2020-09-02 23:04:12 +01:00
|
|
|
"""Gunicorn config"""
|
2020-11-11 13:48:19 +00:00
|
|
|
import os
|
2021-09-13 16:54:23 +01:00
|
|
|
import pwd
|
2022-02-01 14:01:39 +00:00
|
|
|
from hashlib import sha512
|
2020-09-11 22:21:11 +01:00
|
|
|
from multiprocessing import cpu_count
|
|
|
|
|
2020-09-02 23:04:12 +01:00
|
|
|
import structlog
|
2021-04-07 15:16:17 +01:00
|
|
|
from kubernetes.config.incluster_config import SERVICE_HOST_ENV_NAME
|
2020-09-02 23:04:12 +01:00
|
|
|
|
2022-02-01 14:01:39 +00:00
|
|
|
from authentik import get_full_version
|
|
|
|
from authentik.lib.config import CONFIG
|
|
|
|
from authentik.lib.utils.http import get_http_session
|
|
|
|
from authentik.lib.utils.reflection import get_env
|
|
|
|
|
2021-05-04 16:49:21 +01:00
|
|
|
bind = "127.0.0.1:8000"
|
2020-09-02 23:04:12 +01:00
|
|
|
|
2021-09-13 16:54:23 +01:00
|
|
|
try:
|
|
|
|
pwd.getpwnam("authentik")
|
|
|
|
user = "authentik"
|
|
|
|
group = "authentik"
|
|
|
|
except KeyError:
|
|
|
|
pass
|
2020-09-02 23:04:12 +01:00
|
|
|
|
2021-12-11 18:55:09 +00:00
|
|
|
worker_class = "lifecycle.worker.DjangoUvicornWorker"
|
2020-09-06 21:16:12 +01:00
|
|
|
# Docker containers don't have /tmp as tmpfs
|
2021-09-13 16:54:23 +01:00
|
|
|
if os.path.exists("/dev/shm"): # nosec
|
|
|
|
worker_tmp_dir = "/dev/shm" # nosec
|
2020-09-02 23:04:12 +01:00
|
|
|
|
2020-12-05 21:08:42 +00:00
|
|
|
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "authentik.root.settings")
|
2020-11-11 13:48:19 +00:00
|
|
|
|
2022-01-26 09:04:58 +00:00
|
|
|
max_requests = 1000
|
|
|
|
max_requests_jitter = 50
|
|
|
|
|
2020-09-02 23:04:12 +01:00
|
|
|
logconfig_dict = {
|
|
|
|
"version": 1,
|
|
|
|
"disable_existing_loggers": False,
|
|
|
|
"formatters": {
|
|
|
|
"json_formatter": {
|
|
|
|
"()": structlog.stdlib.ProcessorFormatter,
|
|
|
|
"processor": structlog.processors.JSONRenderer(),
|
|
|
|
"foreign_pre_chain": [
|
|
|
|
structlog.stdlib.add_log_level,
|
|
|
|
structlog.stdlib.add_logger_name,
|
|
|
|
structlog.processors.TimeStamper(),
|
|
|
|
structlog.processors.StackInfoRenderer(),
|
|
|
|
],
|
|
|
|
}
|
|
|
|
},
|
|
|
|
"handlers": {
|
|
|
|
"error_console": {
|
|
|
|
"class": "logging.StreamHandler",
|
|
|
|
"formatter": "json_formatter",
|
|
|
|
},
|
|
|
|
"console": {"class": "logging.StreamHandler", "formatter": "json_formatter"},
|
|
|
|
},
|
2020-09-06 14:52:48 +01:00
|
|
|
"loggers": {
|
2020-09-06 15:12:17 +01:00
|
|
|
"uvicorn": {"handlers": ["console"], "level": "WARNING", "propagate": False},
|
|
|
|
"gunicorn": {"handlers": ["console"], "level": "INFO", "propagate": False},
|
2020-09-06 14:52:48 +01:00
|
|
|
},
|
2020-09-02 23:04:12 +01:00
|
|
|
}
|
2020-09-11 22:21:11 +01:00
|
|
|
|
|
|
|
# if we're running in kubernetes, use fixed workers because we can scale with more pods
|
|
|
|
# otherwise (assume docker-compose), use as much as we can
|
2021-04-07 15:16:17 +01:00
|
|
|
if SERVICE_HOST_ENV_NAME in os.environ:
|
2021-11-29 13:27:55 +00:00
|
|
|
default_workers = 2
|
2020-09-11 22:21:11 +01:00
|
|
|
else:
|
2021-08-05 09:15:31 +01:00
|
|
|
default_workers = max(cpu_count() * 0.25, 1) + 1 # Minimum of 2 workers
|
2021-11-29 13:27:55 +00:00
|
|
|
|
|
|
|
workers = int(os.environ.get("WORKERS", default_workers))
|
2021-09-13 16:54:23 +01:00
|
|
|
threads = int(os.environ.get("THREADS", 4))
|
2022-01-16 12:57:07 +00:00
|
|
|
|
|
|
|
# pylint: disable=unused-argument
|
|
|
|
def worker_exit(server, worker):
|
|
|
|
"""Remove pid dbs when worker is shutdown"""
|
|
|
|
from prometheus_client import multiprocess
|
|
|
|
|
|
|
|
multiprocess.mark_process_dead(worker.pid)
|
2022-02-01 14:01:39 +00:00
|
|
|
|
|
|
|
|
|
|
|
if not CONFIG.y_bool("disable_startup_analytics", False):
|
|
|
|
env = get_env()
|
|
|
|
should_send = env not in ["dev", "ci"]
|
|
|
|
if should_send:
|
|
|
|
try:
|
|
|
|
get_http_session().post(
|
|
|
|
"https://goauthentik.io/api/event",
|
|
|
|
json={
|
|
|
|
"domain": "authentik",
|
|
|
|
"name": "pageview",
|
|
|
|
"referrer": get_full_version(),
|
|
|
|
"url": (
|
|
|
|
f"http://localhost/{env}?utm_source={get_full_version()}&utm_medium={env}"
|
|
|
|
),
|
|
|
|
},
|
|
|
|
headers={
|
|
|
|
"User-Agent": sha512(str(CONFIG.y("secret_key")).encode("ascii")).hexdigest()[
|
|
|
|
:16
|
|
|
|
],
|
|
|
|
"Content-Type": "application/json",
|
|
|
|
},
|
|
|
|
timeout=5,
|
|
|
|
)
|
|
|
|
# pylint: disable=bare-except
|
|
|
|
except: # nosec
|
|
|
|
pass
|