From cc8e58e7f4bb7e9a7e9086139a193fbc2d97cacb Mon Sep 17 00:00:00 2001 From: Jake Moshenko Date: Mon, 2 May 2016 11:38:00 -0400 Subject: [PATCH] Split secscan endpoints into a new process --- application.py | 1 + conf/gunicorn_secscan.py | 13 +++++++++++++ conf/init/service/gunicorn_secscan/log/run | 2 ++ conf/init/service/gunicorn_secscan/run | 8 ++++++++ conf/jwtproxy_conf.yaml.jnj | 6 +++--- secscan.py | 11 +++++++++++ web.py | 2 -- 7 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 conf/gunicorn_secscan.py create mode 100755 conf/init/service/gunicorn_secscan/log/run create mode 100755 conf/init/service/gunicorn_secscan/run create mode 100644 secscan.py diff --git a/application.py b/application.py index 235a80b16..810109d1d 100644 --- a/application.py +++ b/application.py @@ -8,6 +8,7 @@ from app import app as application import web import verbs import registry +import secscan if __name__ == '__main__': diff --git a/conf/gunicorn_secscan.py b/conf/gunicorn_secscan.py new file mode 100644 index 000000000..4b16b4399 --- /dev/null +++ b/conf/gunicorn_secscan.py @@ -0,0 +1,13 @@ +from Crypto import Random + +bind = 'unix:/tmp/gunicorn_secscan.sock' +workers = 2 +worker_class = 'gevent' +logconfig = 'conf/logging.conf' +pythonpath = '.' +preload_app = True + +def post_fork(server, worker): + # Reset the Random library to ensure it won't raise the "PID check failed." error after + # gunicorn forks. + Random.atfork() diff --git a/conf/init/service/gunicorn_secscan/log/run b/conf/init/service/gunicorn_secscan/log/run new file mode 100755 index 000000000..c96d365a5 --- /dev/null +++ b/conf/init/service/gunicorn_secscan/log/run @@ -0,0 +1,2 @@ +#!/bin/sh +exec logger -i -t gunicorn_web \ No newline at end of file diff --git a/conf/init/service/gunicorn_secscan/run b/conf/init/service/gunicorn_secscan/run new file mode 100755 index 000000000..d78ebedcd --- /dev/null +++ b/conf/init/service/gunicorn_secscan/run @@ -0,0 +1,8 @@ +#! /bin/bash + +echo 'Starting gunicon' + +cd / +venv/bin/gunicorn -c conf/gunicorn_secscan.py secscan:application + +echo 'Gunicorn exited' \ No newline at end of file diff --git a/conf/jwtproxy_conf.yaml.jnj b/conf/jwtproxy_conf.yaml.jnj index e1cbd7136..f657bf730 100644 --- a/conf/jwtproxy_conf.yaml.jnj +++ b/conf/jwtproxy_conf.yaml.jnj @@ -13,15 +13,15 @@ jwtproxy: type: preshared options: key_id: {{ key_id }} - private_key_path: /conf/quay.pem + private_key_path: /conf/quay.pem verifier_proxies: - enabled: true listen_addr: unix:/tmp/jwtproxy_secscan.sock verifier: - upstream: unix:/tmp/gunicorn_web.sock + upstream: unix:/tmp/gunicorn_secscan.sock audience: {{ audience }} key_server: type: keyregistry options: issuer: clair - registry: {{ registry }} + registry: {{ registry }} diff --git a/secscan.py b/secscan.py new file mode 100644 index 000000000..a2ea9753f --- /dev/null +++ b/secscan.py @@ -0,0 +1,11 @@ +import os +import logging.config + +from app import app as application + +from endpoints.secscan import secscan + +if os.environ.get('DEBUGLOG') == 'true': + logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False) + +application.register_blueprint(secscan, url_prefix='/secscan') diff --git a/web.py b/web.py index 4c1a4f4c0..3d9b007da 100644 --- a/web.py +++ b/web.py @@ -10,7 +10,6 @@ from endpoints.gitlabtrigger import gitlabtrigger from endpoints.key_server import key_server from endpoints.oauthlogin import oauthlogin from endpoints.realtime import realtime -from endpoints.secscan import secscan from endpoints.web import web from endpoints.webhooks import webhooks @@ -25,5 +24,4 @@ application.register_blueprint(bitbuckettrigger, url_prefix='/oauth1') application.register_blueprint(api_bp, url_prefix='/api') application.register_blueprint(webhooks, url_prefix='/webhooks') application.register_blueprint(realtime, url_prefix='/realtime') -application.register_blueprint(secscan, url_prefix='/secscan') application.register_blueprint(key_server, url_prefix='/keys')