From 466ad4bb5bbbeda9e69c7682b85e490864e23a30 Mon Sep 17 00:00:00 2001 From: Paul Abel Date: Tue, 21 Oct 2025 17:16:42 +0100 Subject: [PATCH 1/7] Cleanup stale socket files on startup --- cmd/nginx-ingress/main.go | 43 +++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 9016e16c43..d831e75362 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -66,6 +66,7 @@ var ( "error": levels.LevelError, "fatal": levels.LevelFatal, } + socketPath = "/var/lib/nginx" ) const ( @@ -88,6 +89,9 @@ func main() { ctx := initLogger(*logFormat, logLevels[*logLevel], os.Stdout) l := nl.LoggerFromContext(ctx) + // removes .sock files after nginx exits + cleanupSocketFiles(l) + initValidate(ctx) parsedFlags := os.Args[1:] @@ -522,7 +526,7 @@ func createPlusClient(ctx context.Context, nginxPlus bool, useFakeNginxManager b var err error if nginxPlus && !useFakeNginxManager { - httpClient := getSocketClient("/var/lib/nginx/nginx-plus-api.sock") + httpClient := getSocketClient(fmt.Sprintf("%s/nginx-plus-api.sock", socketPath)) plusClient, err = client.NewNginxClient("http://nginx-plus-api/api", client.WithHTTPClient(httpClient)) if err != nil { nl.Fatalf(l, "Failed to create NginxClient for Plus: %v", err) @@ -801,21 +805,6 @@ func handleTermination(lbc *k8s.LoadBalancerController, nginxManager nginx.Manag select { case err := <-cpcfg.nginxDone: if err != nil { - // removes .sock files after nginx exits - socketPath := "/var/lib/nginx/" - files, readErr := os.ReadDir(socketPath) - if readErr != nil { - nl.Errorf(lbc.Logger, "error trying to read directory %s: %v", socketPath, readErr) - } else { - for _, f := range files { - if !f.IsDir() && strings.HasSuffix(f.Name(), ".sock") { - fullPath := filepath.Join(socketPath, f.Name()) - if removeErr := os.Remove(fullPath); removeErr != nil { - nl.Errorf(lbc.Logger, "error trying to remove file %s: %v", fullPath, removeErr) - } - } - } - } nl.Fatalf(lbc.Logger, "nginx command exited unexpectedly with status: %v", err) } else { nl.Info(lbc.Logger, "nginx command exited successfully") @@ -844,6 +833,24 @@ func handleTermination(lbc *k8s.LoadBalancerController, nginxManager nginx.Manag os.Exit(0) } +func cleanupSocketFiles(l *slog.Logger) { + files, readErr := os.ReadDir(fmt.Sprintf("%s/", socketPath)) + if readErr != nil { + nl.Errorf(l, "error trying to read directory %s: %v", socketPath, readErr) + } else { + for _, f := range files { + nl.Debugf(l, "Processing file %s", f.Name()) + if !f.IsDir() && strings.HasSuffix(f.Name(), ".sock") { + fullPath := filepath.Join(socketPath, f.Name()) + nl.Infof(l, "Removing socket file %s", fullPath) + if removeErr := os.Remove(fullPath); removeErr != nil { + nl.Errorf(l, "error trying to remove file %s: %v", fullPath, removeErr) + } + } + } + } +} + func ready(lbc *k8s.LoadBalancerController) http.HandlerFunc { return func(w http.ResponseWriter, _ *http.Request) { if !lbc.IsNginxReady() { @@ -936,7 +943,7 @@ func createPlusAndLatencyCollectors( plusCollector = nginxCollector.NewNginxPlusCollector(plusClient, "nginx_ingress_nginxplus", variableLabelNames, constLabels, l) go metrics.RunPrometheusListenerForNginxPlus(ctx, *prometheusMetricsListenPort, plusCollector, registry, prometheusSecret) } else { - httpClient := getSocketClient("/var/lib/nginx/nginx-status.sock") + httpClient := getSocketClient(fmt.Sprintf("%s/nginx-status.sock", socketPath)) client := metrics.NewNginxMetricsClient(httpClient) go metrics.RunPrometheusListenerForNginx(ctx, *prometheusMetricsListenPort, client, registry, constLabels, prometheusSecret) } @@ -945,7 +952,7 @@ func createPlusAndLatencyCollectors( if err := lc.Register(registry); err != nil { nl.Errorf(l, "Error registering Latency Prometheus metrics: %v", err) } - syslogListener = metrics.NewLatencyMetricsListener(ctx, "/var/lib/nginx/nginx-syslog.sock", lc) + syslogListener = metrics.NewLatencyMetricsListener(ctx, fmt.Sprintf("%s/nginx-syslog.sock", socketPath), lc) go syslogListener.Run() } } From 8f74f8e9fa9246f0309ad4d23729461f9a9682c0 Mon Sep 17 00:00:00 2001 From: Alex Fenlon Date: Wed, 22 Oct 2025 11:55:11 +0100 Subject: [PATCH 2/7] remove debug line, fix comment --- cmd/nginx-ingress/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index d831e75362..62632a6b2c 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -88,8 +88,7 @@ func main() { parseFlags() ctx := initLogger(*logFormat, logLevels[*logLevel], os.Stdout) l := nl.LoggerFromContext(ctx) - - // removes .sock files after nginx exits + cleanupSocketFiles(l) initValidate(ctx) @@ -833,13 +832,14 @@ func handleTermination(lbc *k8s.LoadBalancerController, nginxManager nginx.Manag os.Exit(0) } + +// Clean up any leftover socket files from previous runs func cleanupSocketFiles(l *slog.Logger) { files, readErr := os.ReadDir(fmt.Sprintf("%s/", socketPath)) if readErr != nil { nl.Errorf(l, "error trying to read directory %s: %v", socketPath, readErr) } else { for _, f := range files { - nl.Debugf(l, "Processing file %s", f.Name()) if !f.IsDir() && strings.HasSuffix(f.Name(), ".sock") { fullPath := filepath.Join(socketPath, f.Name()) nl.Infof(l, "Removing socket file %s", fullPath) From 604455678dfc91b465fef99c368575a21837a8de Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 22 Oct 2025 11:06:09 +0000 Subject: [PATCH 3/7] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- cmd/nginx-ingress/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 62632a6b2c..0fb3e995e9 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -88,7 +88,7 @@ func main() { parseFlags() ctx := initLogger(*logFormat, logLevels[*logLevel], os.Stdout) l := nl.LoggerFromContext(ctx) - + cleanupSocketFiles(l) initValidate(ctx) From 42ec28b53d5cefdc51fcf28e8f42ad9ac72c946f Mon Sep 17 00:00:00 2001 From: AlexFenlon Date: Wed, 22 Oct 2025 12:19:17 +0100 Subject: [PATCH 4/7] fix lint Signed-off-by: AlexFenlon --- cmd/nginx-ingress/main.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 0fb3e995e9..e6276685bc 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -832,7 +832,6 @@ func handleTermination(lbc *k8s.LoadBalancerController, nginxManager nginx.Manag os.Exit(0) } - // Clean up any leftover socket files from previous runs func cleanupSocketFiles(l *slog.Logger) { files, readErr := os.ReadDir(fmt.Sprintf("%s/", socketPath)) From fcb48e4c859e2dd748561db2395226c9f5aa4741 Mon Sep 17 00:00:00 2001 From: Alex Fenlon Date: Thu, 23 Oct 2025 14:10:00 +0100 Subject: [PATCH 5/7] Refactor socket file paths to use filepath.Join for better consistency --- cmd/nginx-ingress/main.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index e6276685bc..9c1cab3ae2 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -525,7 +525,7 @@ func createPlusClient(ctx context.Context, nginxPlus bool, useFakeNginxManager b var err error if nginxPlus && !useFakeNginxManager { - httpClient := getSocketClient(fmt.Sprintf("%s/nginx-plus-api.sock", socketPath)) + httpClient := getSocketClient(filepath.Join(socketPath, "nginx-plus-api.sock")) plusClient, err = client.NewNginxClient("http://nginx-plus-api/api", client.WithHTTPClient(httpClient)) if err != nil { nl.Fatalf(l, "Failed to create NginxClient for Plus: %v", err) @@ -942,7 +942,7 @@ func createPlusAndLatencyCollectors( plusCollector = nginxCollector.NewNginxPlusCollector(plusClient, "nginx_ingress_nginxplus", variableLabelNames, constLabels, l) go metrics.RunPrometheusListenerForNginxPlus(ctx, *prometheusMetricsListenPort, plusCollector, registry, prometheusSecret) } else { - httpClient := getSocketClient(fmt.Sprintf("%s/nginx-status.sock", socketPath)) + httpClient := getSocketClient(filepath.Join(socketPath, "%s/nginx-status.sock")) client := metrics.NewNginxMetricsClient(httpClient) go metrics.RunPrometheusListenerForNginx(ctx, *prometheusMetricsListenPort, client, registry, constLabels, prometheusSecret) } @@ -951,7 +951,7 @@ func createPlusAndLatencyCollectors( if err := lc.Register(registry); err != nil { nl.Errorf(l, "Error registering Latency Prometheus metrics: %v", err) } - syslogListener = metrics.NewLatencyMetricsListener(ctx, fmt.Sprintf("%s/nginx-syslog.sock", socketPath), lc) + syslogListener = metrics.NewLatencyMetricsListener(ctx, filepath.Join(socketPath, "nginx-syslog.sock"), lc) go syslogListener.Run() } } From 913dd88f57bf43f169130c370b1babc858e2f7ff Mon Sep 17 00:00:00 2001 From: AlexFenlon Date: Thu, 23 Oct 2025 15:00:18 +0100 Subject: [PATCH 6/7] Update cmd/nginx-ingress/main.go Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: AlexFenlon --- cmd/nginx-ingress/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 9c1cab3ae2..a72cd9f415 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -834,7 +834,7 @@ func handleTermination(lbc *k8s.LoadBalancerController, nginxManager nginx.Manag // Clean up any leftover socket files from previous runs func cleanupSocketFiles(l *slog.Logger) { - files, readErr := os.ReadDir(fmt.Sprintf("%s/", socketPath)) + files, readErr := os.ReadDir(socketPath) if readErr != nil { nl.Errorf(l, "error trying to read directory %s: %v", socketPath, readErr) } else { From 6bb8672ef2cdb6c6f2e2fe232034d7a937b0ac2c Mon Sep 17 00:00:00 2001 From: Alex Fenlon Date: Thu, 23 Oct 2025 15:05:31 +0100 Subject: [PATCH 7/7] Make socketPath a const instead --- cmd/nginx-ingress/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nginx-ingress/main.go b/cmd/nginx-ingress/main.go index 9c1cab3ae2..ce2806a320 100644 --- a/cmd/nginx-ingress/main.go +++ b/cmd/nginx-ingress/main.go @@ -66,7 +66,6 @@ var ( "error": levels.LevelError, "fatal": levels.LevelFatal, } - socketPath = "/var/lib/nginx" ) const ( @@ -77,6 +76,7 @@ const ( appProtectVersionPath = "/opt/app_protect/RELEASE" appProtectv4BundleFolder = "/etc/nginx/waf/bundles/" appProtectv5BundleFolder = "/etc/app_protect/bundles/" + socketPath = "/var/lib/nginx" fatalEventFlushTime = 200 * time.Millisecond secretErrorReason = "SecretError" configMapErrorReason = "ConfigMapError"