Using gVisor, instead of NaCL, as the sandboxing technology, shipping new runtimes becomes a much more tractable task with less differences from the "plain" runtime. In fact, gVisor allows us to use the runtime unmodified.
This in turn, decreases the "lock-in". There are still decisions we need to make depending on the runtime, e.g. which package manager to use if there isn't a community default.
Hopefully, the narrative for "Serverless" moves beyond lambda and functions. Sometimes (!) we want apps, databases, caches and more to be "Serverless" :-)
Disclaimer: I work at Google, on the App Engine Runtimes team. I helped ship this
Are you willing to compare your approach to for example Lambda's approach, where the user gets an actual real Linux VM. with zero differences (Work that, incidentally was in part contributed to Linux by Google!), as opposed to a Linux emulator?
This is based on gVisor (https://github.com/google/gvisor), but it does not use the ptrace sandboxing that is in the mainline open source project. Our First Generation runtimes (aka nacl) were based on ptrace. In our informal testing we have observed the Second Generation runtimes to be about 20% faster than the First Generation. I don't have benchmarks on how it compares to a raw VM.
These new runtimes are capable of multithreading, so long as the language is capable of it. And you will need to use an instance larger than the default (F1 / B1) to have access to more than one thread.
App Engine Flex is a version of App Engine that uses VMs with Linux. You can find a comparison between the standard and flexible environments here:
AWS> we put your code in a container, like everyone else puts your code in a container. We bikeshedded the Linux distro a bit, so you might need to recompile
Customer> OK. Fine
GCP> our web scale open source userland kernel hypervisor written in Go hosts your code in a Linux-but-not-quite-Linux microservice
Customer> Why does <X> system call return a strange error code?
GCP> You're too dumb to understand. Trust us
Customer> oh, I think I understand well enough. Calls back Azure sales rep
it's still Python 2.7 only :(
Did you mean "disclosure"?
Disclosure would work just as well, and is in fact more accurate!
That's precisely why I objected to its use in the context it was used here (and other places where it is colloquially used incorrectly): by announcing you worked on something, you reinforce the possibility of bias in the post while taking partial responsibility for the work--it does not disclaim or subtract bias or responsibility.
> the word does deny something: possibly objectivity.
i.e. there is a possibility of bias.
That said, I've made my peace about the "proper" use of language, or rather, the lack thereof, and now espouse it.
The meanings of words and idioms shift over time. As long as we're understood well enough, that's fine by me.
The documentation for all these second generation runtimes is shockingly bad. I consider Google to be _generally_ pretty good at documentation, but this is one of those cases where their propensity for confusing naming and classification of their products makes it hard as hell to figure out what is going on. It doesn't help that the top-level "product overview" page is useless marketing junk (microservices! serverless!) instead of a practical description, which is buried several links deep.
Having never used App Engine but occasionally wandering into its docs when a new product gets announced like this, am I right in assuming that App Engine's "second generation standard environment" is more or less equivalent to the feature set you'd get from Heroku? The flexible environment also continues to confuse me - it talks about being a managed Docker container, but it doesn't seem like you actually get access to anything like a Dockerfile and that's more of an implementation detail on their end.
You're right that you don't get access to the Dockerfile. Docker isn't a 100%-isolated environment for multitenant use-cases, so Google needs to control the stack themselves, using specific trusted versions of base-image layers and app layers. There's maybe extra "Docker-image compile time" security restrictions made on top of that as well.
However, it's not just an implementation detail—it has pretty visible effects.
1. A Flexible Environment app slug gets baked into a regular Docker image and placed into your Google Container Registry alongside container-images you've built yourself with GCR. (And your GCR registry, in turn, is backed by a Google Cloud Storage bucket in your own account—meaning that you're paying for storing the resulting images just like any other uploaded objects. You should prune old App Engine Flexible Environment image versions if you don't want to pay!)
2. You can do whatever you want with the filesystem of your container, because it is just a Docker container. You can mount volumes to the container in the container spec (app.yaml), just like if you were writing a k8s container spec. (In fact, sharing IPC sockets through a Docker volume-mount is how the Google Cloud SQL proxy works.) You can internally auto-update your container by downloading new Python/Node/etc. code into the container and getting the interpreter to re-exec(2) itself. Pretty much anything that can run in a "Python Docker container environment" can run in Google's "Python Flexible Environment", because they're pretty much the same (save for those container-build-time security restrictions.)
Firstly, a sincere thank you for reading and caring about our documentation.
