authentik/internal/gounicorn/gounicorn.go

package gounicorn

import (
	"os"
	"os/exec"
	"runtime"
	"syscall"
	"time"

	log "github.com/sirupsen/logrus"
	"goauthentik.io/internal/config"
)

type GoUnicorn struct {
	Healthcheck     func() bool
	HealthyCallback func()

	log     *log.Entry
	p       *exec.Cmd
	started bool
	killed  bool
	alive   bool
}

func New(healthcheck func() bool) *GoUnicorn {
	logger := log.WithField("logger", "authentik.router.unicorn")
	g := &GoUnicorn{
		Healthcheck:     healthcheck,
		log:             logger,
		started:         false,
		killed:          false,
		alive:           false,
		HealthyCallback: func() {},
	}
	g.initCmd()
	return g
}

func (g *GoUnicorn) initCmd() {
	command := "gunicorn"
	args := []string{"-c", "./lifecycle/gunicorn.conf.py", "authentik.root.asgi:application"}
	if config.Get().Debug {
		command = "./manage.py"
		args = []string{"dev_server"}
	}
	g.log.WithField("args", args).WithField("cmd", command).Debug("Starting gunicorn")
	g.p = exec.Command(command, args...)
	g.p.Env = os.Environ()
	g.p.Stdout = os.Stdout
	g.p.Stderr = os.Stderr
}

func (g *GoUnicorn) IsRunning() bool {
	return g.alive
}

func (g *GoUnicorn) Start() error {
	if g.killed {
		g.log.Debug("Not restarting gunicorn since we're shutdown")
		return nil
	}
	if g.started {
		g.initCmd()
	}
	g.started = true
	go g.healthcheck()
	return g.p.Run()
}

func (g *GoUnicorn) healthcheck() {
	g.log.Debug("starting healthcheck")
	// Default healthcheck is every 1 second on startup
	// once we've been healthy once, increase to 30 seconds
	for range time.Tick(time.Second) {
		if g.Healthcheck() {
			g.alive = true
			g.log.Info("backend is alive, backing off with healthchecks")
			g.HealthyCallback()
			break
		}
		g.log.Debug("backend not alive yet")
	}
	for range time.Tick(30 * time.Second) {
		g.Healthcheck()
	}
}

func (g *GoUnicorn) Kill() {
	g.killed = true
	var err error
	if runtime.GOOS == "darwin" {
		g.log.WithField("method", "kill").Warning("stopping gunicorn")
		err = g.p.Process.Kill()
	} else {
		g.log.WithField("method", "sigterm").Warning("stopping gunicorn")
		err = syscall.Kill(g.p.Process.Pid, syscall.SIGTERM)
	}
	if err != nil {
		g.log.WithError(err).Warning("failed to stop gunicorn")
	}
}
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`package gounicorn`

			`import (`
			`"os"`
			`"os/exec"`
cmd/server: improve cleanup on shutdown Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-06 12:54:59 +00:00			`"runtime"`
			`"syscall"`
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`"time"`
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00
			`log "github.com/sirupsen/logrus"`
internal: use runserver when debug for code reload Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-15 13:04:10 +00:00			`"goauthentik.io/internal/config"`
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`)`

			`type GoUnicorn struct {`
root: connect to backend via socket (#6720) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-09-02 15:58:37 +00:00			`Healthcheck func() bool`
internal: start embedded outpost directly after backend is healthy instead of waiting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-04 12:16:53 +00:00			`HealthyCallback func()`

internal: fix gunicorn not being restarted correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 14:59:31 +00:00			`log *log.Entry`
			`p *exec.Cmd`
			`started bool`
internal: don't send kill signal to child as we mange it Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 15:02:24 +00:00			`killed bool`
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`alive bool`
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`}`

