From da7bcd1914bde663ecae2c9f25d94153a1caf711 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Fri, 17 Apr 2020 11:15:49 +0200
Subject: [PATCH] copr-fe: better wsgi process group assignment

1. Create 'upload' process group, for specific - very long - upload
   requests (either API or over web-UI).
2. Add 'port80' process group which should serve only very lightweight
   requests.
3. Shorten generic API request to max 600s.
4. Document how the location matching works.
---
 .../frontend-cloud/templates/httpd/coprs.conf | 28 +++++++++++++++----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/roles/copr/frontend-cloud/templates/httpd/coprs.conf b/roles/copr/frontend-cloud/templates/httpd/coprs.conf
index 6911d5158a..cf42264b56 100644
--- a/roles/copr/frontend-cloud/templates/httpd/coprs.conf
+++ b/roles/copr/frontend-cloud/templates/httpd/coprs.conf
@@ -3,12 +3,17 @@ Alias /robots.txt /var/www/html/robots.txt
 Alias "/db_dumps/" "/var/www/html/db_dumps/"
 
 WSGIDaemonProcess 127.0.0.1 user=copr-fe group=copr-fe processes=4 threads=5 display-name=other maximum-requests=8000 restart-interval=300 graceful-timeout=20
-WSGIDaemonProcess api user=copr-fe group=copr-fe threads=15 display-name=api maximum-requests=8000 graceful-timeout=7200
+WSGIDaemonProcess api user=copr-fe group=copr-fe threads=15 display-name=api maximum-requests=8000 graceful-timeout=600
 WSGIDaemonProcess backend user=copr-fe group=copr-fe threads=15 display-name=backend maximum-requests=8000 graceful-timeout=20
 WSGIDaemonProcess stats user=copr-fe group=copr-fe threads=15 display-name=stats maximum-requests=8000 graceful-timeout=20
 WSGIDaemonProcess tmp user=copr-fe group=copr-fe threads=15 display-name=tmp maximum-requests=8000 graceful-timeout=20
 WSGIDaemonProcess repo user=copr-fe group=copr-fe threads=15 display-name=repo maximum-requests=8000 graceful-timeout=20
 WSGIDaemonProcess packages user=copr-fe group=copr-fe processes=1 threads=6 maximum-requests=100 display-name=packages graceful-timeout=20
+# Separate process group just to easily observe what unnecessary trafic goes to
+# non-ssl routes.  We should minimize traffic here.
+WSGIDaemonProcess port80 user=copr-fe group=copr-fe processes=1 threads=3 maximum-requests=100 display-name=port80 graceful-timeout=10
+# Allow large/long uploads, https://pagure.io/copr/copr/issue/1228
+WSGIDaemonProcess upload user=copr-fe group=copr-fe processes=2 threads=10 display-name=upload maximum-requests=100 graceful-timeout=1800
 
 WSGIApplicationGroup %{GLOBAL}
 
@@ -21,8 +26,11 @@ WSGIApplicationGroup %{GLOBAL}
     # configure port 80 here.
     WSGIPassAuthorization On
     <Location />
-        WSGIProcessGroup 127.0.0.1
+        WSGIProcessGroup port80
     </Location>
+    <LocationMatch "/repo/">
+        WSGIProcessGroup repo
+    </LocationMatch>
     <Directory /usr/share/copr>
         Require all granted
     </Directory>
@@ -59,11 +67,21 @@ WSGIApplicationGroup %{GLOBAL}
 {% endif %}
 
     WSGIPassAuthorization On
-    WSGIProcessGroup 127.0.0.1
 
-    <Location /api>
+    # Delegate requests to proper WSGIProcessGroup(s).  First move everything to
+    # a generic "basket" process-group by default (127.0.0.1), and process there
+    # every request... unless there's other - more location specific - rule.
+    # This is order sensitive (the last matching rule wins)!
+    WSGIProcessGroup 127.0.0.1
+    <LocationMatch "^/api.*">
         WSGIProcessGroup api
-    </Location>
+    </LocationMatch>
+    <LocationMatch "^/api.*upload.*">
+        WSGIProcessGroup upload
+    </LocationMatch>
+    <LocationMatch "^/coprs.*new_build_upload.*">
+        WSGIProcessGroup upload
+    </LocationMatch>
     <Location /backend>
         WSGIProcessGroup backend
     </Location>