With regards to the page you referenced, would you please elaborate on what information would help you come to the appropriate conclusion about using a second generation runtime? Your feedback would be very useful to us in order to shape this page into something that provides you with actionable information rather than "useless marketing junk" :)
Also to address a point you made in the first paragraph of your post, the PHP 7.2 beta runtime is a "second generation" runtime.
There should be right up front, a crystal clear page detailing the three possible environments.
- Legacy Standard (WITH A VERY CLEAR DEPRECATION NOTICE)
- Legacy Flexible (WITH A VERY CLEAR DEPRECATION NOTICE)
- Standard Second Generation GVisor
For example, in Python Standard (old standard), it's extremely confusing to work out which gcloud libraries are bundled, and which need to be vendored and packaged into the app (yes I know there is a page that tries to explain. It's unclear).
Thank you for working on the documentation. It is the number one area that GCP needs to invest in. All the technology is miles ahead of AWS in the core areas. The docs however, are very very far behind.
Happy to elaborate more if there's any specifics you need.
I agree. I spent a lot of time trying to figure this out myself with various APIs, and in some instances, I gave up and looked for an alternative after I failed to figure out how to correctly vendor some Google Cloud libs (even following what documentation I did find, which made it look so simple).
My main complaint about the marketing landing page at https://cloud.google.com/appengine/ is that it doesn't contain any immediate information about the different environments. It does have a link to "Choosing the right Environment" but it's _waaay_ down below the fold. In general I wish Google Cloud product pages had their big "View Documentation" buttons up at the top next to the free trial button, instead of way down below the pricing section.
In addition, neither the "Choosing the right Environment" nor the "App Engine Standard Environment" docs linked at the bottom of the product page contain detailed information about the second-generation standard environment, which is frustrating. I do appreciate that the language-specific pages in the main docs link contain a short comparison that includes the beta environments, at least.
That said, the primary document comparing the environments (https://cloud.google.com/appengine/docs/the-appengine-enviro...) seems very out of date. For example, it mentions you should use the flexible environment if your app:
> Depends on other software, including operating system packages such as imagemagick, ffmpeg, libgit2, or others through apt-get.
However, the Node standard environment contains these three packages and more (https://cloud.google.com/appengine/docs/standard/nodejs/refe...).
There might be other nit-picks to be said, but really, my main criticism of the documentation is that trying to understand the split between "standard/flexible/second-generation standard" environments at first glance is tricky. I'm sure y'all have plans for this going forward as these environments come out of beta, so I'll hold off on whining too much more. Thanks for asking for further feedback, and for clarifying that the new PHP runtime is a second generation one.
From this, I believe the action items for us (apologies if I have missed out anything, please correct me):
* Work on making it clearer which environment and which runtime you should choose for your apps and cut out the marketing prose.
* Provide more technical details on the differences between first generation and second generation runtimes.
* Be explicit on what libs are provided and what need to be vendored.
If y'all want to provide more feedback please feel free to add to this thread (I'll be checking it periodically for a few days) or contact me via email - lla@(you know the domain).
Disclosure: I work for Google on the App Engine team doing documentation.
I hope that stuff is missing just temporarily - there is a lot of genius in the original GAE.
I suspect yes, but the last time I checked the Cloud IAP docs (for GAE standard's recent Python 3.7 launch) they didn't yet address the unique situation of second-generation App Engine standard environment runtimes.
It reminds me a lot of being back in the 80s, when you could write raw assembly that simply called BIOS interrupts to read and write from a disk (by logical disk number!), rather than there being this whole edifice of an OS kernel in between, mapping high-level conceits like logical disk requests to low-level SCSI/ATA/etc. wire protocol messages. That mapping was instead happening at a firmware level, such that the hardware (the CPU) could expose intrinsics that would look like any other ISA instruction, but which would turn around and use the firmware (the BIOS) to execute the instruction.
That BIOS-interrupt style really feels, to me, like how computers should be: rather than everything compiling down to RISC code that inevitably gets bogged down in kernel context switches as it attempts to express its intent through thousands of low-level system calls, why not have an ultra-high-level CISC ISA that can just express its intent to the hardware [and firmware] directly, with no impedance mismatch? All the "expansion" of intent to RISC would happen in ring 0, with no switching back and forth. (A good example of this kind of CISC-expression-of-intent: kernel packet filtering.)
