
planning to pursue it;

2. Mod_proxy_fcgi: this module supports TCP socket, it can connect to Neti, but 
it doesn't support authorizer role. So in the first FCGI request, it forwards 
the request to Neti as a responder instead of an authorizer, Neti cannot simply 
let it through without properly authorizing it first, thus the request fails;

3. Mod_fcgid: this module supports authorizer role while doesn't support TCP 
connection. We cannot confirm its authorizer role since it doesn't even connect 
to Neti due to lack of TCP;

So our choice is between either adding authorizer role to mod_proxy_fcgi or 
adding TCP/IP to mod_fcgid. 

We’re really willing to pay to have this project done, I mean either adding 
proxy to mod_fcgid or adding authorizer to mod_proxy_fcgi. Are you willing to 
work on this with reward or do you know anyone else who’s interested in doing 
so with pay, for example, author of mod_proxy_fcgi? (I cannot find his name)


Ryan

Re: Re: Re: mod_fcgid concurrency bottleneck, issue#53693

[pqf]

Hi, all
I took some times to setup a stress test for mod_fcgid, to see is there any 
other concurrency bottleneck left, it seems fine to me.

I did a stress test with callgrind on mod_fcgid, this is the big picture: 
http://people.apache.org/~pqf/mod_fcgid_performance/performance.png and this is 
the output of callgrind: 
http://people.apache.org/~pqf/mod_fcgid_performance/callgrind.out
As we can see, most cpu time are used in ap_create_environment() + 
init_environment(). ap_create_environment() copy environment vars to a char[][] 
buffer, and init_environment() copy char[][] to a char[] buffer for FCGI 
protocol. I have to keep using ap_create_environment() to be compatible with 
other cgi modules(cgid, cgi...), I will not shortcut these two calls for less 
cpu utils.

And I make a strace trace to the system calls, to make sure there is no obvious 
IO throughput bottleneck, and no luck either

4622  13:17:16.737888 ... futex resumed ) = 0
4622  13:17:16.737920 futex(0x95ce65c, FUTEX_WAKE, 1 unfinished ...
4622  13:17:16.738038 ... futex resumed ) = 0
4622  13:17:16.740735 gettimeofday({1346217436, 740787}, NULL) = 0
4622  13:17:16.740835 getsockname(12, {sa_family=AF_INET6, 
sin6_port=htons(8080), inet_pton(AF_INET6, :::127.0.0.1, si
n6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
4622  13:17:16.741008 fcntl64(12, F_GETFL) = 0x2 (flags O_RDWR)
4622  13:17:16.741056 fcntl64(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0
4622  13:17:16.741824 gettimeofday({1346217436, 741849}, NULL) = 0
4622  13:17:16.741890 gettimeofday({1346217436, 741911}, NULL) = 0
4622  13:17:16.741969 read(12, GET /fcgi-bin/foo.pl HTTP/1.0\r\nH..., 8000) = 
97
4622  13:17:16.742049 gettimeofday({1346217436, 742070}, NULL) = 0
4622  13:17:16.742108 gettimeofday({1346217436, 742129}, NULL) = 0
4622  13:17:16.742165 gettimeofday({1346217436, 742185}, NULL) = 0
4622  13:17:16.74 gettimeofday({1346217436, 742242}, NULL) = 0
4622  13:17:16.742278 gettimeofday({1346217436, 742299}, NULL) = 0
4622  13:17:16.742345 gettimeofday({1346217436, 742367}, NULL) = 0
4622  13:17:16.742404 gettimeofday({1346217436, 742424}, NULL) = 0
4622  13:17:16.742467 stat64(/usr/local/apache2/htdocs/fcgi-bin/foo.pl, 
{st_mode=S_IFREG|0755, st_size=229, ...}) = 0
4622  13:17:16.742697 semop(4292662, 0x17234c, 1) = 0
4622  13:17:16.742750 semop(4292662, 0x172358, 1) = 0
4622  13:17:16.742804 socket(PF_FILE, SOCK_STREAM, 0) = 13
4622  13:17:16.742864 connect(13, {sa_family=AF_FILE, 
path=/usr/local/apache2/logs/fcgidsock/4617.11}, 110) = 0
4622  13:17:16.743028 fcntl64(13, F_GETFL) = 0x2 (flags O_RDWR)
4622  13:17:16.743074 fcntl64(13, F_SETFL, O_RDWR|O_NONBLOCK) = 0
4622  13:17:16.743118 gettimeofday({1346217436, 743138}, NULL) = 0
4622  13:17:16.743174 writev(13, [{\1\1\0\1\0\10\0\0, 8}, 
{\0\1\0\0\0\0\0\0, 8}, {\1\4\0\1\3U\0\0, 8}, {\t\30UNIQUE_ID
UD2l3MCoqlsAABILpXoAA..., 853}, {\1\4\0\1\0\0\0\0, 8}, {\1\5\0\1\0\0\0\0, 
8}], 6) = 893
4622  13:17:16.743337 read(13, 0xa6f4c5b8, 8192) = -1 EAGAIN (Resource 
temporarily unavailable)
4622  13:17:16.743386 poll([{fd=13, events=POLLIN, revents=POLLIN}], 1, 4) 
= 1
4622  13:17:16.743789 read(13, \1\6\0\1\3\266\2\0Content-Type: text/plain..., 
8192) = 984
4622  13:17:16.743879 gettimeofday( unfinished ...
4622  13:17:16.743968 ... gettimeofday resumed {1346217436, 743943}, NULL) = 0
4622  13:17:16.744037 close(13) = 0
4622  13:17:16.744101 semop(4292662, 0x17234c, 1) = 0
4622  13:17:16.744149 semop(4292662, 0x172358, 1) = 0
4622  13:17:16.744209 gettimeofday({1346217436, 744231}, NULL) = 0
4622  13:17:16.744266 gettimeofday({1346217436, 744287}, NULL) = 0
4622  13:17:16.744343 writev(12, [{HTTP/1.1 200 OK\r\nDate: Wed, 29 A..., 
154}, {CONTEXT_DOCUMENT_ROOT=\/usr/loca..., 92
4}], 2 unfinished ...
4622  13:17:16.745033 ... writev resumed ) = 1078
4622  13:17:16.745076 gettimeofday({1346217436, 745098}, NULL) = 0
4622  13:17:16.745148 times({tms_utime=1416, tms_stime=1464, tms_cutime=0, 
tms_cstime=0}) = 499844951
4622  13:17:16.745255 gettimeofday( unfinished ...
4622  13:17:16.745800 ... gettimeofday resumed {1346217436, 745791}, NULL) = 0
4622  13:17:16.746013 shutdown(12, 1 /* send */ unfinished ...
4622  13:17:16.746554 ... shutdown resumed ) = 0
4622  13:17:16.746625 gettimeofday( unfinished ...
4622  13:17:16.746684 ... gettimeofday resumed {1346217436, 746658}, NULL) = 0
4622  13:17:16.746765 epoll_ctl(11, EPOLL_CTL_ADD, 12, {EPOLLIN, 
{u32=158210764, u64=158210764}} unfinished ...
4622  13:17:16.746833 ... epoll_ctl resumed ) = 0
4622  13:17:16.747587 gettimeofday( unfinished ...
4622  13:17:16.747904 ... gettimeofday resumed {1346217436, 747649}, NULL) = 0
4622  13:17:16.748672 futex(0x95ce690, FUTEX_WAIT, 176390, NULL unfinished ...



2012-09-05



pqf



发件人：pqf
发送时间：2012-08-28 09:34
主题：回复: Re: Re: Re: mod_fcgid concurrency bottleneck, issue#53693
收件人：devdev@httpd.apache.org
抄送：

So what can mod_fcgid do in this overloaded?
1. mod_fcgid get a request
2. mod_fcgid can't apply a free slot

Re: Pull request: server/util_md5.c:58 - replace magic number with constant arithmetic

[pqf]

Some C compilers don't support this: result[2*APR_MD5_DIGESTSIZE+1] ?



Hello, dev@. 

I request a little change to HTTPD code. 

On line 58 of server/util_md5.c, please replace 

char  *r,  result[33];  /* (MD5_DIGESTSIZE * 2) + 1 */ 

with 

char  *r,  result[2*APR_MD5_DIGESTSIZE+1]; 

There's only constant arithmetic here, so I don't see a reason to  
pre-calculate the size here, and other code files use  
2*APR_MD5_DIGESTSIZE+1 often. 

Thanks, 
SiPlus 

回复: Re: Re: Re: mod_fcgid concurrency bottleneck, issue#53693

[pqf]

So what can mod_fcgid do in this overloaded?
1. mod_fcgid get a request
2. mod_fcgid can't apply a free slot of FCGI handler
3. mod_fcgid send a spawn request to PM
4. PM deny the request(for too much process already)
5. Now
   for( i=1; i64; i++)
  {
 a) mod_fcgid delay a while, and then send another spawn request to PM and 
try apply free slot again.
 b) mod_fcgid send another spawn request at once, even the last request is 
denied.
 c) ??
(now is a, b maybe not a good idea, any new idea?)
  }

I think the bottleneck is too much request, too less FCGI handler. httpd(or 
mod_fcgid) either drop client connections or delay a while, there is no other 
way out?


Another question. Is it necessary to call procmgr_init_spawn_cmd() from inside 
the for loop ? 
I took a brief look, it seems not necessary. I will move it out of loop and 
test.

2012-08-28



pqf



发件人：Lazy
发送时间：2012-08-27 21:47
主题：Re: Re: Re: mod_fcgid concurrency bottleneck, issue#53693
收件人：devdev@httpd.apache.org
抄送：

2012/8/16 pqf p...@mailtech.cn: 
 How about this: 
 1. procmgr_post_spawn_cmd() now return a status code from PM, so process 
 handler now know the spawn request is denyed or not. 
 2. if a new process is created, no sleep is needed. 
 3. if no process is created, sleep a while 

sorry for the late reply, 

in the old code there ware no sleep() between procmgr_post_spawn_cmd() 
and apply_free_procnode() 

sleep() was invoked only if there ware no free procnode. 

This happened only if we ware denied spawning new process or in some 
cases if some other thread managed to use that procnode before us. 

Your change adresses cases if some other thread stole our newly 
spawned fcgi process, old code was waiting 1s before trying to spawn 
another/recheck, new code doesn't, I guess this is the orginal issue 
in stress tests when total number of simultaneous connections doesn't 
exceed max fcgi processes. But when spawning is denied recovery time 
is still long 1s. 


I was refering to cases when spawn is denied. 

If a vhost is overloaded or someone added sleep(60) in the code, 
mod_fcgid blocks on all request to that vhost 
for over a minute and it is possible to occupy 1000 threads using 
under 20 new connections to slow vhost 
per second. This can be mitingated by adding avaiability which will 
impact time spend on waiting for free process. Overloaded vhost will 
start to drop connections faster preventing the web-server reaching 
MaxClients 
limit. 

Another question. Is it necessary to call procmgr_init_spawn_cmd() 
from inside the for loop ? 


 
 2012-08-16 
  
 pqf 
  
 发件人：Lazy 
 发送时间：2012-08-16 16:47 
 主题：Re: Re: mod_fcgid concurrency bottleneck, issue#53693 
 收件人：devdev@httpd.apache.org 
 抄送： 
 
 2012/8/16 pqf p...@mailtech.cn: 
 Hi, Michal 
 My solution do add availability to each class, which is the 
 procmgr_post_spawn_cmd() call in each loop do. 
 The sleep() call is intrudused for a stress test without warm up time, in 
 this case, mod_fcgid will create more processes than a slow start one(each 
 process handler can't apply a free slot on the very begining, so send a 
 request to process manager to create one, it's easy to reach the max # of 
 process limit while httpd startup, but the idle process will be killed 
 later), the sleep() call is a little like a server side warm up delay. 
 But since someone said remove this sleep(), the server work fine without 
 bottleneck(Maybe he didn't notise the warm up issue?), so I thought remove 
 the sleep() is a good idea. But reduce the time of sleep() is fine to me 
 too. 
 
 I was referring to the case where all processes are busy, without 
 sleep(), handle_request() wil quickly send spawn requsts, whith will 
 be denyed by process menager, with sleep() handle_request() will 
 always wait quite a long time, 
 occupying slots 
 
 -- 
 Michal Grzedzicki 
 
 

Re: Re: mod_fcgid concurrency bottleneck, issue#53693

[pqf]

procmgr_post_spawn_cmd(maybe it should be renamed to procmgr_send_spawn_cmd) 
will keep blocking while PM is creating a new process, after 
procmgr_post_spawn_cmd() return, there should be a process ready there waiting 
for accept.

2012-08-16



pqf



发件人：William A. Rowe Jr.
发送时间：2012-08-16 15:23
主题：Re: mod_fcgid concurrency bottleneck, issue#53693
收件人：devdev@httpd.apache.org
抄送：pqfp...@mailtech.cn

On 8/15/2012 8:23 PM, pqf wrote: 
 But since someone said remove this sleep(), the server work fine without 
 bottleneck(Maybe 
 he didn't notise the warm up issue?), so I thought remove the sleep() is a 
 good idea. But 
 reduce the time of sleep() is fine to me too. 
 Any other idea? 

Can we introduce a blocking call on 'pipe ready' based on the child spawn 
being ready to accept data?  The equivalent of a ping-test? 

回复: Re: Re: mod_fcgid concurrency bottleneck, issue#53693

[pqf]

How about this:
1. procmgr_post_spawn_cmd() now return a status code from PM, so process 
handler now know the spawn request is denyed or not.
2. if a new process is created, no sleep is needed.
3. if no process is created, sleep a while

2012-08-16



pqf



发件人：Lazy
发送时间：2012-08-16 16:47
主题：Re: Re: mod_fcgid concurrency bottleneck, issue#53693
收件人：devdev@httpd.apache.org
抄送：

2012/8/16 pqf p...@mailtech.cn: 
 Hi, Michal 
 My solution do add availability to each class, which is the 
 procmgr_post_spawn_cmd() call in each loop do. 
 The sleep() call is intrudused for a stress test without warm up time, in 
 this case, mod_fcgid will create more processes than a slow start one(each 
 process handler can't apply a free slot on the very begining, so send a 
 request to process manager to create one, it's easy to reach the max # of 
 process limit while httpd startup, but the idle process will be killed 
 later), the sleep() call is a little like a server side warm up delay. 
 But since someone said remove this sleep(), the server work fine without 
 bottleneck(Maybe he didn't notise the warm up issue?), so I thought remove 
 the sleep() is a good idea. But reduce the time of sleep() is fine to me 
 too. 

I was referring to the case where all processes are busy, without 
sleep(), handle_request() wil quickly send spawn requsts, whith will 
be denyed by process menager, with sleep() handle_request() will 
always wait quite a long time, 
occupying slots 

--  
Michal Grzedzicki 

Re: mod_fcgid concurrency bottleneck, issue#53693

[pqf]

Hi, all
I prefer the following solution, can anyone review it? 
procmgr_post_spawn_cmd() will be blocked until process manager create a new 
fcgid process, the worst case is someone else take the new created process 
before I do, and I have to post another spawn command to PM again. The extreme 
case is loop FCGID_APPLY_TRY_COUNT but get no process slot.


Index: fcgid_bridge.c
===
--- fcgid_bridge.c  (revision 1373226)
+++ fcgid_bridge.c  (working copy)
@@ -30,7 +30,7 @@
 #include fcgid_spawn_ctl.h
 #include fcgid_protocol.h
 #include fcgid_bucket.h
-#define FCGID_APPLY_TRY_COUNT 2
+#define FCGID_APPLY_TRY_COUNT 4
 #define FCGID_REQUEST_COUNT 32
 #define FCGID_BRIGADE_CLEAN_STEP 32
 
@@ -447,19 +447,13 @@
 if (bucket_ctx-procnode)
 break;
 
-/* Avoid sleeping the very first time through if there are no
-   busy processes; the problem is just that we haven't spawned
-   anything yet, so waiting is pointless */
-if (i  0 || j  0 || count_busy_processes(r, fcgi_request)) {
-apr_sleep(apr_time_from_sec(1));
-
-bucket_ctx-procnode = apply_free_procnode(r, fcgi_request);
-if (bucket_ctx-procnode)
-break;
-}
-
 /* Send a spawn request if I can't get a process slot */
 procmgr_post_spawn_cmd(fcgi_request, r);
+
+/* Try again */
+bucket_ctx-procnode = apply_free_procnode(r, fcgi_request);
+if (bucket_ctx-procnode)
+break;
 }
 
 /* Connect to the fastcgi server */
2012-08-15



pqf



发件人：Mike M
发送时间：2012-08-15 04:29
主题：mod_fcgid concurrency bottleneck, issue#53693
收件人：devdev@httpd.apache.org
抄送：

Ahoy! 

