Merge pull request #1423 from jakedt/secscanprocess

Split secscan endpoints into a new process
2016-05-02 11:47:21 -04:00 · 2016-05-02 11:47:21 -04:00 · 2d08066901
commit 2d08066901
parent fdf81860a1 cc8e58e7f4
7 changed files with 38 additions and 5 deletions
--- a/application.py
+++ b/application.py
@ -8,6 +8,7 @@ from app import app as application
 import web
 import verbs
 import registry
+import secscan


 if __name__ == '__main__':
--- a/conf/gunicorn_secscan.py
+++ b/conf/gunicorn_secscan.py
@ -0,0 +1,13 @@
+from Crypto import Random
+
+bind = 'unix:/tmp/gunicorn_secscan.sock'
+workers = 2
+worker_class = 'gevent'
+logconfig = 'conf/logging.conf'
+pythonpath = '.'
+preload_app = True
+
+def post_fork(server, worker):
+  # Reset the Random library to ensure it won't raise the "PID check failed." error after
+  # gunicorn forks.
+  Random.atfork()
--- a/conf/init/service/gunicorn_secscan/log/run
+++ b/conf/init/service/gunicorn_secscan/log/run
@ -0,0 +1,2 @@
+#!/bin/sh
+exec logger -i -t gunicorn_web
--- a/conf/init/service/gunicorn_secscan/run
+++ b/conf/init/service/gunicorn_secscan/run
@ -0,0 +1,8 @@
+#! /bin/bash
+
+echo 'Starting gunicon'
+
+cd /
+venv/bin/gunicorn -c conf/gunicorn_secscan.py secscan:application
+
+echo 'Gunicorn exited'
--- a/conf/jwtproxy_conf.yaml.jnj
+++ b/conf/jwtproxy_conf.yaml.jnj
@ -13,15 +13,15 @@ jwtproxy:
        type: preshared
        options:
          key_id: {{ key_id }}
-          private_key_path: /conf/quay.pem 
+          private_key_path: /conf/quay.pem
  verifier_proxies:
  - enabled: true
    listen_addr: unix:/tmp/jwtproxy_secscan.sock
    verifier:
-      upstream: unix:/tmp/gunicorn_web.sock 
+      upstream: unix:/tmp/gunicorn_secscan.sock
      audience: {{ audience }}
      key_server:
        type: keyregistry
        options:
          issuer: clair
-          registry: {{ registry }} 
+          registry: {{ registry }}
--- a/secscan.py
+++ b/secscan.py
@ -0,0 +1,11 @@
+import os
+import logging.config
+
+from app import app as application
+
+from endpoints.secscan import secscan
+
+if os.environ.get('DEBUGLOG') == 'true':
+  logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False)
+
+application.register_blueprint(secscan, url_prefix='/secscan')
--- a/web.py
+++ b/web.py
@ -10,7 +10,6 @@ from endpoints.gitlabtrigger import gitlabtrigger
 from endpoints.key_server import key_server
 from endpoints.oauthlogin import oauthlogin
 from endpoints.realtime import realtime
-from endpoints.secscan import secscan
 from endpoints.web import web
 from endpoints.webhooks import webhooks

@ -25,5 +24,4 @@ application.register_blueprint(bitbuckettrigger, url_prefix='/oauth1')
 application.register_blueprint(api_bp, url_prefix='/api')
 application.register_blueprint(webhooks, url_prefix='/webhooks')
 application.register_blueprint(realtime, url_prefix='/realtime')
-application.register_blueprint(secscan, url_prefix='/secscan')
 application.register_blueprint(key_server, url_prefix='/keys')