Or, if you don't want to go that far: why not an abstract machine, like the JVM, with these hyper-CISC semantics? I know there's already one example of this approach in the way Erlang's BEAM VM implements its "send" instruction. In the expensive cases—when a module is not loaded in the local VM, or when you need to send the message to a remote node over the distribution protocol with a custom transport—the "send" op can bounce back down into calling other Erlang modules (essentially "firmware"!) to get its job done. I'd love an abstract machine that had that approach... but for everything.
† I say "felt a lot like", but from my understanding, this is how it actually was/is! GAE Standard Environment v1's interpreters are compiled as Portable Native Client [PNaCl] binaries, with extensions to the "ABI side" of the PPAPI for the specific services the Native Client VM host provided to its guest. The language runtimes then 1:1 expose these PNaCl instruction-set extensions as the functions of modules like ndb, taskqueue, etc.
I ran in to a couple of show stopper issues with the new nodejs standard env which were fine in flex (waiting on Google support on these, but very slow datastore queries and odd request queueing behaviour), so we're running flex at the moment, but for our particular use case standard would otherwise be cheaper.
Another thing to note is that GAE standard api does not work in Flex or GCE (no portable api for datastore, memcache, runtime apis for versions and modules, etc.) So basically any code that you write in standard gae is locked in.
Another interesting note is that standard gae is covered in free tier but flex is not covered in free tier.
It seems like google is trying to lock you in with standard gae and then make you pay order of magnitude more for the infrastructure once your service gets some traction.
Gen2 Standard (PHP7, Node8, Java8, Python3, etc) uses the standard GCP APIs that you can call from anywhere, including other clouds. It should be relatively straightforward to move from Gen2 Standard to Flex and vice versa.
(I work for GCP)
I've only ever 'rolled my own', on small-scale virtual or shared servers, but I've got an upcoming project I could do with trying to install on something completely seperate - something like this might fit the bill.
The "killer" feature of AppEngine is the scalability - i.e. your small-scale virtual or shared servers are ok for small usage, but what happens when you have more traffic than that VPS can handle? Perhaps call the hosting provider and ask for more CPU/Mem/Bandwidth, or maybe move to a new bigger server elsewhere. But that takes time, and what if it was just a spike and now your traffic is back to normal but you've got a beast of a server running the site. You could be wasting money even with the small VPS sitting idle for most of the day if you have very infrequent traffic.
With AppEngine it just scales automatically to handle the load, from zero QPS to many thousands QPS and back down to zero again without any effort from the developer apart from the initial config (... of course you can limit that scaling too if you want to control cost).
There are also a bunch of other nice-to-have features around traffic splitting (i.e. A/B testing), some nice task-handling tools (e.g. cron-style stuff, task queues), centralised logging, and the easy plug-ins to the other Google Cloud stuff.
Deployments themselves are not especially "quick" and you have to do a few things "the appengine way", but the trade-off is you have nothing to manage on the server at all.
I've used AppEngine a lot over the past few years (mainly Java and Go) and its pretty decent I've found, although I do use a lot of the other Google Cloud services (e.g. their database stuff) so it makes sense. App Engine has been pretty rock solid in my experience.
Compared to some other language a proper PHP env is relatively dumb to set up, have a build script in your system of choice to install fcgi PHP in the version you need and the extensions you expect and setup the relatively simple conf file in your browser of choice, and then have a composer file to setup the libraries you need, tada you're pretty much down (everything else is not very much PHP specific)
After a long journey down various rabbit holes last night, where I at points got quite excited by the idea of leveraging Heroku with perhaps a soupçon of Cloudflare in the background or AWS' myriad of services, I ended up back where I've always been, and think I'll stick with what I know for my upcoming project.
However, I think this'd be a great way to dabble in things I really don't have any famiiarity with (eg. Ruby), so I'll have a play yet.
That's incorrect. The page says: "We don’t discriminate: Laravel, Symfony, WordPress, Statamic, Craft and any other PHP application can easily be installed on a Forge server."
> doesn't scale automatically
That's true but I the person to whom I was responding isn't looking for auto-scaling (nor am I presenting it as a GAE competitor). It sounds like he just wants a button to push that'll create a fully operational PHP app server.
Paying 10 or more dollars a month probably doesn't make a lot of sense unless you are installing laravel and for some reason can't do it yourself.. Or if you need to replicate the process. It is not really one button click either you need to find/create the right script(s) if you are doing anything complex and if you are not just have the developers get a copy of the app from github and clone a dev box on digitalocean.
So far I've been billed $0.00. The free tier is quite generous, and probably plenty for most low traffic endeavors.