With mod_fcgid I've observed a performance bottleneck in which concurrent 
requests to a virtualhost where the number of concurrent requests exceed 
the number of available fcgid-spawned processes result in a significant 
delay in responding to requests. 

Details of this situation, how to reproduce, various scenarios tried, etc 
are detailed in the issue submission [1]. 

In file  modules/fcgid/fcgid_bridge.c, there is this section of code: 

if (i  0 || j  0 || count_busy_processes(r, fcgi_request)) { 
apr_sleep(apr_time_from_sec(1)); 

If I change the sleep time from 1 second to 0 seconds (or, comment out 
this section of code entirely), the bottleneck goes away.  It seems like 
the more appropriate action here would be to turn the sleep time into a 
configurable value, with the current 1s value as the default. 

I presume this code is meant to be a way to help defer spawn requests so 
that a server is not over-whelmed with spin-up related I/O. 

My questions are: 
- Is this intended to be a throttling mechanism and if so, is there a more 
efficient way to handle this throttling? 
- If I outright reduce that sleep delay to 0 (or comment out this code), 
what potential or expected problems am I introducing to mod_fcgid? 


[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=53693 


--- 
Mike M 

You can't learn in school what the world is going to do next year. 

Re: Re: mod_fcgid concurrency bottleneck, issue#53693

[pqf]

Hi, Michal
My solution do add availability to each class, which is the 
procmgr_post_spawn_cmd() call in each loop do.
The sleep() call is intrudused for a stress test without warm up time, in this 
case, mod_fcgid will create more processes than a slow start one(each process 
handler can't apply a free slot on the very begining, so send a request to 
process manager to create one, it's easy to reach the max # of process limit 
while httpd startup, but the idle process will be killed later), the sleep() 
call is a little like a server side warm up delay.
But since someone said remove this sleep(), the server work fine without 
bottleneck(Maybe he didn't notise the warm up issue?), so I thought remove the 
sleep() is a good idea. But reduce the time of sleep() is fine to me too.
Any other idea?

Regards,

Ryan Pan

2012-08-16



pqf



发件人：Lazy
发送时间：2012-08-15 21:48
主题：Re: mod_fcgid concurrency bottleneck, issue#53693
收件人：devdev@httpd.apache.org
抄送：

2012/8/15 pqf p...@mailtech.cn: 
 Hi, all 
 I prefer the following solution, can anyone review it? 
 procmgr_post_spawn_cmd() will be blocked until process manager create a new 
 fcgid process, the worst case is someone else take the new created process 
 before I do, and I have to post another spawn command to PM again. The 
 extreme case is loop FCGID_APPLY_TRY_COUNT but get no process slot. 
 
 
 Index: fcgid_bridge.c 
 === 
 --- fcgid_bridge.c  (revision 1373226) 
 +++ fcgid_bridge.c  (working copy) 
 @@ -30,7 +30,7 @@ 
  #include fcgid_spawn_ctl.h 
  #include fcgid_protocol.h 
  #include fcgid_bucket.h 
 -#define FCGID_APPLY_TRY_COUNT 2 
 +#define FCGID_APPLY_TRY_COUNT 4 
  #define FCGID_REQUEST_COUNT 32 
  #define FCGID_BRIGADE_CLEAN_STEP 32 
 
 @@ -447,19 +447,13 @@ 
  if (bucket_ctx-procnode) 
  break; 
 
 -/* Avoid sleeping the very first time through if there are no 
 -   busy processes; the problem is just that we haven't spawned 
 -   anything yet, so waiting is pointless */ 
 -if (i  0 || j  0 || count_busy_processes(r, fcgi_request)) { 
 -apr_sleep(apr_time_from_sec(1)); 
 - 
 -bucket_ctx-procnode = apply_free_procnode(r, 
 fcgi_request); 
 -if (bucket_ctx-procnode) 
 -break; 
 -} 
 - 
  /* Send a spawn request if I can't get a process slot */ 
  procmgr_post_spawn_cmd(fcgi_request, r); 
 + 
 +/* Try again */ 
 +bucket_ctx-procnode = apply_free_procnode(r, fcgi_request); 
 +if (bucket_ctx-procnode) 
 +break; 
  } 
 
  /* Connect to the fastcgi server */ 


if You get rid of sleep apache will not wait for free process if all 
of them are busy, this will lead to 503 errors 

currently mod_fcgid waits FCGID_APPLY_TRY_COUNT * FCGID_REQUEST_COUNT 
* 1 second and this is usually 64 seconds, this means if You have an 
overloaded vhost with low FcgidMaxProcessesPerClass it can bring whole 
server down, each thread waits 64 seconds so it doesn't take long 
before all threads are occupied. 

In my setup we lowerd the wait time and FCGID_REQUEST_COUNT to lower 
the impact of overloaded class but I think 
the best solution will be to add availability to each class. Total 
wait time will be related to it (by changing sleep time, and 
FCGID_APPLY_TRY_COUNT). If request is unsuccessful availability will 
be halved so next time the wait time will be shorter. This way 
congested class will get 0% availability, and new connections will 
instantly get 503 it there are no free slots. A successful wait will 
increase availability. 


Regards, 

Michal Grzedzicki 

回复: mod_fcgid concurrency bottleneck, issue#53693

[pqf]

Hi， Mike
It's really a problem...I will take a look and find a solution for it


2012-08-15



pqf



发件人：Mike M
发送时间：2012-08-15 04:29
主题：mod_fcgid concurrency bottleneck, issue#53693
收件人：devdev@httpd.apache.org
抄送：

Ahoy! 

With mod_fcgid I've observed a performance bottleneck in which concurrent 
requests to a virtualhost where the number of concurrent requests exceed 
the number of available fcgid-spawned processes result in a significant 
delay in responding to requests. 

Details of this situation, how to reproduce, various scenarios tried, etc 
are detailed in the issue submission [1]. 

In file  modules/fcgid/fcgid_bridge.c, there is this section of code: 

if (i  0 || j  0 || count_busy_processes(r, fcgi_request)) { 
apr_sleep(apr_time_from_sec(1)); 

If I change the sleep time from 1 second to 0 seconds (or, comment out 
this section of code entirely), the bottleneck goes away.  It seems like 
the more appropriate action here would be to turn the sleep time into a 
configurable value, with the current 1s value as the default. 

I presume this code is meant to be a way to help defer spawn requests so 
that a server is not over-whelmed with spin-up related I/O. 

My questions are: 
- Is this intended to be a throttling mechanism and if so, is there a more 
efficient way to handle this throttling? 
- If I outright reduce that sleep delay to 0 (or comment out this code), 
what potential or expected problems am I introducing to mod_fcgid? 


[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=53693 


--- 
Mike M 

You can't learn in school what the world is going to do next year. 

Re: Re: mod_fcgid can kill all the services on the server via kill -15 -1

[pqf]

Hi, guys
Here is the new patch, anyone review it? I will commmit it if no one respond :)

Index: fcgid_proc_unix.c
===
--- fcgid_proc_unix.c   (revision 1099314)
+++ fcgid_proc_unix.c   (working copy)
@@ -402,6 +402,7 @@
 procnode-proc_id = tmpproc;
 
 if (rv != APR_SUCCESS) {
+memset(procnode-proc_id, 0, sizeof(procnode-proc_id));
 ap_log_error(APLOG_MARK, APLOG_ERR, rv, procinfo-main_server,
  mod_fcgid: can't run %s, wargv[0]);
 }
@@ -414,6 +415,11 @@
 /* su as root before sending signal, for suEXEC */
 apr_status_t rv;
 
+if (procnode-proc_id.pid == 0) {
+/* procnode-proc_id.pid be 0 while fcgid_create_privileged_process() 
fail */
+return APR_SUCCESS; 
+}
+
 if (ap_unixd_config.suexec_enabled  seteuid(0) != 0) {
 
 /* can't gain privileges to send signal (should not occur); do NOT
@@ -461,6 +467,7 @@
 /* Destroy pool */
 apr_pool_destroy(procnode-proc_pool);
 procnode-proc_pool = NULL;
+memset(procnode-proc_id, 0, sizeof(procnode-proc_id));
 
 return APR_CHILD_DONE;
 }



2011-05-04



Ryan 


发件人: pqfp...@mailtech.cn
发送时间: 2011-04-18 09:58
主 题: Re: mod_fcgid can kill all the services on the server via kill -15 -1
收件人: devdev@httpd.apache.org



Hi, all
Another question, does proc_wait_process() should update procnode-proc_id to 0 
too? or else mod_fcgid may send a signal to another irrelevant process while 
apache is shutting down? I don't follow up mod_fcgid for a while, I just took a 
glance, maybe it's updated somewhere else?
By the way, procnode-proc_id is set to 0 while apache startup, so why not 
update procnode-proc_id to 0 while fcgid_create_privileged_process() is fail? 
And then check magic number 0 rather than both -1 and 0,  in both 
proc_kill_gracefully() and proc_kill_force().

Cheers.
Ryan


 
Hello,


There is a very interesting, and quite a rare bug in mod_fcgid. It is easy to 
reproduce if you can cause fork to fail (which can be done with CloudLinux -- 
if anyone wants to replicate it).


Here is how it works: 
mod_fcgid tries to spawn a new process (proc_spawn_process in 
fcgid_proc_unix.c), but fork returns -1. 
More exactly fcgid_create_privileged_process function call returns error, and 
fills in tmpproc.pid with -1  tmpproc is assiged to procnode-proc_id).


Now, if at the same time service httpd restart is executed, function 
kill_all_subprocess in fcgid_pm_main.c will execute, and it will try to go 
through all procnodes, sending SIGTERM via proc_kill_gracefully, (and then 
SIGKILL via proc_kill_force) to procnode-proc_id.pid
Yet, one procnode will be pointing to procnode-proc_id.pid, causing kill -15 
-1 (kill all).
The end results all services on the server failing, including SSH, apache, 
syslogd, etc..


I guess the problem is really rare for most people. Also it is quite hard to 
diagnose, as it is completely not clear where the signal came from, and it took 
us some time to correlate them with apache restarts.. Yet due to our OS being 
used by shared hosts (where httpd restart is common thing), and our ability to 
limit memory available to processes on per virtual host bases (which causes 
fork to fail once that virtual host reaches memory limit), we see the issue 
quite often.


The solution is quite simple (not sure if it is the best / right solution), in 
file: fcgid_proc_unix.c, in methods proc_kill_gracefully, line:


rv = apr_proc_kill((procnode-proc_id), SIGTERM);


should be changed to:
   if (procnode-proc_id.pid != -1) {
  rv = apr_proc_kill((procnode-proc_id), SIGTERM);
   } else {
  rv = APR_SUCCESS;
   }


Similarly in proc_kill_force
rv = apr_proc_kill((procnode-proc_id), SIGKILL);
should be changed to:
   if (procnode-proc_id.pid != -1) {
  rv = apr_proc_kill((procnode-proc_id), SIGKILL);
   } else {
  rv = APR_SUCCESS;
   }


Regards,
Igor Seletskiy
CEO @ Cloud Linux Inc

Re: mod_fcgid can kill all the services on the server via kill -15 -1

[pqf]

Hi, all
Another question, does proc_wait_process() should update procnode-proc_id to 0 
too? or else mod_fcgid may send a signal to another irrelevant process while 
apache is shutting down? I don't follow up mod_fcgid for a while, I just took a 
glance, maybe it's updated somewhere else?
By the way, procnode-proc_id is set to 0 while apache startup, so why not 
update procnode-proc_id to 0 while fcgid_create_privileged_process() is fail? 
And then check magic number 0 rather than both -1 and 0,  in both 
proc_kill_gracefully() and proc_kill_force().

Cheers.
Ryan


 
Hello,


There is a very interesting, and quite a rare bug in mod_fcgid. It is easy to 
reproduce if you can cause fork to fail (which can be done with CloudLinux -- 
if anyone wants to replicate it).


Here is how it works: 
mod_fcgid tries to spawn a new process (proc_spawn_process in 
fcgid_proc_unix.c), but fork returns -1. 
More exactly fcgid_create_privileged_process function call returns error, and 
fills in tmpproc.pid with -1  tmpproc is assiged to procnode-proc_id).


Now, if at the same time service httpd restart is executed, function 
kill_all_subprocess in fcgid_pm_main.c will execute, and it will try to go 
through all procnodes, sending SIGTERM via proc_kill_gracefully, (and then 
SIGKILL via proc_kill_force) to procnode-proc_id.pid
Yet, one procnode will be pointing to procnode-proc_id.pid, causing kill -15 
-1 (kill all).
The end results all services on the server failing, including SSH, apache, 
syslogd, etc..


I guess the problem is really rare for most people. Also it is quite hard to 
diagnose, as it is completely not clear where the signal came from, and it took 
us some time to correlate them with apache restarts.. Yet due to our OS being 
used by shared hosts (where httpd restart is common thing), and our ability to 
limit memory available to processes on per virtual host bases (which causes 
fork to fail once that virtual host reaches memory limit), we see the issue 
quite often.


The solution is quite simple (not sure if it is the best / right solution), in 
file: fcgid_proc_unix.c, in methods proc_kill_gracefully, line:


rv = apr_proc_kill((procnode-proc_id), SIGTERM);


should be changed to:
   if (procnode-proc_id.pid != -1) {
  rv = apr_proc_kill((procnode-proc_id), SIGTERM);
   } else {
  rv = APR_SUCCESS;
   }


Similarly in proc_kill_force
rv = apr_proc_kill((procnode-proc_id), SIGKILL);
should be changed to:
   if (procnode-proc_id.pid != -1) {
  rv = apr_proc_kill((procnode-proc_id), SIGKILL);
   } else {
  rv = APR_SUCCESS;
   }


Regards,
Igor Seletskiy
CEO @ Cloud Linux Inc

Re: [mod_fcgid PATCH] catch errors from setuid()/seteuid()

[pqf]

Hi, Jeff
Your concerns are right, +1 for your patch :)

Thanks

--
From: Jeff Trawick traw...@gmail.com
Sent: Thursday, January 21, 2010 9:23 PM
To: dev@httpd.apache.org
Subject: Re: [mod_fcgid PATCH] catch errors from setuid()/seteuid()

 On Wed, Jan 20, 2010 at 8:19 PM, pqf p...@mailtech.cn wrote:
 I man seteuid in my Linux box, there are two types of errors:
 ERRORS
   The seteuid() function shall fail if:

   EINVAL The value of the uid argument is invalid and is not supported 
 by the implementation.

   EPERM  The  process  does not have appropriate privileges and uid does 
 not match the real group ID or the saved set-group-
  ID.

 If directly pass 0 in setuid(), EINVAL may not happend
 If this process is seteuid from root, EPERM may not happend

 so, I think the check is just a textbook logic check?
 
 yes, until somebody changes code or some other bug results in this
 being called in a different environment
 
 just call _exit(1) if it fail?
 
 two concerns with that minimal change:
 
 1. seteuid() works once then fails n times now (at least on Solaris),
 so some extra logic is needed
 2. even if these calls never fail, the presence of the exit() without
 a log message may cause somebody to lose a lot of time investigating a
 mysterious disappearance of the new process
 
 --/--
 
 I'll punt on this until after 2.3.5 since I'd like to spend the time
 to watch it work on another platform or two.  (suexec is not something
 I use more than once every ~3 years, so it is worth setting up in
 multiple environments.)
 

Re: [mod_fcgid PATCH] catch errors from setuid()/seteuid()

[pqf]

I man seteuid in my Linux box, there are two types of errors:
ERRORS
   The seteuid() function shall fail if:

   EINVAL The value of the uid argument is invalid and is not supported by 
the implementation.

