internal: use config system for workers/threads, document the settings (#3626)

use config system for workers/threads, document the settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L 2022-09-21 09:59:03 +02:00 committed by GitHub
parent 1583d53e54
commit b16a3d5697
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 40 additions and 10 deletions

View file

@ -80,3 +80,8 @@ default_token_length: 128
impersonation: true
blueprints_dir: /blueprints
web:
# No default here as it's set dynamically
# workers: 2
threads: 4

View file

@ -42,7 +42,6 @@ services:
AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
# AUTHENTIK_ERROR_REPORTING__ENABLED: "true"
# WORKERS: 2
volumes:
- ./media:/media
- ./custom-templates:/templates

View file

@ -87,8 +87,8 @@ if SERVICE_HOST_ENV_NAME in os.environ:
else:
default_workers = max(cpu_count() * 0.25, 1) + 1 # Minimum of 2 workers
workers = int(os.environ.get("WORKERS", default_workers))
threads = int(os.environ.get("THREADS", 4))
workers = int(CONFIG.y("web.workers", default_workers))
threads = int(CONFIG.y("web.threads", 4))
# pylint: disable=unused-argument
def post_fork(server: "Arbiter", worker: DjangoUvicornWorker):

View file

@ -15,6 +15,16 @@ All of these variables can be set to values, but you can also use a URI-like for
- `env://<name>` Loads the value from the environment variable `<name>`. Fallback can be optionally set like `env://<name>?<default>`
- `file://<name>` Loads the value from the file `<name>`. Fallback can be optionally set like `file://<name>?<default>`
## Checking settings
To check if your config has been applied correctly, you can run the following command to output the full config:
```
docker-compose run --rm worker dump_config
# Or for kubernetes
kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config
```
## PostgreSQL Settings
- `AUTHENTIK_POSTGRESQL__HOST`: Hostname of your PostgreSQL Server
@ -233,12 +243,23 @@ Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources.
Defaults to `null`.
## Debugging
### `AUTHENTIK_WEB__WORKERS`
To check if your config has been applied correctly, you can run the following command to output the full config:
:::info
Requires authentik 2022.9
:::
```
docker-compose run --rm worker dump_config
# Or for kubernetes
kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config
```
Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html).
If running in Kubernetes, the default value is set to 2 and should in most cases not be changed, as scaling can be done with multiple pods running the web server.
Otherwise, authentik will use 1 worker for each 4 CPU cores + 1 as a value below 2 workers is not recommended.
### `AUTHENTIK_WEB__THREADS`
:::info
Requires authentik 2022.9
:::
Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html).
Defaults to 4.

View file

@ -3,6 +3,10 @@ title: Release 2022.9
slug: "2022.9"
---
## Breaking changes
- `WORKERS` environment variable has been renamed to match other config options, see [Configuration](../installation/configuration#authentik_web__workers)
## New features
- UI for Duo device Import

View file

@ -7,6 +7,7 @@ module.exports = {
{
type: "category",
label: "Installation",
collapsed: false,
link: {
type: "generated-index",
title: "Installation",