HipHop-PHP

Where do I begin on this one.  Over the past 12 or so years, I have always enjoyed PHP.  Despite it's failings, I still prefer to prototype and throw together web applications with it, over anything else.  Sometimes I come up with something pretty cool.  Often, this is for a friend.  Although I am happy to give them that cool thing, sometimes I regret giving away the intellectual property.

https://github.com/facebook/hiphop-php/

"HipHop for PHP transforms PHP source code into highly optimized C++. It was developed by Facebook and was released as open source in early 2010."

Much to my surprise, tonight, I downloaded, configured, installed and tested.  It all worked, first pass.  No tinkering, no nothing.

Second, I took the most complex PHP project I have, with lots of different dependencies and pushed it through. Guess what?

It works.  It really works.

Awesome.

Apache Cassandra & nodetool

Today I was playing around with a cluster of 3.  How can I have new apache cassandra instances join and leave and allow the cluster add/remove to function somewhat autonmous.  Joining is not a problem.  The auto-bootstrap feature works a treat.  Leaving on the other hand.

$CASSANDRA_HOME/bin/nodetool -h 10.0.0.1 decommission

As I understand, when this is run, the node will stream all it's data out to other nodes in the cluster and remove itself.

When I view the ring from another node:


10.0.0.1    Down   Leaving 218.71 KB       21.76%  61078635599166706937511052402724559481

I see this message.  Great ... but after an hour of waiting, I give up and try to force the removal of the token:

nodetool -h 10.0.0.2 removetoken 61078635599166706937511052402724559481

Exception in thread "main" java.lang.UnsupportedOperationException: Node /10.0.0.1 is already being removed.

Ok then... this is interesting:  

nodetool -h 10.0.0.2 removetoken status

RemovalStatus: No token removals in process.

I don't get it.  How do I gracefully remove a node?  Finally, I killed the node on 10.0.0.1 and removed it's data.  Ungraceful.  I then went to the other nodes, still couldn't force it's removal.  Started the node back up on 10.0.0.1 and it's rejoined the cluster ... with data spread evenly around.  Not exactly what I wanted ... oh well....

I'm sure I've missed a concept.  So, now that I have a 3 node cluster working and balanced, I turn off cassandra on 10.0.0.1 and check the ring from another node:

nodetool -h 10.0.0.2 ring

10.0.0.3  Up     Normal  224.21 KB       40.78%  24053088190195663439419935163232881936

10.0.0.1    Down   Normal  213.51 KB       36.78%  86624712919272143003828971968762407027

10.0.0.2    Up     Normal  244.42 KB       22.44%  124804735337540159479107746638263794797

Now, to try and remove that node by removing the token:

nodetool -h 10.0.0.1 removetoken 86624712919272143003828971968762407027

Job done, the node is gone...

nodetool -h 10.0.0.2 ring

10.0.0.3  Up     Normal  224.21 KB       40.78%  24053088190195663439419935163232881936

10.0.0.2    Up     Normal  244.42 KB       59.22%  124804735337540159479107746638263794797

-sd

-- maybe this is my problem:  CASSANDRA-2072

Security Groups & Amazon Web Services (AWS)

It's funny.  Been playing with amazon web services quite a bit over the past few weeks and didn't give much attention to security groups.  It's only now, after this past weekend have I developed a strong appreciation and respect for them.  Some background:

The way amazon operates is quite interesting.  All instances get a dynamic internal IP.  That IP stays for the duration of that machine being on.  If you restart, the IP changes.  Now, you can pay for an elastic IP which maps to the instance ... and that never changes.  But it's mapped.  The instance never really knows anything about it.  It always has this internal IP .... 10.10.10.10 one day, reboot, 10.20.10.20 the next ....

Now, security groups.  It's one big glorified access list.  You have to specify which security group your instance belongs to.  Fair enough.  By default, it's deny all.  You can start opening things up, saying that 0.0.0.0/0 can access your instance on TCP/80.  That means the world can get to that instance on port 80.

With me so far?

So what if you wanted to deploy a multi-tier LAMP application to AWS:

2 x web server
2 x application server
2 x mysql ....

How would the security groups look then?

security group 1:  web servers
security group 2:  application servers
security group 3:  database servers

Simple!  You then configure your access lists ... right?  Sort of.  If you want to do it properly, you define that only TCP/80 & TCP/443 are open to 0.0.0.0/0 for security group 1.  

Security group 1 should have access to security group 2 on some ports .. like 8080 or 80 or 8443 ....
Security group 2 should have access to security group 3 on some ports ... like 3306 (mysql)

Normal instinct would say, let's put in the IP's of each machine ( 10.20.10.20/32 and 10.10.10.10/32) for example ... well ... in the AWS world, this isn't correct.  When you restart your machine, the IP will change and your rules will not be valid.

Now unfortunately, the way to get around this is not available through the AWS management console.  The only way I've found so far (limited amount of looking) is to download the ec2 client tools, generate an X509 key pair, and use the tools:

ec2-authorize us-app -P tcp -p 8080 -o us-www

What this does, is says that the security group "us-app" allows the origin "us-www" on TCP/8080

You are defining the policies with other groups.  This is great because you can then add new instances into whatever group you want, or restart an instance, and the policies will still be valid.

Hopefully this is of use to someone one day.  I'm glad I've stumbled upon it now after some small pain points and not later when the pain points would be much higher ....!

-sd

amazon web services

finally got around to jumping on the bandwagon and converting from a 1and1 customer over to amazon web services.  let's be honest, $100usd a month versus less than 1% of that.  it was a no brainer.  to do my part in the IPv4 running out of IP issues, by moving, I've free'd up 3 IP's!

oh well. a new chapter ... a single IP

PHP Sessions & Apache Cassandra

A week ago I had an idea to write an interface allowing PHP sessions to use Cassandra as a data store.  A benefit I quickly found is that I could rely on Cassandra to expire the sessions and not PHP session garbage collection.  nice.  

The code here and uses phpcassa as the interface to thrift.  

Sessions were given their own column family, with the row key defined as the site name.  each column is a session id with the column data being the session data.  

Works a treat.  Each time PHP session_start() is called, the expiry on the column resets back to the original value.  So, if the expiry is set to 1 hour, it's 1 hour after the last session_start() was invoked.  

Is this the right way to do it?  Good question....

phpcassa and windows 7.

after years and years of not logging into IRC, I found myself logging in this evening and connecting to freenode.net ... #cassandra ... I was having some big problems with PHP connecting to Cassandra.

In the end, you know what the problem was?

C:\windows\System32\drivers\etc\hosts

The default is to have localhost commented out.  For whatever reason, PHP on windows was unable to resolve localhost and could not connect to Cassandra.  Once this was uncommented, the flood gates opened and some phpcassa goodness arrived.

thobbs was great.  the project url, to which he is the author:  https://github.com/thobbs/phpcassa

When is 100mbps 100mbps?

Answer:  Not sure.  We pay for 100mbps but are defo not getting it according to these results....

Test 1 -- via linksys wifi connection to ubee router
http://www.speedtest.net/result/1137725804.png (Zurich)


Test 2 -- Direct connection to ubee router
http://www.speedtest.net/result/1137728815.png (Zurich, CH)
http://www.speedtest.net/result/1137730549.png (Herndon, VA (US))
http://www.speedtest.net/result/1137736648.png (Dubendorf, CH)
http://www.speedtest.net/result/1137738064.png (Zurich, CH)