diff --git a/deploy/docker/storage/Dockerfile b/deploy/docker/storage/Dockerfile index 959ae43f..1668bbce 100644 --- a/deploy/docker/storage/Dockerfile +++ b/deploy/docker/storage/Dockerfile @@ -36,6 +36,7 @@ ENV F7T_SSL_KEY /ssl/f7t_internal.key ENV F7T_GUNICORN_LOG --error-logfile ${F7T_LOG_PATH}/storage.gunicorn.log ENV F7T_GUNICORN_SSL --ciphers TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,DHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256 \ --ssl-version TLSv1_2 --keyfile $F7T_SSL_KEY --certfile $F7T_SSL_CRT -ENV F7T_GUNICORN_WORKER_STORAGE --workers=2 --threads=1 -ENTRYPOINT /usr/local/bin/gunicorn ${F7T_GUNICORN_SSL} ${F7T_GUNICORN_WORKER_STORAGE} --bind :${F7T_STORAGE_PORT} ${F7T_GUNICORN_LOG} storage:app +# Note: The storage microservice upload end-point is unreliable with multiple workers. +# Hence workers and threads are enforced to 1 +ENTRYPOINT /usr/local/bin/gunicorn ${F7T_GUNICORN_SSL} --workers=1 --threads=1 --bind :${F7T_STORAGE_PORT} ${F7T_GUNICORN_LOG} storage:app diff --git a/deploy/k8s/config/templates/cm.common.yaml b/deploy/k8s/config/templates/cm.common.yaml index 62393685..4d13771a 100644 --- a/deploy/k8s/config/templates/cm.common.yaml +++ b/deploy/k8s/config/templates/cm.common.yaml @@ -2,7 +2,6 @@ apiVersion: v1 data: F7T_DEBUG_MODE: {{ .Values.global.F7T_DEBUG_MODE | default "False" | quote }} F7T_GUNICORN_WORKER: {{ .Values.global.F7T_GUNICORN_WORKER | default "--workers=3 --threads=1" | quote }} - F7T_GUNICORN_WORKER_STORAGE: {{ .Values.global.F7T_GUNICORN_WORKER | default "--workers=2 --threads=1" | quote }} F7T_AUTH_HEADER_NAME: {{ .Values.F7T_AUTH_HEADER_NAME | default "Authorization" | quote }} F7T_AUTH_REQUIRED_SCOPE: {{ .Values.F7T_AUTH_REQUIRED_SCOPE | default "" | quote }} F7T_AUTH_ROLE: {{ .Values.F7T_AUTH_ROLE | default "" | quote }} diff --git a/doc/configuration.md b/doc/configuration.md index 3a7ad551..f0f1cd80 100644 --- a/doc/configuration.md +++ b/doc/configuration.md @@ -81,8 +81,6 @@ The most complete way of installing is to setup 3 hosts: |`F7T_GUNICORN_SSL` | NO | `--ciphers TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,DHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256 --ssl-version TLSv1_2 --keyfile $F7T_SSL_KEY --certfile $F7T_SSL_CRT` |SSL configuration for Gunicorn Web Server (the server used to expose microservice's containers). For more information please refer to [Gunicorn Settings](https://docs.gunicorn.org/en/stable/settings.html) | `Backend`| |`F7T_GUNICORN_WORKER` | NO | `--workers=1 --threads=1` | Worker configuration for Gunicorn Web Server (the server used to expose microservice's containers). For more information please refer to [Gunicorn Settings] (https://docs.gunicorn.org/en/stable/settings.html) | `Backend`| -|`F7T_GUNICORN_WORKER_STORAGE` | NO | `--workers=1 --threads=1` | Storage Worker configuration for Gunicorn Web Server (the server used to expose microservice's containers). For more information please refer to [Gunicorn Settings] -(https://docs.gunicorn.org/en/stable/settings.html) | `Backend`| |`F7T_JAEGER_AGENT` | NO | `''` | Set this value to the Hostname (IP or DNS) of the [Jaeger](https://www.jaegertracing.io/docs/1.54/getting-started/) tracing instance. Port is fixed at `6831/UDP`, no need to set it up (example: `F7T_JAEGER_AGENT=192.168.220.50`) | `Backend`, `Certificator`| |`F7T_OPA_ENABLED` | NO | `False` | Set this value to `True` if the [OPA](https://www.openpolicyagent.org/docs/latest/) instance is needed for whitelisting which users can execute commands through FirecREST | `Backend`, `Certificator`| |`F7T_OPA_URL` | NO | `http://localhost:8181` | Set this variable with the form `://host:port` where the [OPA](https://www.openpolicyagent.org/docs/latest/) instance is running. Only used if `F7T_OPA_ENABLED=True` | `Backend`, `Certificator`|