Merge pull request #13 from ModusCreateOrg/feature/wsgi

feature/wsgi

Author: sdbruder

Dockerfile

@@ -0,0 +1,22 @@
+
+FROM centos:latest AS infra-demo
+
+# setup rpm repos, install base packages and create virtual env in a single step
+RUN	yum install -y https://centos7.iuscommunity.org/ius-release.rpm \
+	&& yum update  -y \
+	&& yum install -y \
+		python36u python36u-libs python36u-devel \
+		python36u-pip uwsgi-plugin-python36u uwsgi \
+		gcc make glibc-devel kernel-headers \
+		pcre pcre-devel pcre2 pcre2-devel \
+		postgresql-devel \
+	&& yum clean all \
+	&& mkdir /app \
+	&& python3.6 -m venv --copies --clear /app/venv
+
+# Copy in your requirements file
+ADD src/requirements.txt /app/requirements.txt
+
+# setup python packages
+RUN /app/venv/bin/pip install -U pip \
+	&& /bin/sh -c "/app/venv/bin/pip install --no-cache-dir -r /app/requirements.txt"

ansible/roles/app-AfterInstall/tasks/main.yml

@@ -50,7 +50,9 @@
 
 - name: Set up SELinux rules for Amazon EC2
   shell: |
-      semanage fcontext -a -t httpd_sys_content_t "{{ app_dir }}(/.*)?" 
+      setsebool -P httpd_can_network_connect 1
+      setsebool -P httpd_can_network_relay 1
+      semanage fcontext -a -t httpd_sys_content_t "{{ app_dir }}(/.*)?"
       restorecon -R "{{ app_dir }}"
   when: ec2
 
@@ -65,9 +67,38 @@
       dest: /etc/nginx/conf.d/app.conf
       mode: 0640
 
-
 - name: Install python dependencies for app
   pip:
     requirements: /app/src/requirements.txt
     virtualenv: /app/venv
 
+- name: nginx owns /app/socket
+  file:
+    path: /app/socket
+    state: directory
+    owner: nginx
+    group: nginx
+
+- name: Emperor systemd config
+  template:
+    src: emperor.service.j2
+    dest: /etc/systemd/system/emperor.service
+    owner: root
+    group: root
+    mode: 0640
+
+- name: emperor.ini
+  template:
+    src: emperor.ini.j2
+    dest: /app/emperor.ini
+    owner: root
+    group: root
+    mode: 0644
+
+- name: uwsgi app config infra-demo.ini
+  template:
+    src: infra-demo.ini.j2
+    dest: /app/src/infra-demo.ini
+    owner: root
+    group: root
+    mode: 0644

ansible/roles/app-AfterInstall/templates/app.conf.j2

@@ -7,6 +7,15 @@ server {
         index  index.html index.htm;
     }
 
+    location /api/spin {
+        uwsgi_pass  127.0.0.1:8008;
+        include     /etc/nginx/uwsgi_params;
+        uwsgi_param UWSGI_SCRIPT /app/src/wsgi.py;
+        # following config allow us to map /api/spin to /spin on uwsgi:
+        uwsgi_param SCRIPT_NAME /api;   # set SCRIPT_NAME to match subpath
+        uwsgi_modifier1 30;             # strips SCRIPT_NAME from PATH_INFO
+    }
+
     # redirect server error pages to the static page /50x.html
     #
     error_page   500 502 503 504  /50x.html;

ansible/roles/app-AfterInstall/templates/emperor.ini.j2

@@ -0,0 +1,6 @@
+[uwsgi]
+venv = /app/venv
+emperor = /app/src
+uid = nginx
+gid = nginx
+

ansible/roles/app-AfterInstall/templates/emperor.service.j2

@@ -0,0 +1,16 @@
+[Unit]
+Description=uWSGI Emperor
+After=syslog.target
+
+[Service]
+ExecStart=/app/venv/bin/uwsgi --ini /app/emperor.ini
+# Requires systemd version 211 or newer
+RuntimeDirectory=uwsgi
+Restart=always
+KillSignal=SIGQUIT
+Type=notify
+StandardError=syslog
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/app-AfterInstall/templates/infra-demo.ini.j2

@@ -0,0 +1,14 @@
+[uwsgi]
+venv = /app/venv
+wsgi-file = /app/src/wsgi.py
+chdir = /app/src
+master = 1
+workers = 2
+threads = 8
+lazy-apps = 1
+wsgi-env-behaviour = holy
+enable-threads = 1
+http-auto-chunked = 1
+http-keepalive = 1
+uwsgi-socket = 127.0.0.1:8008
+

ansible/roles/app-StartServer/tasks/main.yml

@@ -1,6 +1,12 @@
 ---
 # tasks file for prepare-web-content
 
+- name: Start and enable emperor, as it should start off disabled
+  service:
+    name: emperor
+    enabled: yes
+    state: restarted
+
 - name: Start and enable nginx, as it should start off disabled
   service:
     name: nginx

bin/common.sh

@@ -47,7 +47,7 @@ function clean_root_owned_docker_files {
     BASE_DIR="$(pwd)"
     if is_ec2; then
         docker run -i \
-            --mount type=bind,source="${BASE_DIR}"/terraform,target="${TF_DIR}" \
+            --mount type=bind,source="${BASE_DIR}",target="${TF_DIR}" \
             -w "${TF_DIR}" \
             --entrypoint /bin/sh \
             busybox \
@@ -66,12 +66,12 @@ function get_docker_packer {
         PACKER_AWS_VPC_ID="$(curl --silent http://169.254.169.254/latest/meta-data/network/interfaces/macs/"$INTERFACE"/vpc-id)"
     fi
 
