diff --git a/userspace/falco/app_actions/start_webserver.cpp b/userspace/falco/app_actions/start_webserver.cpp index 3da117fe..8e2b0070 100644 --- a/userspace/falco/app_actions/start_webserver.cpp +++ b/userspace/falco/app_actions/start_webserver.cpp @@ -27,8 +27,14 @@ application::run_result application::start_webserver() if(!is_capture_mode() && m_state->config->m_webserver_enabled) { std::string ssl_option = (m_state->config->m_webserver_ssl_enabled ? " (SSL)" : ""); - falco_logger::log(LOG_INFO, "Starting internal webserver, listening on port " + to_string(m_state->config->m_webserver_listen_port) + ssl_option + "\n"); + falco_logger::log(LOG_INFO, "Starting health webserver with threadiness " + + to_string(m_state->config->m_webserver_threadiness) + + ", listening on port " + + to_string(m_state->config->m_webserver_listen_port) + + ssl_option + "\n"); + m_state->webserver.start( + m_state->config->m_webserver_threadiness, m_state->config->m_webserver_listen_port, m_state->config->m_webserver_k8s_healthz_endpoint, m_state->config->m_webserver_ssl_certificate, diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp index f35ea534..b8bbe062 100644 --- a/userspace/falco/configuration.cpp +++ b/userspace/falco/configuration.cpp @@ -35,6 +35,7 @@ falco_configuration::falco_configuration(): m_buffered_outputs(false), m_time_format_iso_8601(false), m_webserver_enabled(false), + m_webserver_threadiness(0), m_webserver_listen_port(8765), m_webserver_k8s_healthz_endpoint("/healthz"), m_webserver_ssl_enabled(false), @@ -207,10 +208,15 @@ void falco_configuration::init(string conf_filename, const vector &cmdli falco_logger::log_syslog = m_config->get_scalar("log_syslog", true); m_webserver_enabled = m_config->get_scalar("webserver.enabled", false); + m_webserver_threadiness = m_config->get_scalar("webserver.threadiness", 0); m_webserver_listen_port = m_config->get_scalar("webserver.listen_port", 8765); m_webserver_k8s_healthz_endpoint = m_config->get_scalar("webserver.k8s_healthz_endpoint", "/healthz"); m_webserver_ssl_enabled = m_config->get_scalar("webserver.ssl_enabled", false); m_webserver_ssl_certificate = m_config->get_scalar("webserver.ssl_certificate", "/etc/falco/falco.pem"); + if(m_webserver_threadiness == 0) + { + m_webserver_threadiness = falco::utils::hardware_concurrency(); + } std::list syscall_event_drop_acts; m_config->get_sequence(syscall_event_drop_acts, "syscall_event_drops.actions"); diff --git a/userspace/falco/configuration.h b/userspace/falco/configuration.h index 41fc1525..e3b1c79a 100644 --- a/userspace/falco/configuration.h +++ b/userspace/falco/configuration.h @@ -250,6 +250,7 @@ public: std::string m_grpc_root_certs; bool m_webserver_enabled; + uint32_t m_webserver_threadiness; uint32_t m_webserver_listen_port; std::string m_webserver_k8s_healthz_endpoint; bool m_webserver_ssl_enabled; diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp index dba93973..c4567db9 100644 --- a/userspace/falco/webserver.cpp +++ b/userspace/falco/webserver.cpp @@ -24,10 +24,11 @@ falco_webserver::~falco_webserver() } void falco_webserver::start( - uint32_t listen_port, - std::string& healthz_endpoint, - std::string &ssl_certificate, - bool ssl_enabled) + uint32_t threadiness, + uint32_t listen_port, + std::string& healthz_endpoint, + std::string &ssl_certificate, + bool ssl_enabled) { if (m_running) { @@ -48,7 +49,6 @@ void falco_webserver::start( } // configure server - auto threadiness = std::min(2u, falco::utils::hardware_concurrency()); m_server->new_task_queue = [&threadiness] { return new httplib::ThreadPool(threadiness); }; // setup healthz endpoint diff --git a/userspace/falco/webserver.h b/userspace/falco/webserver.h index 7a022b0b..e9c40967 100644 --- a/userspace/falco/webserver.h +++ b/userspace/falco/webserver.h @@ -26,6 +26,7 @@ class falco_webserver public: virtual ~falco_webserver(); virtual void start( + uint32_t threadiness, uint32_t listen_port, std::string& healthz_endpoint, std::string &ssl_certificate,