   EPERM  The  process  does not have appropriate privileges and uid does 
not match the real group ID or the saved set-group-
  ID.

If directly pass 0 in setuid(), EINVAL may not happend
If this process is seteuid from root, EPERM may not happend

so, I think the check is just a textbook logic check? just call _exit(1) if it 
fail? 


--
From: Jeff Trawick traw...@gmail.com
Sent: Thursday, January 21, 2010 5:38 AM
To: dev@httpd.apache.org
Subject: [mod_fcgid PATCH] catch errors from setuid()/seteuid()

 During the last hackathon, Paul was kind enough to run the clang/llvm
 static analysis on mod_fcgid
 (http://zeus.kimaker.com/~chip/fcgid-scan/).  That pointed out these
 setuid()/seteuid() calls that aren't checked prior to running a child.
 
 The error checking itself is simple enough, but there's an ugly aspect
 of the implementation that results in trying to switch effective/real
 uids multiple times that I worked around.  (See the FIXME text in the
 patch.  I'm not aware of a simple solution, especially one simple
 enough to get into 2.3.5)  The seteuid() call would otherwise fail on
 subsequent invocations for the same child.
 
 IIRC Joe thought that the seteuid() wasn't needed at all, but the
 setuid() fails without it on Solaris.
 
 Concerns?
 
 Is there some reason that testing on Linux and Solaris wouldn't be sufficient?
 

Re: svn commit: r888840 - in /httpd/mod_fcgid/trunk/modules/fcgid: fcgid_bridge.c fcgid_pm_main.c

[pqf]

Hi,
I google a bit, it seems not much user encountered a busy timeout issue, 
and the old protocol should work in most cases, so I think it's no need to note 
in CHANGES?
Next time I will separate commit logic changes and style changes :)

Thanks

--
From: Jeff Trawick traw...@gmail.com
Sent: Tuesday, December 15, 2009 10:49 PM
To: dev@httpd.apache.org
Subject: Re: svn commit: r40 - in /httpd/mod_fcgid/trunk/modules/fcgid: 
fcgid_bridge.c fcgid_pm_main.c

 On Wed, Dec 9, 2009 at 10:36 AM,  p...@apache.org wrote:
 Author: pqf
 Date: Wed Dec  9 15:36:46 2009
 New Revision: 40

 URL: http://svn.apache.org/viewvc?rev=40view=rev
 Log:
 Bug fix,  Bug 47873 -  unreliable coordination between daemon and request 
 thread for BusyTimeout processing
 
 cool
 
 If you think users may have encountered a problem symptom from the
 original protocol, we can note it in CHANGES.  I'm really not sure.
 Perhaps it would require the user to change some scan interval to a
 very large value.  (When configured, scan intervals are typically set
 to a smaller value.)
 
 BTW, it is quite a challenge to review logic changes which contain
 unrelated style changes, so we don't do that.  Use a separate commit
 with only style changes.
 

Re: [mod_fcgid] Feedback / Suggestions

[pqf]

--
From: Jeff Trawick traw...@gmail.com
Sent: Tuesday, November 24, 2009 11:24 PM
To: dev@httpd.apache.org
Subject: Re: [mod_fcgid] Feedback / Suggestions

 On Tue, Nov 24, 2009 at 10:05 AM, Edgar Frank ef-li...@email.de wrote:
 Hi dev,

 I'd like to suggest to following changes / offer feedback for mod_fcgid:
 
 my 2cents below
 

 (1)
 mod_fcgid should be capable of specifying an external FCGI server.
 (2)
 In conjunction with (1), mod_fcgid should be able to select the backend
 server based on request data.
 
 I'd much rather see effort put into mod_proxy_fcgi to support this use
 case.  I wish somebody, perhaps myself, had time to work on it.  It
 doesn't seem that hard a task.
 
 In the interim, is mod_fastcgi really that bad?
 

 (3)
 mod_fcgid currently buffers the complete input from the client
 (occasionaly in a temp-file if the request is large) before it passes it
 through to a FCGI backend. Could this be made configurable in a way like
 File|Memory|Pipeline? (file - as is | memory - buffer in memory always
 | pipeline - directly pass the read data to the backend)
 
 This will definitely be resolved ;)
 
Pipeline is a little complex. FastCGI process would write during reading. so
mod_fcgid should check both read and write on the socket, and read/write while 
the socket is readable/writeable.
But is do-able :) Any one interesting?


 Or otherwise, can someone explain the details to me why it is as it is?
 Especially in terms of not pipeling data directly (maybe after a little
 buffering to build proper FCGI packets)? The comment in
 fcgid_bridge.c:452 (add_request_body) left me clueless. Why would this
 keep the server in processing too long? Processing takes its time either
 way, I'd assume. Looking forward to enlightment. :)
 
 I can only guess that the problem at hand when this was implemented
 was that some backend application processes were so expensive that
 that they couldn't be tied up until all data had been read from slow
 clients.
 
Yes, Jeff is right :) 

 (4)
 Would it make sense to use the FCGI feature to multiplex several
 requests over a single connection? Does any backend support this
 feature anyway?
 
 no idea here
 
In this case, one httpd thread(process) will have to bind to one FastCGI 
process.
I don't think connect() to a local pipe/unix domain socket is the bottle-neck, 
so let it be?

 When thinking of an external FCGI backend with a socket connection and
 very high Requests/s, this could keep open connections and
 used/available ports much lower.

connect() may be  bottle-neck if using external FCGI backend. But now mod_fcgid 
don't support
external FCGI backend yet. 

Re: svn commit: r835406 - in /httpd/mod_fcgid/trunk/modules/fcgid: fcgid_pm_main.c fcgid_proc_unix.c fcgid_proc_win.c fcgid_proctbl.h mod_fcgid.c

[pqf]

Hi, Jeff
   Thank you for the code style reference, I will follow this style next time :)
   Actually there are many space for extra info(like vhost), and we can just 
put this in the share memeory and output it through /server_status, but another 
issue is system security, I think we should not provide too much internal info 
to client(file full path, user id etc). So I now just output the info that 
nobody can get through ps -ef. But if it's no harm, please feel free to add 
more info to the share memory.

Thanks

--
From: Jeff Trawick traw...@gmail.com
Sent: Friday, November 13, 2009 5:08 AM
To: dev@httpd.apache.org
Subject: Re: svn commit: r835406 - in /httpd/mod_fcgid/trunk/modules/fcgid: 
fcgid_pm_main.c fcgid_proc_unix.c fcgid_proc_win.c fcgid_proctbl.h mod_fcgid.c

 On Thu, Nov 12, 2009 at 10:05 AM,  p...@apache.org wrote:
 Author: pqf
 Date: Thu Nov 12 15:05:08 2009
 New Revision: 835406

 URL: http://svn.apache.org/viewvc?rev=835406view=rev
 Log:
 Add fcgid extension to mod_status
 
 Hi Ryan,
 
 This looks extremely useful.  Hopefully I can look at it more over the
 next few days.  At first glance I think the process heading needs more
 information, such as the vhost or other attributes that distinguish
 the table from other tables for the same executable file, since
 otherwise it may be unexpected to see multiple tables for the same
 program, each with its own set of processes.
 
 For anyone that wants a quick look at the information, I've uploaded a
 sample page to
 
 http://people.apache.org/~trawick/mod_fcgid_status.html
 
 Thanks!
 
 BTW, I made some code formatting changes in r835540 to bring the new
 mod_status code closer to httpd project style (guidelines are at
 http://httpd.apache.org/dev/styleguide.html, examples for issues not
 covered there are throughout httpd).
 

Re: Re: mod_fcgid: add mod_status support?

[pqf]

 
 Jeff Trawick wrote:
  2009/11/9 pqf p...@mailtech.cn:
  Hi, all
 I am new to this community, I am think to add mod_status support to 
  mod_fcgid, which provide more internal information to administrators. Is 
  it a good idea? I am working on it now, but if someone think it's not a 
  good idea, please let me know.
  
  Sure.  I'd like to see a view of processes and perhaps scores from 
  mod_status.
 
 I'd like to see this become an extensible mechansim.  It was on the topic list
 last week until SSL issues got the better of us.
 
 I'll post thoughts in the coming week, Aaron, DougM and I have all done some
 pondering on this subject that would make things cleaner for all.
 
 But in terms of 2.0/2.2 legacy fcgid support for scoreboard, Sander's comments
 are right on.

I just finished a version which scan share memory and print out FastCGI process 
status. just like mod_ssl does.
But will the mechansim be changed to an extensible one in the future? external 
modules like mod_ssl should
use another mechansim to do this? Look forward for further discussion in the 
next week :)

Re: mod_fcgid: different instances of the same program

[pqf]

Hi,
   Yes, mod_fcgid search process node base on file's inode and deviceid(plus 
share_group_id, virtual host name). The goal is to create as less process as 
possible. Some administrators like the idea that all virtual hosts share one 
PHP process pool. (But some other don't, they can turn that off anyway. This is 
what share_group_id for in the first place, administrator can make who share 
who's process pool)
   But the document should provide more detail about it, I missed that part in 
my old documents. I am sure some native English speekers will modify the 
documents soon.

Thanks


From: Danny Sadinoff 
Sent: Tuesday, November 10, 2009 6:16 AM
To: dev@httpd.apache.org 
Subject: mod_fcgid: different instances of the same program


Here are two details of mod_fcgid process management that I've just
learned after a long debug session and squinting at the mod_fcgid
code.

1) symlinks  you.
It seems that mod_fcgid identifies fcgid programs by inode and device,
not by filename.  So two fcgid programs invoked by the webserver
along different paths will be counted as the same if the two paths are
hardlinks or softlinks to each other.

2) Virtual hosts
The above item holds true even across virtual hosts.   So while
it's possible to adjust the FcgidInitialEnv items on a per-vhost
basis, this is a recipe for disaster if two vhosts point at the same
fcgi executable, because the resulting processes with potentially
different Environments will be inserted into the same pool.  Once that
occurs, we may expect that a server spawned with config defined in
vhost A will be parcelled out to vhost B.


The Apache httpd 2.3 docs do not address the symlink issue at all, and
the virtual host issue only indirectly.
http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html


I'd appreciate it if someone could confirm or deny the above.  If I'm
right, can we add it to the docs?  None of it seems obvious to me.
Apologies in advance if this is the sort of thing that belongs on the
dev list.  I'm happy to throw together a doc patch.

Thanks in advance 


P.S. having a lot of trouble getting this message posted to the list.  Not sure 
what's up with that.

--
Danny Sadinoff
da...@sadinoff.com

mod_fcgid: add mod_status support?

[pqf]

Hi, all
I am new to this community, I am think to add mod_status support to 
mod_fcgid, which provide more internal information to administrators. Is it a 
good idea? I am working on it now, but if someone think it's not a good idea, 
please let me know.
BTW, I did test spin lock on share memory process table, the result is, hit 
per second is not as good as current solution with global mutex, so I give up :)

Thanks

[mod_fcgid] how about spin lock on share memory

[pqf]

Hi, all
I am Ryan Pan, who wrote the first version of mod_fcgid. 
  While I uesd mod_fastcgi(not mod_fcgid), one issue that bother me is: while a 
fastcgi process(created by mod_fastcgi's process manager process)in a dead 
loop, no one is respond to kick it out. So from time to time, some fastcgi 
processes would eat up the system cpu resource.
  So while I wrote mod_fcgid, I create a block of share memory to store the 
fastcgi process pipe path and pid, then httpd can search this share memory to 
get the an idle fastcgi process, and once the communication timout(which 
usually mean the fastcgi process deadly running), httpd will kick out this 
corrupt process.
  However there is a new problem now, every time httpd search this share 
memory, it will have to get a global mutex, which is a combination of process 
lock an thread lock, is it(a mutex lock for search a free node in a node list) 
too heavy? Maybe spin lock on share memory is a good idea in this case? But 
spin lock is system dependented, and apr library doesn't have this interface. 
  I thought about this idea since I wrote mod_fcgid, but I am not sure whether 
it is a good idea, so any advice from you guys will be highly appreciated.
 
 
Thanks

Re: Transfer Patch Rights for mod_fcgid ASF

[pqf]

Hi,
From the thread I get here: 
http://mail-archives.apache.org/mod_mbox/httpd-dev/200611.mbox/%3cdb4ef19e-148b-41a3-a27c-354b0d640...@gbiv.com%3e

The procedure is:

   (1) make this thread a formal vote

and, assuming that passes

   (2) fill out the incubation paperwork at
   http://incubator.apache.org/ip-clearance/index.html

and then

   (3) import the code under httpd/mod_wombat

Should someone start a vote or further discussion is needed?

Thanks


- Original Message - 
From: William A. Rowe, Jr. wr...@rowe-clan.net
To: dev@httpd.apache.org
Sent: Sunday, January 11, 2009 2:15 AM
Subject: Re: Transfer Patch Rights for mod_fcgid ASF


 Chris Darroch wrote:
 pqf wrote:
 
 Now both authors have subscribe this maillist and claimed to transfer
 all rights to the patch
 to the Apache Software Foundation, is it OK? Can we move forward now?
 
   Excellent question -- it would seem we have resolved the outstanding
 issues here, so what is the next step?  If we're looking to fast-track
 adoption, do we submit something to the httpd PMC, the Incubator, or
 some other body?  Take a vote?  Any guidance appreciated!
 
 Go ahead and review the threads under;
 
 http://www.google.com/search?q=site%3Ahttp%3A%2F%2Fmail-archives.apache.org%2Fmod_mbox%2Fhttpd-dev+%22ip+clearance%22+mod_wombatie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-a
 
 which is a pretty recent example.

Re: Transfer Patch Rights for mod_fcgid ASF

[pqf]

Hi, 
Thank you Tim Jensen :)

These are the Major patchs which I thought I should ask the patch authors:

Major patches
  version 1.10 ( Jul 3rd 2006 )
  1. Use poll() instead of select() in UNIX. It becomes problematic on apache2 
with large number of logfiles. Apache2 calls poll() (when OS supports it), and 
in that case it doesn't need to be recompiled with larger FD_SETSIZE. select() 
is still limited to FD_SETSIZE.(Thank Piotr Gackiewicz gacek at intertele.pl 
for the patch.)
  2. Bug fix: Some requests fail with HTTP 500 and no errorlog entry is 
generated (Thank Piotr Gackiewicz gacek at intertele.pl for the patch.)
 
  Version2.2 (Jul 31st 2007)
  3. Support configuration TimeScore
  Thank Tim Jensen for the patch.
  (This is a patch from sourceforge.net: 
https://sourceforge.net/tracker/download.php?group_id=174879atid=870993file_id=218023aid=1670268,
 author is https://sourceforge.net/users/timjensen66/)

Now both authors have subscribe this maillist and claimed to transfer all 
rights to the patch
 to the Apache Software Foundation, is it OK? Can we move forward now?




- Original Message - 
From: Tim Jensen t...@rtsports.com
To: dev@httpd.apache.org
Sent: Friday, January 09, 2009 2:05 AM
Subject: Transfer Patch Rights for mod_fcgid ASF


 Hello,
 
 I am new to the list.  Love apache. It has served me well for over
 a decade.  Keep up the great work.
 
 I had previously contributed a patch to the mod_fcgid module
 whose ownership is being transfered to ASF.  As author of my
 minor little patch to mod_fcgid I gladly transfer all rights to the patch
 to the Apache Software Foundation.   ASF is free so use, modify,
 delete, or distrubute the patch and any derivative works as they
 see fit.
 
 Tim Jensen
 tim at rtsports dot com

Re: Re: mod_fcgid license questions

[pqf]

Hi, guys
  Good news is I track down another author now. We are talking about the 
license questions now, so far so good :)

Thanks

 -原始邮件-
 发件人: Chris Darroch chr...@pearsoncmg.com
 发送时间: 2009年1月1日 星期四
 收件人: dev@httpd.apache.org
 抄送: 
 主题: Re: mod_fcgid license questions
 
 Hi --
 
  On 31 Dec 2008, at 05:48, Roy T. Fielding wrote:
  
Foes anyone have a sense of whether these would indeed require
  a CLA and SGA?
 
  They look like simple repairs to me.  More importantly, if he thinks
  they are simple repairs and he is happy to see them Apache Licensed,
  then there is no need for a CLA or software grant.
  
  +1.  This is in the same ballpark as third-party patches we routinely
  accept, e.g. from reports in bugzilla.
 
OK, that sounds reasonable.  I think we're just waiting to hear
 from one other person, then.
 
 Chris.
 
 -- 
 GPG Key ID: 366A375B
 GPG Key Fingerprint: 485E 5041 17E1 E2BB C263  E4DE C8E3 FA36 366A 375B
 

Re: mod_fcgid license questions

[pqf]

Hi, guys
Thanks Chris first :)
Please take a look at the attachments, I got it from my mail archive. The 
errorlog patch is a minor patch. the poll patch change not much lines of code, 
but it did come with original idea.If Piotr Gackiewicz think his job is 
simple repairs, I think these patchs can be put to minor patch group too. 

Thanks

- Original Message - 
From: Chris Darroch chr...@pearsoncmg.com
To: dev@httpd.apache.org
Sent: Wednesday, December 31, 2008 1:31 PM
Subject: Re: mod_fcgid license questions


 pqf wrote:
 
 version 1.10 ( Jul 3rd 2006 )
 1. Use poll() instead of select() in UNIX. It becomes problematic on
apache2 with large number of logfiles. Apache2 calls poll()
(when OS supports it), and in that case it doesn't need to be recompiled
with larger FD_SETSIZE. select() is still limited to FD_SETSIZE.
(Thank Piotr Gackiewicz gacek at intertele.pl for the patch.)
 2. Bug fix: Some requests fail with HTTP 500 and no errorlog entry is
generated (Thank Piotr Gackiewicz gacek at intertele.pl for the patch.)
 
   Ryan has been in touch with Piotr Gackiewicz independently and Piotr
 asks if we can confirm that a CLA and SGA are necessary, as he considers
 his contribution to have been just simple repairs (his term).
 
   From looking over the CVS repository at
 http://mod-fcgid.cvs.sourceforge.net/viewvc/mod-fcgid/mod_fcgid/
 it would appear to me that these patches amount to the following.
 
   Foes anyone have a sense of whether these would indeed require
 a CLA and SGA?
 
 Chris.
 
 =
 --- fcgid_bridge.c2006/01/22 14:16:231.25
 +++ fcgid_bridge.c2006/05/13 23:45:441.26
 @@ -256,8 +256,11 @@
 }
 
 bucket_ctx = apr_pcalloc(request_pool, sizeof(*bucket_ctx));
 -if (!bucket_ctx)
 +if (!bucket_ctx) {
 +ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r-server,
 + mod_fcgid: apr_calloc of %d bytes failed in 
 handle_request function, sizeof(*bucket_ctx));
 return HTTP_INTERNAL_SERVER_ERROR;
 +}
 bucket_ctx-ipc.connect_timeout = g_connect_timeout;
 bucket_ctx-ipc.communation_timeout = g_comm_timeout;
 bucket_ctx-ipc.request = r;
 @@ -315,7 +318,7 @@
 
 /* Now I get a connected ipc handle */
 if (!bucket_ctx-procnode) {
 -ap_log_error(APLOG_MARK, APLOG_INFO, 0, r-server,
 +ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r-server,
  mod_fcgid: can't apply process slot for %s, argv0);
 return HTTP_SERVICE_UNAVAILABLE;
 }
 @@ -326,7 +329,7 @@
 if ((rv =
  proc_write_ipc(main_server, bucket_ctx-ipc,
 output_brigade)) != APR_SUCCESS) {
 -ap_log_error(APLOG_MARK, APLOG_INFO, rv, r-server,
 +ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r-server,
  mod_fcgid: write data to fastcgi server error);
 bucket_ctx-has_error = 1;
 return HTTP_INTERNAL_SERVER_ERROR;
 @@ -335,8 +338,11 @@
 /* Create brigade */
 brigade_stdout =
 apr_brigade_create(request_pool, r-connection-bucket_alloc);
 -if (!brigade_stdout)
 +if (!brigade_stdout) {
 +ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r-server,
 + mod_fcgid: apr_brigade_create failed in handle_request 
 function);
 return HTTP_INTERNAL_SERVER_ERROR;
 +}
 APR_BRIGADE_INSERT_TAIL(brigade_stdout,
 ap_bucket_fcgid_header_create(r-connection-
   bucket_alloc,
 @@ -346,7 +352,11 @@
 /* Check the script header first. If got error, return immediately */
 if ((cond_status = ap_scan_script_header_err_core
  (r, sbuf, getsfunc_fcgid_BRIGADE, brigade_stdout)) = 400)
 +{
 +ap_log_error(APLOG_MARK, APLOG_INFO, rv, r-server,
 +mod_fcgid: ap_scan_script_header_err_core failed in 
 handle_request function: %d, cond_status);
 return cond_status;
 +}
 
 /* Check redirect */
 location = apr_table_get(r-headers_out, Location);
 @@ -377,6 +387,9 @@
 if ((rv =
  ap_pass_brigade(r-output_filters,
  brigade_stdout)) != APR_SUCCESS) {
 +ap_log_error(APLOG_MARK, APLOG_WARNING, rv, r-server,
 + mod_fcgid: ap_pass_brigade failed in handle_request 
 function);
 +
 return HTTP_INTERNAL_SERVER_ERROR;
 }
 
 @@ -437,7 +450,7 @@
 AP_MODE_READBYTES,
 APR_BLOCK_READ,
 HUGE_STRING_LEN)) != APR_SUCCESS) {
 -ap_log_error(APLOG_MARK, APLOG_INFO, rv,
 +ap_log_error(APLOG_MARK, APLOG_WARNING, rv,
  main_server,
  mod_fcgid: can't get data from http client);
 apr_brigade_destroy(output_brigade);
 --- arch/unix/fcgid_proc_unix.c2006

Re: mod_fcgid license questions

[pqf]

Hi, all
Sorry for the delay, I have track down all patches base on my ChangeLog( I 
keep my mail archive), so here is my brief:

the Inside job
  version 0.76 ( Jul 6th 2004 )
  1. Code fix. Replace the depreciated BRIGADE_FOREACH macro, which compile 
against httpd 2.1-Dev.
  (Patch by Paul Querna(chip at force-elite.com))
 
  Version2.1 ( Feb 15th 2007 )
  3. Bug fix. Authoritative flag reversed
  Thank Chris Darroch for the patch
---
Minor patches
...Ignore here, I attach a file to show every modification to every ChangeLog 
entry. (If anyone think any change is major, please let me know)

Major patches
  version 1.10 ( Jul 3rd 2006 )
  1. Use poll() instead of select() in UNIX. It becomes problematic on apache2 
with large number of logfiles. Apache2 calls poll() (when OS supports it), and 
in that case it doesn't need to be recompiled with larger FD_SETSIZE. select() 
is still limited to FD_SETSIZE.(Thank Piotr Gackiewicz gacek at intertele.pl 
for the patch.)
  2. Bug fix: Some requests fail with HTTP 500 and no errorlog entry is 
generated (Thank Piotr Gackiewicz gacek at intertele.pl for the patch.)
 
  Version2.2 (Jul 31st 2007)
  3. Support configuration TimeScore
  Thank Tim Jensen for the patch.
  (This is a patch from sourceforge.net: 
https://sourceforge.net/tracker/download.php?group_id=174879atid=870993file_id=218023aid=1670268,
 author is https://sourceforge.net/users/timjensen66/)


So, that mean there are other two people are involved.


Thanks


- Original Message - 
From: Chris Darroch chr...@pearsoncmg.com
To: dev@httpd.apache.org
Sent: Thursday, December 18, 2008 1:20 PM
Subject: Re: mod_fcgid license questions


 William A. Rowe, Jr. wrote:
 
 How many are we talking about (in the significant category)?  The
 easiest way probably depends on how many people, how easy they are
 to contact, etc.
 
   Ryan, do you have a rough sense of this?
 
   From my own review of the ChangeLog, it looks like there are
 roughly about 10-12 major contributions by others (two of whom are
 httpd committers).  There are lots of additional people listed,
 but these seem to divide up between minor patch contributions,
 thanks for bug reports or for testing a bug fix, or thanks for
 suggesting a possible new feature.
 
   Clearly, though, we'll need Ryan to look through and identify
 the major contributors.
 
 
 I'd prefer that we simply sponsor this effort under the httpd PMC here
 at our project.
 
 We have to file an IP code clearance through the Incubator, but that's
 relatively simple (and a good part is finished already now that the
 appropriate paperwork is filed with the secretary).
 
 Does anyone feel that the addition of mod_fcgid should be driven through
 the incubator?  Speaking first hand, it didn't resolve the shortcomings
 of lack of community behind mod_aspdotnet, and didn't really give mod_ftp
 the visibility it needed (and attracted once it graduated).  So for most
 existing modules, I don't think it solves many of the problems we might
 or might not face here at httpd.
 
   I really don't know all the options here, but from what you describe,
 it sounds like a faster track to get the IP code clearance done would
 be ideal, if possible.  So, a +1 from me if this is feasible.
 
   Thanks,
 
 Chris.
 
 -- 
 GPG Key ID: 366A375B
 GPG Key Fingerprint: 485E 5041 17E1 E2BB C263  E4DE C8E3 FA36 366A 375B
 
--
  version 1.04 ( Dec 2nd 2004 )
  1. Bug fix. ap_scan_script_header_err_core can return non OK without errors.
  e.g. CGI outputs Last-Modified header and browser request with 
If-Mofieided-Since header, ap_scan_script_header_err_core() may returns 302(Not 
Modified)
  (Thank Tatsuki Sugiura, sugi at nemui.org for the bug fix patch)
--- fcgid_bridge.c.orig 2004-11-11 09:40:17.0 +0900
+++ fcgid_bridge.c 2004-11-11 09:41:30.0 +0900
@@ -217,7 +217,7 @@
  server_rec *main_server = r-server;
  fcgid_command fcgi_request;
  fcgid_bucket_ctx *bucket_ctx;
- int i, stopping;
+ int i, stopping, cond_status;
  apr_status_t rv;
  apr_bucket_brigade *brigade_stdout;
  char sbuf[MAX_STRING_LEN];
@@ -330,11 +330,10 @@
 bucket_ctx));
  /*APR_BRIGADE_INSERT_TAIL(brigade_stdout, 
apr_bucket_flush_create(r-connection-bucket_alloc)); */
 
- /* Check the script header first */
- if (ap_scan_script_header_err_core
-  (r, sbuf, getsfunc_fcgid_BRIGADE, brigade_stdout) != OK) {
-  return HTTP_INTERNAL_SERVER_ERROR;
- }
+ /* Check the script header first. If got error, return immediately */
+ if ((cond_status = ap_scan_script_header_err_core
+  (r, sbuf, getsfunc_fcgid_BRIGADE, brigade_stdout)) = 400)
+  return cond_status;
 
  /* Check redirect */
  location = 

Re: mod_fcgid license questions

[pqf]

Hi, all
I have signed the two documents( 
http://www.apache.org/licenses/software-grant.txt and 
http://www.apache.org/licenses/iclas), and emailed the scan version to 
secretary at apache.org.
So what I should do next is? Should I contact all major contributors and 
ask for the agreement to this: 
http://www.apache.org/licenses/software-grant.txt. Or I just  identify all the 
major contributors and wait for next step? Anything I can do please let me know 
:)

Thanks 



- Original Message - 
From: William A. Rowe, Jr. wr...@rowe-clan.net
To: dev@httpd.apache.org; Ryan pan p...@mailtech.cn
Sent: Saturday, December 13, 2008 11:18 AM
Subject: Re: mod_fcgid license questions


 pqf wrote:
 Hi, guys
 Nice to meet you :) I hope I can help to clarify the questions.
 
 Likewise :)
 
When you wrote mod_fcgid, was there any code which you borrowed
from mod_fastcgi?
 No. I didn't borrow any code from mod_fastcgi.
 
 That's good - we are looking at the headers you use and the fcgi package
 liberal licensing (as opposed to the mod_fastcgi package).
 
Your current intention is for mod_fcgid to be available under
the GPL version 2.0, correct?  Could you confirm that you wanted
the GPL to apply to all the mod_fcgid code?
 Yes, I confirm I wanted the GPL version 2.0 apply to everything.
 
 So to clarify, you don't seem strongly married to any particular license.
 
 Is the AL 2.0 acceptable and would you be willing to license it such, or
 offer a software grant under the terms of the AL 2.0?  See
 
  http://www.apache.org/licenses/software-grant.txt
 
 we would also want to capture a CLA so that you can contribute your own
 ideas to the new code
 
  http://www.apache.org/licenses/#clas
 
 Finally, if there are other contributors to the efforts, aside from the
 obvious simple bug fixes and maintenance, we would need their buy-in as
 well, and count on you to identify such people that have shaped fcgid.
 
 Looking forward to this solution!
 
 Bill

Re: mod_fcgid license questions

[pqf]

Hi, guys
Nice to meet you :) I hope I can help to clarify the questions.

When you wrote mod_fcgid, was there any code which you borrowed
from mod_fastcgi?
No. I didn't borrow any code from mod_fastcgi.

Your current intention is for mod_fcgid to be available under
the GPL version 2.0, correct?  Could you confirm that you wanted
the GPL to apply to all the mod_fcgid code?
Yes, I confirm I wanted the GPL version 2.0 apply to everything.

   Finally, Ryan, would you mind re-stating for the record your
 interest in the idea of mod_fcgid becoming an Apache project?
Actually I didn't care too much about which license I should choose. The
reason I chose GPL is that all other license descriptions are in English and
are tricky. I didn't want to spend much time on studying those terms so I
just followed most of people to choose GPL. I intended to put it as open
source so people can share. I don't really care which license it is under. 
(Thanks Miss Xiaomei for this native translation)

I was single when I developed this project, but now I have to spend more time
with my family, and I am now actually interesting on LinuxTV things(So I can 
spend time on
something both I and my wife need :).
But I would like to see someone else take over my mod_fcgid project and
continune to make it better. I get a lot from the others(that why I like open 
source and share),
and I would like to share to the other if I have a chance. It's my pleasure if 
ASF willing to take it over.

Anything I can help please let me know :)

Thanks

- Original Message - 
From: Chris Darroch chr...@pearsoncmg.com
To: dev@httpd.apache.org
Sent: Friday, December 12, 2008 6:15 AM
Subject: mod_fcgid license questions


 Hi --
 
   I believe Pan Qingfeng (潘庆峰), the developer of mod_fcgid, has
 joined this list for the time being while the possibility of mod_fcgid
 becoming project in the Apache incubator is discussed.  I'll use his
 English name of Ryan Pan from here on.
 
   I asked Ryan to join so that he could answer the couple of questions
 regarding the origin of the mod_fcgid code and his licensing intentions
 which have come up so far, and also to thank him publicly for being
 willing to consider contributing mod_fcgid to the ASF.
 
 
   Ryan, the main question which has come up in the last couple of
 days seems to be this one:
 
When you wrote mod_fcgid, was there any code which you borrowed
from mod_fastcgi?
 
 
   The other questions I had related to the existing license for
 mod_fcgid:
 
Your current intention is for mod_fcgid to be available under
the GPL version 2.0, correct?  Could you confirm that you wanted
the GPL to apply to all the mod_fcgid code?
 
(I ask because the LICENSE file in mod_fcgid contains the GPL 2.0,
however, the .c and .h files don't also include the usual GPL text.)
 
 
   Finally, Ryan, would you mind re-stating for the record your
 interest in the idea of mod_fcgid becoming an Apache project?
 
 
   I'd like to personally extend my thanks to Ryan for developing
 mod_fcgid in the first place, for his interest in the idea of
 contributing it to the ASF, and for being willing to work through
 the licensing issues that will involve.  Many thanks!
 
   (I'd also like to thank my colleague Sharon or Xiaomei Ma (笑梅),
 an excellent developer in her own right, for her help translating
 some of the communications Ryan and I have already had.)
 
 Chris.
 
 -- 
 GPG Key ID: 366A375B
 GPG Key Fingerprint: 485E 5041 17E1 E2BB C263  E4DE C8E3 FA36 366A 375B