From 4f804ca576ca345fc26d554e8bf5ec449f06edb2 Mon Sep 17 00:00:00 2001
From: Edward Malinowski <edwardmalinowski@Eds-MacBook-Pro.local>
Date: Mon, 13 Nov 2023 15:24:19 -0600
Subject: [PATCH] feat(gunicorn): Updated image to use gunicorn and new base
 image

---
 Dockerfile                         | 65 +++++++++++-------------------
 deployment/uwsgi/uwsgi.ini         | 37 -----------------
 deployment/wsgi/gunicorn.conf.py   |  6 +++
 deployment/{uwsgi => wsgi}/wsgi.py |  0
 4 files changed, 30 insertions(+), 78 deletions(-)
 delete mode 100644 deployment/uwsgi/uwsgi.ini
 create mode 100644 deployment/wsgi/gunicorn.conf.py
 rename deployment/{uwsgi => wsgi}/wsgi.py (100%)

diff --git a/Dockerfile b/Dockerfile
index f103e44f9..f785fd47e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,56 +1,39 @@
-# To run: docker run --rm -d -v /path/to/fence-config.yaml:/var/www/fence/fence-config.yaml --name=fence -p 80:80 fence
-# To check running container do: docker exec -it fence /bin/bash
+ARG AZLINUX_BASE_VERSION=master
 
-FROM quay.io/cdis/python:python3.9-buster-2.0.0
+FROM 707767160287.dkr.ecr.us-east-1.amazonaws.com/gen3/python-build-base:${AZLINUX_BASE_VERSION} as base
+# FROM quay.io/cdis/python-build-base:${AZLINUX_BASE_VERSION} as base
 
 ENV appname=fence
+ENV POETRY_NO_INTERACTION=1 \
+    POETRY_VIRTUALENVS_IN_PROJECT=1 \
+    POETRY_VIRTUALENVS_CREATE=1
 
-RUN pip install --upgrade pip
-RUN pip install --upgrade poetry
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends curl bash git \
-    && apt-get -y install vim \
-    libmcrypt4 mcrypt \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/
-
-RUN mkdir -p /var/www/$appname \
-    && mkdir -p /var/www/.cache/Python-Eggs/ \
-    && mkdir /run/nginx/ \
-    && ln -sf /dev/stdout /var/log/nginx/access.log \
-    && ln -sf /dev/stderr /var/log/nginx/error.log \
-    && chown nginx -R /var/www/.cache/Python-Eggs/ \
-    && chown nginx /var/www/$appname
-
-# aws cli v2 - needed for storing files in s3 during usersync k8s job
-RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \
-    && unzip awscliv2.zip \
-    && ./aws/install \
-    && /bin/rm -rf awscliv2.zip ./aws
+FROM base as builder
+
+RUN source /venv/bin/activate
 
 WORKDIR /$appname
 
-# copy ONLY poetry artifact, install the dependencies but not fence
-# this will make sure than the dependencies is cached
 COPY poetry.lock pyproject.toml /$appname/
-RUN poetry config virtualenvs.create false \
-    && poetry install -vv --no-root --no-dev --no-interaction \
-    && poetry show -v
+RUN pip install --upgrade poetry \
+    && poetry install --without dev --no-interaction
 
-# copy source code ONLY after installing dependencies
 COPY . /$appname
-COPY ./deployment/uwsgi/uwsgi.ini /etc/uwsgi/uwsgi.ini
-COPY ./deployment/uwsgi/wsgi.py /$appname/wsgi.py
-COPY clear_prometheus_multiproc /$appname/clear_prometheus_multiproc
-
-# install fence
-RUN poetry config virtualenvs.create false \
-    && poetry install -vv --no-dev --no-interaction \
-    && poetry show -v
+COPY ./deployment/wsgi/wsgi.py /$appname/wsgi.py
+RUN poetry install --without dev --no-interaction
 
 RUN COMMIT=`git rev-parse HEAD` && echo "COMMIT=\"${COMMIT}\"" >$appname/version_data.py \
     && VERSION=`git describe --always --tags` && echo "VERSION=\"${VERSION}\"" >>$appname/version_data.py
 
-WORKDIR /var/www/$appname
+FROM base
+
+RUN source /venv/bin/activate
+
+COPY --from=builder /venv /venv
+COPY --from=builder /$appname /$appname
+
+WORKDIR /$appname
 
-CMD ["sh","-c","bash /fence/dockerrun.bash && /dockerrun.sh"]
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONIOENCODING=UTF-8
+CMD ["gunicorn", "-c", "deployment/wsgi/gunicorn.conf.py"]
diff --git a/deployment/uwsgi/uwsgi.ini b/deployment/uwsgi/uwsgi.ini
deleted file mode 100644
index 0ebedb7ce..000000000
--- a/deployment/uwsgi/uwsgi.ini
+++ /dev/null
@@ -1,37 +0,0 @@
-[uwsgi]
-protocol = uwsgi
-socket = /var/run/gen3/uwsgi.sock
-buffer-size = 32768
-uid = nginx
-gid = nginx
-chown-socket = nginx:nginx
-chmod-socket = 666
-master = true
-harakiri-verbose = true
-# No global HARAKIRI, using only user HARAKIRI, because export overwrites it
-# Cannot overwrite global HARAKIRI with user's: https://git.io/fjYuD
-# harakiri = 45
-http-timeout = 45
-socket-timeout = 45
-worker-reload-mercy = 45
-reload-mercy = 45
-mule-reload-mercy = 45
-disable-logging = true
-wsgi-file=/fence/wsgi.py
-plugins = python3
-vacuum = true
-pythonpath = /var/www/fence/
-pythonpath = /fence/
-# poetry installs git dependencies at /usr/local/src
-pythonpath = /usr/local/src/*
-
-# metrics setup
-stats = 127.0.0.1:9191
-stats-http = true
-env = prometheus_multiproc_dir=/var/tmp/uwsgi_flask_metrics
-exec-asap = /fence/clear_prometheus_multiproc /var/tmp/uwsgi_flask_metrics
-
-# Initialize application in worker processes, not master. This prevents the
-# workers from all trying to open the same database connections at startup.
-lazy = true
-lazy-apps = true
diff --git a/deployment/wsgi/gunicorn.conf.py b/deployment/wsgi/gunicorn.conf.py
new file mode 100644
index 000000000..baa208a45
--- /dev/null
+++ b/deployment/wsgi/gunicorn.conf.py
@@ -0,0 +1,6 @@
+wsgi_app = "deployment.wsgi.wsgi:application"
+bind = "0.0.0.0:8000"
+workers = 1
+user = "appuser"
+group = "appuser"
+timeout = 300
diff --git a/deployment/uwsgi/wsgi.py b/deployment/wsgi/wsgi.py
similarity index 100%
rename from deployment/uwsgi/wsgi.py
rename to deployment/wsgi/wsgi.py