Une MAJ de sécurité est nécessaire sur notre version actuelle. Elle sera effectuée lundi 02/08 entre 12h30 et 13h. L'interruption de service devrait durer quelques minutes (probablement moins de 5 minutes).

Commit b1130481 authored by BAIRE Anthony's avatar BAIRE Anthony
Browse files

remove supervisor and allow choosing the http server implementation

- django is now launch in the foregroud, and its stdout/stderr is now
  the container stdout/stderr

- nginx is now run as a background process, without supervision. A
  HEALTHCHECK CMD is added to monitor the status of nginx (so as to
  a nagios alert in case an hypothetical nginx crash)

- add ALLGO_HTTP_SERVER to select the http server. Default is
 'gunicorn', docker-compose.yml sets it to 'django' for development.
parent 97bef7ca
......@@ -10,7 +10,7 @@ COPY setup/backports/. /
RUN apt-getq update && apt-getq install mysql-server default-libmysqlclient-dev \
python3-django python3-django-allauth python3-misaka \
nginx-light zip gcc python3-dev python3-pip python3-wheel python3-mysqldb \
python-mysqldb python3-crypto supervisor\
python-mysqldb python3-crypto \
&& pip3 install gunicorn
COPY requirements.txt /tmp/
......@@ -23,3 +23,4 @@ WORKDIR /opt/allgo
LABEL dk.migrate_always=1
CMD run-allgo
......@@ -101,6 +101,22 @@ with env_loader.EnvironmentVarLoader(__name__, "ALLGO_",
# allgo-specific variables
# note: this variable is not used inside django. It is listed just for
# documentation purpose
env_var("ALLGO_HTTP_SERVER", fixed=True,
help="""selection of the HTTP server running allgo
Possible values are ``gunicorn`` and ``django``.
* ``gunicorn`` runs the gunicorn server, with the logs sent into
* ``django`` runs django's native server (`django-admin
runserver`), with logs sent to stdout/stderr. It should never be
used in production.
env_var("ALLGO_CONTROLLER_HOST", fixed=True,
help="Hostname of the allgo controller")
; supervisor config file
file = /vol/cache/supervisor.sock ; (the path to the socket file)
chmod = 0700 ; socket file mode (default 0700)
username = dummy ; avoid a critical error on authentication
password = dummy ; avoid a critical error on authentication
logfile = /vol/log/supervisor/supervisord.log
pidfile = /tmp/supervisord.pid
childlogdir = /vol/log/supervisor ; ('AUTO' child log dir, default $TEMP)
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
serverurl = unix:///vol/cache/supervisor.sock ; use a unix:// URL for a unix socket
username = dummy ; avoid a critical error on authentication
password = dummy ; avoid a critical error on authentication
command = gunicorn config.wsgi:application -w 2 -b :4000
startsecs = 10
command = nginx -g "daemon off;"
username = www-data
pid="`cat /run/nginx.pid 2>/dev/null || true`"
if [ -z "$pid" ] || [ ! -d "/proc/$pid/" ] ; then
echo "nginx is down"
exit 1
......@@ -2,21 +2,56 @@
set -e
step() {
echo "---------- $* ----------"
step "make dirs"
mkdir -p \
/vol/rw/datastore \
/vol/rw/app \
/vol/rw/media \
/vol/rw/system \
/vol/log/nginx \
/vol/log/django \
/vol/log/redis \
/vol/log/supervisor \
/vol/log/gunicorn \
/vol/cache/allgo \
/vol/cache/redis \
# start nginx
pid="`cat /run/nginx.pid 2>/dev/null || true`"
if [ -z "$pid" ] || [ ! -d "/proc/$pid/" ] ; then
step "start nginx"
# If nginx is already started we just reload its config. This is just
# for convenience. In developement this allows launching 'run-allgo'
# manually multiple times inside an interactive container.
step "reload nginx config"
nginx -t
kill -HUP "$pid"
# wait until the mysql server is ready
step "wait until mysql is ready"
# Run supervisor in order to launch both nginx and gunicorn
exec supervisord -n
# start allgo
step "start django (development mode)"
set -x
exec python3 manage.py runserver
step "start gunicorn"
set -x
exec gunicorn -c setup/gunicorn.py config.wsgi:application
echo "error: invalid ALLGO_HTTP_SERVER: '$ALLGO_HTTP_SERVER'" >&2
exit 1
import multiprocessing
import os
bind = ""
workers = int(os.getenv("GUNICORN_WORKERS") or multiprocessing.cpu_count() or 1)
# restart the workers after 1000 requests (to avoid memory leaks)
max_requests = 1000
max_requests_jitter = 100
# load applications before forking the worker processes
preload_app = True
# log files
accesslog = "/vol/log/gunicorn/access.log"
errorlog = "/vol/log/gunicorn/error.log"
......@@ -6,6 +6,10 @@ set -e -x
chown -R nobody /run
chmod -R a+rwX /run
# ensure there is not stale nginx.pid in the image (because run-allgo checks it)
rm -f /run/nginx.pid
# apply patches in setup/patches/
apply-patches /opt/allgo/setup/patches/*.diff
......@@ -36,6 +36,7 @@ services:
ALLGO_EMAIL_BACKEND: "django.core.mail.backends.console.EmailBackend"
ALLGO_SECRET_KEY: "nFgLEiedSJfYKyJA6WjkiGs8c23vokcVoM4DDLi9GsCX36TdsR"
ALLGO_TOKEN_SIGNING_KEY_PATH: "/certs/server.key"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment