Split secscan endpoints into a new process

conf/gunicorn_secscan.py

@@ -0,0 +1,13 @@
+from Crypto import Random
+
+bind = 'unix:/tmp/gunicorn_secscan.sock'
+workers = 2
+worker_class = 'gevent'
+logconfig = 'conf/logging.conf'
+pythonpath = '.'
+preload_app = True
+
+def post_fork(server, worker):
+  # Reset the Random library to ensure it won't raise the "PID check failed." error after
+  # gunicorn forks.
+  Random.atfork()

conf/init/service/gunicorn_secscan/log/run

@@ -0,0 +1,2 @@
+#!/bin/sh
+exec logger -i -t gunicorn_web

conf/init/service/gunicorn_secscan/run

@@ -0,0 +1,8 @@
+#! /bin/bash
+
+echo 'Starting gunicon'
+
+cd /
+venv/bin/gunicorn -c conf/gunicorn_secscan.py secscan:application
+
+echo 'Gunicorn exited'

conf/jwtproxy_conf.yaml.jnj

@@ -13,15 +13,15 @@ jwtproxy:
         type: preshared
         options:
           key_id: {{ key_id }}
-          private_key_path: /conf/quay.pem 
+          private_key_path: /conf/quay.pem
   verifier_proxies:
   - enabled: true
     listen_addr: unix:/tmp/jwtproxy_secscan.sock
     verifier:
-      upstream: unix:/tmp/gunicorn_web.sock 
+      upstream: unix:/tmp/gunicorn_secscan.sock
       audience: {{ audience }}
       key_server:
         type: keyregistry
         options:
           issuer: clair
-          registry: {{ registry }} 
+          registry: {{ registry }}