| Lucas_Werkmeister_WMDE added a comment. |
For the wikidata-constraints test system (which doesn’t have enough RAM to run BlazeGraph), I’ve written a tiny server, minisparql, which listens for REGEX() SPARQL queries and evaluates them with PCRE. We could use a very similar service, except we can do away with the SPARQL wrapping (e. g. have the regex and text on two lines), and then we can write the whole thing in PHP (I thought the regex-parsing part would be easier to do in Python, but then I learned that Python doesn’t have built-in PCRE, so currently minisparql has Python run a PHP process just for preg_match, which is of course a bit silly).
minisparql is a systemd service and uses several systemd features:
- socket activation
- minisparql doesn’t have to handle any network stuff, systemd sets up the socket
- input on stdin and output on stdout
- one process per connection, so the sandbox (see below) is per-request automatically
- sandboxing
- max. 1 second of CPU time
- only one extra process (the PHP, mentioned before; could be lowered to zero extra processes or threads when the whole thing is written in PHP)
- running as nobody, no writing to the file system, no own networking, no sudo, etc.
Could we deploy a service like this on the application servers so that there’s no networking overhead?
Cc: Lucas_Werkmeister_WMDE, Krinkle, Aklapper, GoranSMilovanovic, QZanden, Agabi10, Izno, Wikidata-bugs, aude, Mbch331
_______________________________________________ Wikidata-bugs mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs
