Use uWSGI to serve the app in production

Author: mars-f

docker/Dockerfile-prod

@@ -4,17 +4,53 @@
 
 FROM python:3.5-alpine
 
-RUN addgroup -g 1001 app && \
-    adduser -D -u 1001 -G app -s /usr/sbin/nologin app
+MAINTAINER mars@mozilla.com
+# These are unlikely to change from version to version of the container
+EXPOSE 8000
+CMD ["/usr/local/bin/uwsgi", "--http-auto-chunked", "--http-keepalive"]
+
+RUN addgroup -g 10001 app && adduser -D -u 10001 -G app -h /app app
+
+# uWSGI configuration
+ENV UWSGI_MODULE=landoapi.wsgi:app \
+	UWSGI_HTTP=:8000 \
+	UWSGI_MASTER=1 \
+	UWSGI_WORKERS=2 \
+	UWSGI_THREADS=8 \
+    # Disable worker memory sharing optimizations.  They can cause memory leaks
+    # and issues with packages like Sentry.
+    # See https://discuss.newrelic.com/t/newrelic-agent-produces-system-error/43446
+	UWSGI_LAZY_APPS=1 \
+	UWSGI_WSGI_ENV_BEHAVIOR=holy \
+    # Make uWSGI die instead of reload when it gets SIGTERM (fixed in uWSGI 2.1)
+    UWSGI_DIE_ON_TERM=1 \
+    # Check that the options we gave uWSGI are sane
+    UWSGI_STRICT=1 \
+    # Die if the application threw an exception on startup
+    UWSGI_NEED_APP=1
 
 COPY requirements.txt /requirements.txt
-RUN pip install --no-cache -r /requirements.txt
+
+
+RUN set -ex \
+    && apk add --no-cache --virtual .build-deps \
+           gcc \
+           libc-dev \
+           musl-dev \
+           linux-headers \
+           pcre-dev \
+    && pip install --no-cache -r /requirements.txt \
+	&& runDeps="$( \
+		scanelf --needed --nobanner --recursive /usr/local \
+			| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
+			| sort -u \
+			| xargs -r apk info --installed \
+			| sort -u \
+	)" \
+	&& apk add --virtual .python-rundeps $runDeps \
+    && apk del .build-deps
 
 COPY . /app
 RUN pip install --no-cache /app
 
-# run as non priviledged user
 USER app
-
-# TODO allow ops to use this as a wsgi app
-WORKDIR /app

landoapi/wsgi.py

@@ -0,0 +1,12 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Construct an application instance that can be referenced by a WSGI server.
+"""
+import os
+
+from .app import create_app
+
+app = create_app(os.environ.get('VERSION_PATH', '/app/version.json'))

requirements.txt

@@ -50,3 +50,5 @@ connexion==1.1.9 \
 requests-mock==1.3.0 \
     --hash=sha256:bd86970d6c52cc97071f5185aa594de6a997a5ca63b3bb36aceb9bb9db49294b \
     --hash=sha256:23edd6f7926aa13b88bf79cb467632ba2dd5a253034e9f41563f60ed305620c7
+uWSGI==2.0.15 \
+    --hash=sha256:572ef9696b97595b4f44f6198fe8c06e6f4e6351d930d22e5330b071391272ff