Project

General

Profile

Bug #2250

running a php5-only app under container

Added by cpg over 2 years ago. Updated over 2 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
05/25/2017
Due date:
% Done:

0%


Description

We would like to be able to run apps under containers as a long-term goal. This bug is not for that, but to get one first (small) step towards that goal.

In this bug, we would like to identify one app that have the property of working on php5 and not working on php7 under a10/f25.

Ideally we want to identify an app that is preferably simple (e.g. no mysql), that has that property, and can be used as a development vehicle.

Let's clone that app and call this new "development" app, say, "php5-container-work". We will probably mark this app as "php5" in the type field in amahi.org (please add @vikasy as a contributor).

This will be our "canary app" and we will use it in development only (e.g. not beta/live). We will also have a version of it called "php5-os-broken" that will be the SAME PHP CODE but it should fail because it will not have "php5" type and will run under the OS .

If we cannot find a suitable app, then let's develop an extremely simple "hello php5 world" app that has that property.

I will work on the amahi.org side.

PS: one possible idea. @eFfeM suggested phpsysinfo (as that has been our canary app for ARM development, bringup, etc.)
phpsysinfo appears works fine on php7. One possibility is to add a php5-only call that breaks under php7, at the top and use this modified app.

Screenshot from 2017-05-31 10-53-12.png View (318 KB) vikasy, 05/30/2017 10:42 PM

Screenshot from 2017-07-11 01-20-38.png View (47.5 KB) vikasy, 07/10/2017 12:52 PM

Screenshot from 2017-07-11 01-26-55.png View (44.7 KB) vikasy, 07/10/2017 12:57 PM

Screenshot from 2017-07-12 13-06-40.png View (45.2 KB) vikasy, 07/12/2017 12:39 AM

History

#1 Updated by eFfeM over 2 years ago

actually I suggested phpinfo, not phpsysinfo; rationale was that that will also give info on the php installation

#2 Updated by bigfoot65 over 2 years ago

Will see what I can come up with today.

#3 Updated by bigfoot65 over 2 years ago

Create app called PHP 5 Container:

https://www.amahi.org/apps/php-5-container

It only contains index.php with the php_info as requested.

Added vikasy as a contributor as well.

#4 Updated by cpg over 2 years ago

  • Assignee changed from bigfoot65 to cpg

installs well and comes up on f25, indicating the php version (PHP Version 7.0.19) right up to.

type is PHP5.

great going, thanks.

next we need to make a platform that will use the PHP5 cue to install an app

1) in a container, and
2) with php5

that's a first goal for @vikasy

#5 Updated by vikasy over 2 years ago

I have started working on this issue and I'll update my progress by tomorrow.

#6 Updated by vikasy over 2 years ago

Different Approach that we can take to solve php5 issues (From what I have understood of the amahi system)

Approach 1 : Use php5-fpm

The idea is to use php5-fpm inside a docker container and make apache on the host to use it..

For app installation, steps involved will be something like this:
Extract the php app source code into a folder
Mount that folder as a volume to the php5-fpm container.
Add a vhost for each app like we are doing presently but we have to configure it to use php5-fpm which can be done as mentioned in Reference 2.

Scope of Work:
From my understanding of the amahi platform, app installation is handled by a function in app.rb and installation script fetched by amahi. So we will have to tweak the installation scripts of php5 applications which are failing to follow the steps as mentioned above.

Reference.

http://geekyplatypus.com/dockerise-your-php-application-with-nginx-and-php7-fpm/#comments
https://serversforhackers.com/video/apache-and-php-fpm

Approach 2 : Wrap everything inside a docker image

We can take the source code of the app, php5, a webserver like nginx or apache and wrap it all inside a docker image. When the user clicks on install amahi will simply pull this image and run it using docker. We can add a vhost rule in apache which reverse proxies to the running container. (I implemented a prototype of this approach while applying for GSOC)

Problems with this approach:
Image size may increase.

Benefits:
Everything is containerized so less scope for breaking things.
Presently things are failing because of php5 but in case if in future they fail because of something else we can still use this approach to install apps without any hassles.

#7 Updated by cpg over 2 years ago

in my view, step #1 is to determine how php5 can be run in fedora25 (where to get the repos/code from, etc.)

step #2 is to figure out how to do that while preventing it from interfering with the system php7

step #3 would be to figure out how to run apps with this php5

maybe fpm is a proper solution and slimmer than an image (not sure what an image implies, but I assume is larger/more complex?).

the down side of that part is using a separate process that has to be managed, but maybe that is simpler than the alternative (a custom mod_php for php5 inside a container).

so would say maybe fpm would be worth trying first if it seems simpler.

#8 Updated by vikasy over 2 years ago

I am struggling with a few things in Approach 1 but in the meantime I have been able to implement Approach 2. See the attached image.

We have to note that this approach will require a one time download of 80MB (right now). All php5 apps can then use this downloaded image. We can slim down the image size to a large extent by removing packages which are not relevant to us.

#9 Updated by vikasy over 2 years ago

I have created a report on possible approach that we can take with containers. Report is available here. I have discussed the possible advantages and disadvantages of each approach and tried to convey how each method works in best possible way. Hope it helps.

https://docs.google.com/document/d/1Pe4A3my6lrKTlvQ3WeHiB1SVugzcBqpUpPwgFfuPEKA/edit?usp=sharing

I couldn't fit in the points properly on bugs.amahi.org so I created this doc. cpg and frans if you can review it and give your feedback then I'd get started on it asap.

#10 Updated by vikasy over 2 years ago

There are 3 ways to give network access to a container inside docker.

Bridge : It's basically a virtual network kind of thing where docker creates a virtual network and attaches all the containers to it. By default there is one network created by docker to which any container we create will latch on to but docker does give option to create multiple virtual networks. For our use case single bridge is more than enough for now.
None : There's no networking access available to the container.
Host: The host network adds a container on the host’s network stack. As far as the network is concerned, there is no isolation between the host machine and the container. For instance, if you run a container that runs a web server on port 80 using host networking, the web server is available on port 80 of the host machine.
For now it looks like we should use Bridge or Host option.

My take: for now we can manage with the host option but going forward we will need the bridge for different use cases. And anyway using a single bridge is not a huge overhead.

NOTE: Bridge is the default networking mode in docker.

I am looking for input from frans and cpg to decide what to use for our use case.

#11 Updated by vikasy over 2 years ago

There are 3 ways to give network access to a container inside docker.

Bridge : It's basically a virtual network kind of thing where docker creates a virtual network and attaches all the containers to it. By default there is one network created by docker to which any container we create will latch on to but docker does give option to create multiple virtual networks. For our use case single bridge is more than enough for now.

None : There's no networking access available to the container.

Host: The host network adds a container on the host’s network stack. As far as the network is concerned, there is no isolation between the host machine and the container. For instance, if you run a container that runs a web server on port 80 using host networking, the web server is available on port 80 of the host machine.

For now it looks like we should use Bridge or Host option.

My take: for now we can manage with the host option but going forward we will need the bridge for different use cases. And anyway using a single bridge is not a huge overhead.

NOTE: Bridge is the default networking mode in docker.

I am looking for input from frans and cpg to decide what to use for our use case.

#12 Updated by vikasy over 2 years ago

I am trying to build a slimmer docker image so as to decrease the download size. I have managed to bring down the compressed image size from 120MB to around 54MB and I'm trying to decrease it further.

In the meantime I need some help of you guys in deciding what php5 libraries should the base image have. Please remember that if an application requires any additional php5 libraries we can update the base image on host system itself without incurring much download.

Please check this file line 16-42. Please suggest what packages we can remove and what we cannot.:
https://github.com/ngineered/nginx-php-fpm/blob/php5/Dockerfile

#13 Updated by cpg over 2 years ago

I think bug #1900 may help here. @bigfoot65 realized a while ago a few deps were more common than others.

#14 Updated by vikasy over 2 years ago

@cpg
How would we know if an app needs a php library or not? Is there an easy way to do it?

#15 Updated by cpg over 2 years ago

  • Assignee changed from cpg to bigfoot65

we discussed in slack on strategies on how to go about finding needed libraries. sometimes the errors will tell you or the apps will tell you.

@bigfoot65 -- could you provide a handful of php5 apps to test the current latest work on this project (under f26)?

#16 Updated by bigfoot65 over 2 years ago

How about:
  • ATutor
  • Coppermine Photo Gallery
  • Feng Office
  • MyIT CRM
  • OrangeHRM
  • osTicket

#17 Updated by bigfoot65 over 2 years ago

  • Assignee changed from bigfoot65 to vikasy

#18 Updated by vikasy over 2 years ago

Coppermine Photo Gallery
osTicket

Both working inside containers without any problem.

I was unable to get FengOffice and Atutor running.

Fengoffice error.
!Screenshot from 2017-07-11 01-20-38.png!

Fengoffice runs properly inside container but installation is failing with some mysql error. We need to check that.

Atutor also fails during installation after providing the database settings
!Screenshot from 2017-07-11 01-26-55.png!

I could see the following error in logs but couldn't fix it:

message: PHP Warning: mysqli::query(): Couldn't fetch mysqli in /var/www/html/include/lib/mysql_connect.inc.php on line 307
PHP message: PHP Fatal error: Call to a member function fetch_assoc() on null in /var/www/html/include/lib/mysql_connect.inc.php on line 308" while reading response header from upstream, client: 172.17.0.1, server: _, request: "POST /install/install.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sock:", host: "localhost:3001", referrer: "http://localhost:3001/install/install.php"

#19 Updated by cpg over 2 years ago

they may require specific packages to be installed.

maybe they are in the rpm dependencies, in which case these would need to be picked up and installed inside the container.

this could be a solution for not having to keep multiple "fatter" images and do things dynamically.

If the missing packages are not in the rpm deps field, it may be that they need to be. I don't know what they would be without some research. Some basic searches usually work for solving this in the past.

#20 Updated by vikasy over 2 years ago

Please check the error for fengoffice in screenshot.

"Failed to import database construction. MySQL said: Invalid default value for 'archived_on'"

And as for Atutor, from the error I can clearly see that the problem is somewhere in the code of atutor. "PHP message: PHP Fatal error: Call to a member function fetch_assoc() on null in"

#21 Updated by vikasy over 2 years ago

On Fengoffice forums someone mentioned this solution, I don't know how viable it is. Need your feedback on it @cpg

go to phpmyadmin, SQL and set the following

set global innodb_large_prefix=on;
set global innodb_file_format=barracuda;
set global innodb_file_per_table=true;
set global sql_mode=NO_ENGINE_SUBSTITUTION;
set global sql_mode=NO_ZERO_IN_DATE;
set global sql_mode=ERROR_FOR_DIVISION_BY_ZERO;
set global sql_mode=NO_AUTO_CREATE_USER;

#22 Updated by vikasy over 2 years ago

All the "sql_mode" attributes can be set up for a particular database. But "innodb_*" attributes have to be setup at global level only.

This problem has likely occured because of changes that have come up in mysql 5.7.7 and later. Please refer to the below link for more information.
https://stackoverflow.com/a/35851332/2749286

Also available in: Atom