-    echo "docker run -i 
-        ${USE_TTY}  
+    echo "docker run -i
+        ${USE_TTY}
         --env-file $TMPFILE
-        -e PACKER_AWS_SUBNET_ID=$PACKER_AWS_SUBNET_ID 
-        -e PACKER_AWS_VPC_ID=$PACKER_AWS_VPC_ID 
-        --mount type=bind,source=${BASE_DIR},target=/app 
+        -e PACKER_AWS_SUBNET_ID=$PACKER_AWS_SUBNET_ID
+        -e PACKER_AWS_VPC_ID=$PACKER_AWS_VPC_ID
+        --mount type=bind,source=${BASE_DIR},target=/app
         hashicorp/packer:light"
 }
 

codedeploy/bin/ApplicationStop.sh

@@ -17,5 +17,7 @@ ${DEBUG:-false} && set -vx
 # and http://wiki.bash-hackers.org/scripting/debuggingtips
 export PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
 
+systemctl stop emperor
+systemctl disable emperor
 systemctl stop nginx
 systemctl disable nginx

codedeploy/bin/build.sh

@@ -2,7 +2,7 @@
 
 # Set bash unofficial strict mode http://redsymbol.net/articles/unofficial-bash-strict-mode/
 set -euo pipefail
- 
+
 # Set DEBUG to true for enhanced debugging: run prefixed with "DEBUG=true"
 ${DEBUG:-false} && set -vx
 # Credit to https://stackoverflow.com/a/17805088
@@ -16,10 +16,14 @@ BUILD_DIR="$BASE_DIR/build"
 ANSIBLE_DIR="$BASE_DIR/../ansible"
 APPLICTION_DIR="$BASE_DIR/../application"
 SRC_DIR="$BASE_DIR/../src"
+VENV_DIR="$BASE_DIR/../venv"
+DOCKER_DIR="$BASE_DIR/.."
 
 GIT_REV="$(git rev-parse --short HEAD)"
 BUILD_NUMBER=${BUILD_NUMBER:-0}
 ARCHIVE="codedeploy-$BUILD_NUMBER-$GIT_REV.zip"
+CONTAINERNAME=infra-demo
+
 echo "GIT_REV=$GIT_REV"
 echo "BUILD_NUMBER=$BUILD_NUMBER"
 echo "ARCHIVE=$ARCHIVE"
@@ -31,24 +35,42 @@ BUCKET="codedeploy-$AWS_ACCOUNT_ID"
 if [[ -d "$BUILD_DIR" ]]; then
     rm -rf "$BUILD_DIR"
 fi
-mkdir -p "$BUILD_DIR"
+mkdir -p "$BUILD_DIR/socket"
+
+echo Build docker container $CONTAINERNAME
+docker build -f=Dockerfile -t "$CONTAINERNAME" "$DOCKER_DIR"
+
+echo Create python virtual environment
+docker run --rm -v "$DOCKER_DIR:/src" "$CONTAINERNAME" /bin/bash -c \
+    "mkdir -p /src/venv ; \
+    cp -fa /app/venv/* /src/venv"
 
 SOURCES="$BASE_DIR/bin
 $ANSIBLE_DIR
 $APPLICTION_DIR
 $SRC_DIR
 $BASE_DIR/appspec.yml
-$BASE_DIR/bin"
+$BASE_DIR/bin
+$VENV_DIR"
 for src in $SOURCES; do
     cp -a "$src" "$BUILD_DIR"
 done
 
-cd "$BUILD_DIR"
-zip -r "$ARCHIVE" \
-    appspec.yml \
-    bin \
-    ansible \
-    application \
-    src \
+(
+    cd "$BUILD_DIR"
+    zip -r "$ARCHIVE" \
+        appspec.yml \
+        bin \
+        ansible \
+        application \
+        src \
+        venv \
+        socket
+)
+
+echo Remove docker generated files
+docker run --rm -v "$DOCKER_DIR:/src" "$CONTAINERNAME" /bin/bash -c \
+    "rm -rf /src/venv"
 
+cd "$BUILD_DIR"
 aws s3 cp "$ARCHIVE" "s3://$BUCKET/$ARCHIVE"

src/startit.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# current directory needs where this script is located
+cd "$(dirname "$0")" || exit
+
+UWSGI_VIRTUALENV=/app/venv \
+UWSGI_WSGI_FILE=/app/src/wsgi.py \
+UWSGI_MASTER=1 \
+UWSGI_WORKERS=2 \
+UWSGI_THREADS=8 \
+UWSGI_UID=nobody \
+UWSGI_GID=nobody \
+UWSGI_LAZY_APPS=1 \
+UWSGI_WSGI_ENV_BEHAVIOR=holy \
+	/app/venv/bin/uwsgi \
+		--enable-threads \
+		--http-auto-chunked \
+		--http-keepalive \
+		--socket=/app/socket/uwsgi.sock &
+

src/stopit.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+pkill --signal INT -f uwsgi || true
+