root: connect to backend via socket (#6720) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-09-02 15:58:37 +00:00			`func New(healthcheck func() bool) *GoUnicorn {`
stages/authenticator_sms: Add SMS Authenticator Stage (#1577) * stages/authenticator_sms: initial implementation Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add initial stage UI Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: clear invalid state when old input was invalid but new input is correct Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add more logic Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/user: add basic SMS settings Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: initial working version Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_sms: add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/flows: optimise totp password manager entry on authenticator_validation stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/elements: add grouping support for table Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: allow sms class in authenticator stage Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web/admin: add grouping to more pages Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * stages/authenticator_validate: add SMS support Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * api: add throttling for flow executor based on session key and pending user Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * web: fix style issues Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ci: add workflow to compile backend translations Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-11 15:51:49 +00:00			`logger := log.WithField("logger", "authentik.router.unicorn")`
internal: fix gunicorn not being restarted correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 14:59:31 +00:00			`g := &GoUnicorn{`
root: connect to backend via socket (#6720) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-09-02 15:58:37 +00:00			`Healthcheck: healthcheck,`
internal: start embedded outpost directly after backend is healthy instead of waiting Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-04 12:16:53 +00:00			`log: logger,`
			`started: false,`
			`killed: false,`
			`alive: false,`
			`HealthyCallback: func() {},`
internal: fix gunicorn not being restarted correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 14:59:31 +00:00			`}`
			`g.initCmd()`
			`return g`
			`}`

			`func (g *GoUnicorn) initCmd() {`
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`command := "gunicorn"`
root: replace asgi-based logger with middleware Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-15 15:32:56 +00:00			`args := []string{"-c", "./lifecycle/gunicorn.conf.py", "authentik.root.asgi:application"}`
internal: walk config in go, check, parse and load from scheme like in python closes #2719 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2022-07-26 09:33:35 +00:00			`if config.Get().Debug {`
internal: use runserver when debug for code reload Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-15 13:04:10 +00:00			`command = "./manage.py"`
root: connect to backend via socket (#6720) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-09-02 15:58:37 +00:00			`args = []string{"dev_server"}`
internal: use runserver when debug for code reload Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-15 13:04:10 +00:00			`}`
internal: fix gunicorn not being restarted correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 14:59:31 +00:00			`g.log.WithField("args", args).WithField("cmd", command).Debug("Starting gunicorn")`
			`g.p = exec.Command(command, args...)`
internal: don't send kill signal to child as we mange it Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 15:02:24 +00:00			`g.p.Env = os.Environ()`
internal: fix gunicorn not being restarted correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 14:59:31 +00:00			`g.p.Stdout = os.Stdout`
			`g.p.Stderr = os.Stderr`
Merge branch 'master' into inbuilt-proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # internal/constants/constants.go # outpost/pkg/version.go 2021-06-23 18:40:51 +00:00			`}`

internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`func (g *GoUnicorn) IsRunning() bool {`
			`return g.alive`
			`}`

Merge branch 'master' into inbuilt-proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # internal/constants/constants.go # outpost/pkg/version.go 2021-06-23 18:40:51 +00:00			`func (g *GoUnicorn) Start() error {`
internal: don't send kill signal to child as we mange it Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 15:02:24 +00:00			`if g.killed {`
cmd/server: improve cleanup on shutdown Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-06 12:54:59 +00:00			`g.log.Debug("Not restarting gunicorn since we're shutdown")`
internal: don't send kill signal to child as we mange it Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 15:02:24 +00:00			`return nil`
			`}`
internal: fix gunicorn not being restarted correctly Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 14:59:31 +00:00			`if g.started {`
			`g.initCmd()`
			`}`
			`g.started = true`
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`go g.healthcheck()`
Merge branch 'master' into inbuilt-proxy Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> # Conflicts: # internal/constants/constants.go # outpost/pkg/version.go 2021-06-23 18:40:51 +00:00			`return g.p.Run()`
			`}`

internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`func (g *GoUnicorn) healthcheck() {`
			`g.log.Debug("starting healthcheck")`
			`// Default healthcheck is every 1 second on startup`
			`// once we've been healthy once, increase to 30 seconds`
Revert "internal: fix high cpu when backend isnt healthy" This reverts commit eb6cfd22a72970dfdab0314d4f1bd3038d3b88c7. Revert "root: handle JSON error in metrics too" This reverts commit 1ede97222260d00a3ae25aa2a4f7de6c6e562271. Revert "root: don't force multiprocess prometheus registry" This reverts commit cd1d1b440296a4c15059b4ec1c2adeec797ff220. Revert "root: add error handling for prometheus view" This reverts commit c0a883f76fdc4df0be89fa240aad1334250915ad. 2022-04-29 11:15:54 +00:00			`for range time.Tick(time.Second) {`
root: connect to backend via socket (#6720) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-09-02 15:58:37 +00:00			`if g.Healthcheck() {`
			`g.alive = true`
Revert "internal: fix high cpu when backend isnt healthy" This reverts commit eb6cfd22a72970dfdab0314d4f1bd3038d3b88c7. Revert "root: handle JSON error in metrics too" This reverts commit 1ede97222260d00a3ae25aa2a4f7de6c6e562271. Revert "root: don't force multiprocess prometheus registry" This reverts commit cd1d1b440296a4c15059b4ec1c2adeec797ff220. Revert "root: add error handling for prometheus view" This reverts commit c0a883f76fdc4df0be89fa240aad1334250915ad. 2022-04-29 11:15:54 +00:00			`g.log.Info("backend is alive, backing off with healthchecks")`
			`g.HealthyCallback()`
			`break`
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`}`
Revert "internal: fix high cpu when backend isnt healthy" This reverts commit eb6cfd22a72970dfdab0314d4f1bd3038d3b88c7. Revert "root: handle JSON error in metrics too" This reverts commit 1ede97222260d00a3ae25aa2a4f7de6c6e562271. Revert "root: don't force multiprocess prometheus registry" This reverts commit cd1d1b440296a4c15059b4ec1c2adeec797ff220. Revert "root: add error handling for prometheus view" This reverts commit c0a883f76fdc4df0be89fa240aad1334250915ad. 2022-04-29 11:15:54 +00:00			`g.log.Debug("backend not alive yet")`
			`}`
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`for range time.Tick(30 * time.Second) {`
root: connect to backend via socket (#6720) * root: connect to gunicorn via socket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * put socket in temp folder Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use non-socket connection for debug Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't hardcode local url Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix dev_server missing websocket Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dedupe logging config between gunicorn and main app Signed-off-by: Jens Langhammer <jens@goauthentik.io> * slight refactor for proxy errors Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> 2023-09-02 15:58:37 +00:00			`g.Healthcheck()`
internal: add internal healthchecking to prevent websocket errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-10-05 20:19:33 +00:00			`}`
			`}`

root: fix linting errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-18 14:12:57 +00:00			`func (g *GoUnicorn) Kill() {`
internal: don't send kill signal to child as we mange it Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-17 15:02:24 +00:00			`g.killed = true`
cmd/server: improve cleanup on shutdown Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-06 12:54:59 +00:00			`var err error`
			`if runtime.GOOS == "darwin" {`
			`g.log.WithField("method", "kill").Warning("stopping gunicorn")`
			`err = g.p.Process.Kill()`
			`} else {`
			`g.log.WithField("method", "sigterm").Warning("stopping gunicorn")`
			`err = syscall.Kill(g.p.Process.Pid, syscall.SIGTERM)`
			`}`
root: fix linting errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-18 14:12:57 +00:00			`if err != nil {`
cmd/server: improve cleanup on shutdown Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-11-06 12:54:59 +00:00			`g.log.WithError(err).Warning("failed to stop gunicorn")`
root: fix linting errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-18 14:12:57 +00:00			`}`
root: initial go proxy, update compose and helm Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-05-02 22:49:16 +00:00			`}`