Use uWSGI to serve the app in production #14
Conversation
mars-f
changed the title
mars-f
changed the title
mars-f
force-pushed
the
use-uwsgi
branch
2 times, most recently
from
0ed1ea5 to
26caaf8
Compare
|
|
||
| COPY . /app | ||
| RUN pip install --no-cache /app | ||
|
|
||
| # run as non priviledged user | ||
| # Run as a non-privileged user |
There was a problem hiding this comment.
Some of our invoke commands (specifically the ones that create the database) stopped working with the addition of these changes. I tracked this down to the Dockerfile-prod (since when editing the docker-compose.overrides.yml` file that it what it uses as the context for all invoke commands). The removal of
WORKDIR /app
RUN cd / && pip install --no-cache /app
is what causes these changes.
We either need to re-add them, or we need to 1) confirm that the production environment doesn't need them and 2) confirm that the our circle.yml (which runs our invoke commands for production, doesn't use the production image as the context).
I tested the app after re-adding those two lines and confirmed that it worked. I recommend that we re-add those two lines.
There was a problem hiding this comment.
Reproduced. I added the WORKDIR /app line back in, invoke upgrade appears to work again.
docker/Dockerfile-prod
Outdated
| RUN pip install --no-cache -r /requirements.txt | ||
|
|
||
|
|
||
| RUN set -ex \ |
There was a problem hiding this comment.
This seems excessively complicated to save a couple Docker cache hits. At the very least can you add a comment describing the purpose of this / what it does (besides installing the deps and removing them afterwards). Thoughts?
There was a problem hiding this comment.
This stanza is standard in the official Docker image's Dockerfiles. I've added a comment to the code explaining what it does.
The big thing it does is remove the need to explicitly state a dependency on both package XYZ and XYZ-dev in the Dockerfile, since the 'scanelf' stanza automagically keeps XYZ and removes XYZ-dev. Otherwise I would have to keep 2 separate lists of packages in the Dockerfile, and keep them in sync, too. Keeping one list should make the housekeeping easier. It's fewer lines to read, understand, and maintain.
| ENV UWSGI_MODULE=landoapi.wsgi:app \ | ||
| UWSGI_SOCKET=:9000 \ | ||
| UWSGI_MASTER=1 \ | ||
| UWSGI_WORKERS=2 \ |
There was a problem hiding this comment.
Is there a way to let @ckolos and the ops team configure these values? I'm not sure what the best values are for the hardware they will deploy this on.
There was a problem hiding this comment.
They can set these values by editing the Dockerfile, setting them in the Docker environment, or by passing in a uWSGI config file. I'll let @ckolos decide which is best. We can iterate on the Dockerfile to find the approach that works best for them.
There was a problem hiding this comment.
Env vars are fine; we can override those
Build and configure the uWSGI application server for use in production environments. The default configuration is to serve connections over the uwsgi protocol to an nginx web head.
| | xargs -r apk info --installed \ | ||
| | sort -u \ | ||
| )" \ | ||
| && apk add --virtual .python-rundeps $runDeps \ |
There was a problem hiding this comment.
*nit: Do you anticipate this list changing often? if not, why not just add these packages as part of the container build?
There was a problem hiding this comment.
The list of packages changes every time we add a new compiled dependency. So far that's been for database adapters, uWSGI, and crypto/SSL handling.
This is the second time a reviewer has said they would be less surprised by an explicit list of runtime packages, and I'm sensing a trend, so I'll look into changing it. :) But we might not want to block on the rewrite and make that a follow-up commit.
Run the lando-api application under uWSGI.
To build and run the production image locally add the following to
docker-compose.override.yml: