Closed iwarp closed 4 years ago
Hi,
I've added --preload to gunicorn. From my understanding, this should initialize everything pre- process fork. I've tested the following with 2 workers:
import requests
if __name__ == "__main__":
sess = requests.Session()
resp = sess.post("http://localhost:8888/api/v1/login", data={
"username": "admin",
"password": "admin"
})
print(resp.json())
sess.headers.update({
"Authorization": f"Bearer {resp.json()['access_token']}"
})
for _ in range(20):
print(sess.get("http://localhost:8888/api/v1/wg/generate_psk").json())
With following output
{'psk': 'zhA+LYBKARA/Jou+E9qqsVZGABdOlndew5ZIS6HL9E0='}
{'psk': 'XX5d57agMfHq16SqA/hy2hufhxToWSjvbIo8nxjoycw='}
{'psk': '8C2bWrgHw5R9PPv9qZT97jXJoyBr2S4/fTt7TuqfaTI='}
{'psk': 'K4/PJRG0Q616IK29BzGDUyXMYJhHHKE6naDOKiXAzUs='}
{'psk': '9e7nkBnhBP+fHSlJIuYA1FImLKCaW0RlrC/GYelI+QU='}
{'psk': 'lO5EU7j+t+HC2zGhgoTbgZhT1AQzVtsuFKZEZmZsvxs='}
{'psk': 'J3oCbu+Noh7vhu3CWQWHk+fNb8o0TpmAAYGHIWecKzs='}
{'psk': 'lOgacxF9tluLMTCyvczZH2At7f10JdJ1oojOPCoIkWE='}
{'psk': 'FN/QTg9QcXeWtLWL76LFTT94KTIcxyyHmGRKUyXXf50='}
{'psk': 'D7nr8Svg2xfXH6/xk2gIUJ+7rH8LVNJx+m886xLrjvc='}
{'psk': 'PNq8zc4rZguc8c3qcGMe8MUyqEifU/LYDqMftcUte8w='}
{'psk': 'sbok83Wc2S4O2Oy5byiy2jThb4S62CnnanEQAWsMJBY='}
{'psk': 'B6gyHsmVVWeqT4XaVWzffpzrT/d7ByT9HRM6vTv0w40='}
{'psk': '3ltJ6trYJWS2bYxHSw6Q108oyfd9Gt3sVxiRLBXxYFU='}
{'psk': '5A/d825BuH5iWweLo8PJhArVxQ4Dg4ynqpSlT34WHrY='}
{'psk': 'h2KBBn1wHe/JuU1Flltzd2JHn9weIhaiA1LkWY5aEY4='}
{'psk': 'mt8WIqN1PyMwO1tYtrN1TGpKYMU8el+CxSuoRXYZBaQ='}
{'psk': 'V9l+4nFMGKd7RFHWcvIEK+N8nmbsyXLQU9jFyH3NSoE='}
{'psk': 'CfFl72Zj1elIKdMja55dgWmi4w9U/2mOm5Ewqq1puA0='}
{'psk': 'nCmcECsXD8qkZL2STZGamyk/mk0CAkhzbOZ9hVqiaUQ='}
Check if this works as expected and reopen if problem still persists. :)
Hi, Great project BTW,
I've been using the backend api to automate the Wireguard peer configuration from our deployment scripts. And have found an bug with the way the multi-process gunicorn server is running.
Steps to reproduce
If you run the generate_psk a number of time most of the time you get "Could not validate credentials" with the occasional success.
I think this is due to gunicorn running separate processes for the python scripts, each time on startup its generating a separate secret_key per process meaning the JWT fails its signing check when decoding, if login occurred on a different process.
const.py
SECRET_KEY = ''.join(random.choices(string.ascii_uppercase + string.digits, k=64))
I've worked around this by reducing the workers to 1. I think its not seen in Angular as the HTTP connection is held open holding the connection on the same node the login occurred on.
docker/gunicorn_config.py - force workers to 1
#workers = web_concurrency
workers = 1