vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Split secscan endpoints into a new process

Browse source
This commit is contained in:
Jake Moshenko 2016-05-02 11:38:00 -04:00
parent fdf81860a1
commit cc8e58e7f4
7 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
application.py
View file

@ -8,6 +8,7 @@ from app import app as application
import web import web
import verbs import verbs
import registry import registry
import secscan
if __name__ == '__main__': if __name__ == '__main__':

13
conf/gunicorn_secscan.py Normal file
View file

@ -0,0 +1,13 @@
from Crypto import Random
bind = 'unix:/tmp/gunicorn_secscan.sock'
workers = 2
worker_class = 'gevent'
logconfig = 'conf/logging.conf'
pythonpath = '.'
preload_app = True
def post_fork(server, worker):
# Reset the Random library to ensure it won't raise the "PID check failed." error after
# gunicorn forks.
Random.atfork()

2
conf/init/service/gunicorn_secscan/log/run Executable file
View file

@ -0,0 +1,2 @@
#!/bin/sh
exec logger -i -t gunicorn_web

8
conf/init/service/gunicorn_secscan/run Executable file
View file

@ -0,0 +1,8 @@
#! /bin/bash
echo 'Starting gunicon'
cd /
venv/bin/gunicorn -c conf/gunicorn_secscan.py secscan:application
echo 'Gunicorn exited'

6
conf/jwtproxy_conf.yaml.jnj
View file

@ -13,15 +13,15 @@ jwtproxy:
type: preshared type: preshared
options: options:
key_id: {{ key_id }} key_id: {{ key_id }}
private_key_path: /conf/quay.pem private_key_path: /conf/quay.pem
verifier_proxies: verifier_proxies:
- enabled: true - enabled: true
listen_addr: unix:/tmp/jwtproxy_secscan.sock listen_addr: unix:/tmp/jwtproxy_secscan.sock
verifier: verifier:
upstream: unix:/tmp/gunicorn_web.sock upstream: unix:/tmp/gunicorn_secscan.sock
audience: {{ audience }} audience: {{ audience }}
key_server: key_server:
type: keyregistry type: keyregistry
options: options:
issuer: clair issuer: clair
registry: {{ registry }} registry: {{ registry }}

11
secscan.py Normal file
View file

@ -0,0 +1,11 @@
import os
import logging.config
from app import app as application
from endpoints.secscan import secscan
if os.environ.get('DEBUGLOG') == 'true':
logging.config.fileConfig('conf/logging_debug.conf', disable_existing_loggers=False)
application.register_blueprint(secscan, url_prefix='/secscan')

2
web.py
View file

@ -10,7 +10,6 @@ from endpoints.gitlabtrigger import gitlabtrigger
from endpoints.key_server import key_server from endpoints.key_server import key_server
from endpoints.oauthlogin import oauthlogin from endpoints.oauthlogin import oauthlogin
from endpoints.realtime import realtime from endpoints.realtime import realtime
from endpoints.secscan import secscan
from endpoints.web import web from endpoints.web import web
from endpoints.webhooks import webhooks from endpoints.webhooks import webhooks
@ -25,5 +24,4 @@ application.register_blueprint(bitbuckettrigger, url_prefix='/oauth1')
application.register_blueprint(api_bp, url_prefix='/api') application.register_blueprint(api_bp, url_prefix='/api')
application.register_blueprint(webhooks, url_prefix='/webhooks') application.register_blueprint(webhooks, url_prefix='/webhooks')
application.register_blueprint(realtime, url_prefix='/realtime') application.register_blueprint(realtime, url_prefix='/realtime')
application.register_blueprint(secscan, url_prefix='/secscan')
application.register_blueprint(key_server, url_prefix='/keys') application.register_blueprint(key_server, url_prefix='/keys')