Relay spawns automatically #1303
Comments
Yes it is. And this exact "feature" is what created the fork inside Swoole (into OpenSwoole), exactly because it's a security
An extension is the way that APM like NewRelic use, and it spawns another process, so it has basically open capabilities.
Why per-upstream?
I would avoid that. Also: if you just need Relay, can't you just say that you need it deployed and that's all? As a sidecar i.e. in a k8s environment, I would need a container to put in the pod, alongside PHP-FPM.
An extension is another possible way to proceed, but it should not be to heavyweight. Maybe we could leverage FFIs too? |
Please, no! Whatever thing downloads and installs things in the background without the user consent should be treated as a security issue and an unwanted behaviour. It's not important who is the owner of what, it's simply wrong. I wouldn't trust ever something that I find out it downloaded something on my behalf, without telling me it.
I don't have a full picture of what you are trying to achieve, but I don't understand why we need Relay. IIRC, the main point that led to thinking that an extension may be useful was that PHP is not asyncronous and so it cannot send events in the background like other languages do (Go, Java, etc). If that's the main driver for creating such extension, then I would expect it to simply implement the sending of events so that it can be done in the background, no matter what is the server at the other side |
|
HI @Jean85 thanks for the feedback!
i put there more to call out something we WON'T do, for exactly these reasons
this was referenced as well, i think it provides a good example of how we might want to do it
this was a point brought up by @jan-auer but actually I would take this out for now, as now part of the POC
for both of these points: we want to reduce the need users would have to run it to a bare minimum, and it more closely resemble the solution we have for AWS Lambda Extensions https://github.com/getsentry/sentry-python/milestone/4 where we run relay in proxy mode
agreed :) was writing up a summary of a meeting we had on this, and wanted to write that with the malware point that we won't do it, I'll edit the original to be more explicit
so we want to have sidecars available for server-side high throughput environments to relieve some stress from the applications themselves. Then aggregation logic and sending to sentry can be abstracted away. For a language like PHP due to it memory constrains there's already more obvious value. Then there are a number of other features like auto session tracking, 429 rate limiting, and client reports which would also become possible in PHP world. We don't want to solve all those problems yet though. For now we just focus on relay as a sidecar, and that it should be lightweight in size and difficulty to setup, which then for the 429 issue linked would also cut down those round trips. Then the larger goal, is to start with PHP (well...we technically already started with AWS Lambda) since there are clear problems we might be able to tackle. Then we would have a solution that we could scale to other platforms with high throughput requirements. However we want to tackle first with this issue just how best to get this sidecar running for PHP applications If y'all are interested I would be happy to include you in a call together with some folks from Sentry and @stayallive |
|
If the end users will still have the option to deploy Relay manually, that would be a great strategy IMHO. In that way, I can make the conscious trade-off between deploying it locally (like inside the same pod in k8s) or "globally", once for all my infra, depending on the network topology and distribution. |
I think we all agree, this might not be the best idea to pursue, since that very much borders malware but also has technical challenges with race conditions and every request needing to check if a process is live and otherwise spawn it might also have performance downsides.
Yes this is indeed how Datadog, New Relic & Tideways function (which I believe are the more popular options available for PHP). They have a daemon/proxy application running, usually one instance per server that accepts reports from the PHP extension. You can compare the daemon/proxy process with how Relay functions at the moment and it's used to offload potentially slow HTTP traffic to a service like Sentry
There is documentation where the lifetime of a PHP extension is described: https://wiki.php.net/internals/extensions#extensions_lifetime.
As far as I can tell from the document linked above the extension has a similar lifetime of a PHP request (it can do things before and after) but because of the single threaded nature of PHP there is not much use of keeping much state inside the extension since it's at most shared with a single PHP process which potentially only lives for a single request.
In PHP land if we run daemons (like queue workers) it's usually left up to the user how to do it but supervisord is a very common tool for this. Another option which other APM tools employ is to have (linux) packages available that install register the daemon as a service so it starts up with the host machine.
This is an interesting problem, but that might be up to the user to have a Relay instance per Sentry instance, so far people usually don't use multiple Sentry instances inside a single application so the use case for having multiple relays on the same host is probably only required for a few people or people that run multiple applications on a single host.
Considering the information above, this is a process and not an extension.
Also yes, but for the scope we are looking into it's not needed to hook into language internals (although to improve the APM experience this will certainly be needed in the future).
I don't think that is a good idea considering how PHP ships it's SDK, we could however ship an easy tool or CLI helper that pulls down the binary if needed which might be convienient, but that could also be a install script hosted by Sentry instead of bundled by the SDK.
As mentioned above, using install scripts or with a (linux) package. If wanted I could compile a list with installation instructions (or links to them) for the other APM solutions.
That one I don't know 😅 I hope this helps @smeubank, let me know if I should clarify or expand on some items here! |
|
Closing this for now, we might revisit this in the future. |
Before we figure out how our PHP SDK can communicate with relay running as a sidecar, or what we want that instance of relay to do exactly, we need to find a way to have it spawn automatically.
The general discussion around this should be to answer:
How does the user get to it?
Further questions
The text was updated successfully, but these errors were encountered: