From 38548ab0d7833fdd0ed7fcc7baca05587e146277 Mon Sep 17 00:00:00 2001 From: mwiegand Date: Fri, 8 May 2026 11:19:03 +0200 Subject: [PATCH] chore(deploy): raise gunicorn thread pool to 32 for SSE headroom Each SSE log-viewer or job-log stream holds a thread for its full lifetime. With --threads 8, a handful of open browser tabs could exhaust the pool. 32 keeps the same single-process scheduler invariant (_claim_lock in job_worker is process-local) while giving SSE plenty of headroom on the test box's user count. Co-Authored-By: Claude Opus 4.7 (1M context) --- deploy/files/usr/local/lib/systemd/system/left4me-web.service | 2 +- deploy/tests/test_deploy_artifacts.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/files/usr/local/lib/systemd/system/left4me-web.service b/deploy/files/usr/local/lib/systemd/system/left4me-web.service index 3465516..07d30f1 100644 --- a/deploy/files/usr/local/lib/systemd/system/left4me-web.service +++ b/deploy/files/usr/local/lib/systemd/system/left4me-web.service @@ -12,7 +12,7 @@ Environment=HOME=/var/lib/left4me Environment=PATH=/opt/left4me/.venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin EnvironmentFile=/etc/left4me/host.env EnvironmentFile=/etc/left4me/web.env -ExecStart=/opt/left4me/.venv/bin/gunicorn --workers 1 --threads 8 --bind 0.0.0.0:8000 'l4d2web.app:create_app()' +ExecStart=/opt/left4me/.venv/bin/gunicorn --workers 1 --threads 32 --bind 0.0.0.0:8000 'l4d2web.app:create_app()' Restart=on-failure RestartSec=3 # NoNewPrivileges intentionally not set: the worker invokes fusermount3 diff --git a/deploy/tests/test_deploy_artifacts.py b/deploy/tests/test_deploy_artifacts.py index ea152ed..792bb24 100644 --- a/deploy/tests/test_deploy_artifacts.py +++ b/deploy/tests/test_deploy_artifacts.py @@ -35,6 +35,7 @@ def test_web_unit_contains_required_runtime_contract(): assert "EnvironmentFile=/etc/left4me/web.env" in unit assert "ExecStart=/opt/left4me/.venv/bin/gunicorn" in unit assert "--workers 1" in unit + assert "--threads 32" in unit assert "NoNewPrivileges=true" not in unit assert "PrivateTmp=true" not in unit assert "ProtectSystem=full" in unit