Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cmd): move unix domain sockets to /var/run #11944

Draft
wants to merge 19 commits into
base: master
Choose a base branch
from
Draft

fix(cmd): move unix domain sockets to /var/run #11944

wants to merge 19 commits into from
+185 −68

Conversation

brentos
Copy link
Contributor

@brentos brentos commented Nov 8, 2023

Summary

Unix domain socket files located in the prefix directory cause problems when mounting that directory in containers. In addition, it is common practice to store socket files in /var/run which is cleaned up automatically on server restart.

Checklist

  • The Pull Request has tests
  • A changelog file has been created under changelog/unreleased/kong or skip-changelog label added on PR if changelog is unnecessary. README.md
  • There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Full changelog

  • [Implement ...]

Issue reference

Fix KAG-328

@CLAassistant
Copy link

CLAassistant commented Nov 8, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@brentos brentos force-pushed the fix/kag-328-relocate-unix-domain-sockets branch from 904de06 to 9159137 Compare November 8, 2023 01:01
@github-actions github-actions bot added the chore Not part of the core functionality of kong, but still needed label Nov 8, 2023
@brentos brentos force-pushed the fix/kag-328-relocate-unix-domain-sockets branch from e6aae4e to 615944a Compare November 8, 2023 23:37
@brentos brentos force-pushed the fix/kag-328-relocate-unix-domain-sockets branch 3 times, most recently from e5d21a2 to dca52e6 Compare November 21, 2023 00:14
fffonion
fffonion reviewed Nov 21, 2023
View reviewed changes
build/dockerfiles/entrypoint.sh
@@ -44,22 +44,6 @@ if [[ "$1" == "kong" ]]; then
if [[ "$2" == "docker-start" ]]; then
kong prepare -p "$PREFIX" "$@"

# remove all dangling sockets in $PREFIX dir before starting Kong
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will still need the logic, but instead removing dangling sockets in /var/run/kong directory.
I was wrong with my previous comment some days ago, it appears the /run or /var/run directory is not a volatile fs inside container; it's only volatile in a normal system. So the contents under this directory persists between container restarts.

@fffonion
Copy link
Contributor

fffonion commented Nov 21, 2023
edited
Loading

Please also consider use cases when user doesn't start Kong through systemd (e.g. a plain kong start). In such case, even the ReadWritePaths I mentioned above won't work because no party is going to create that directory. So does the systemd-tmpfiles approach after a system reboot.

In conclusion, we need to consider following use cases:

  • container based
  • systemd controlled services
  • kong start
    All above use cases should work with fresh install, or after a system (container) restart.

@fffonion fffonion mentioned this pull request Nov 24, 2023
Merged
@brentos brentos force-pushed the fix/kag-328-relocate-unix-domain-sockets branch from df08f4f to 72b9a53 Compare November 29, 2023 21:15
brentos added 19 commits November 29, 2023 17:29
@brentos
fix(cmd): move unix domain sockets to /var/run
9fb168b
@brentos
Create /var/run/kong directory in build_and_test workflow
340b774
@brentos
Create /var/run/kong directory in build_and_test workflow
dd7ea22
@brentos
simplify test for bundled plugins
fa33e5b
@brentos
simplify test for bundled plugins
a41a4ec
@brentos
normalize prefix path before generating runtime hash, update dockerfiles
77aa0e9
@brentos
update socket location in custom_inject_stream test file
10352ed
@brentos
Update nfpm to create empty /var/run/kong dir, update failing stream …
a6cf634 
…api test
@brentos
revert change to dockerfiles
5ddd1af
@brentos
clean the runtime dir in clean_prefix helper
fa1f881
@brentos
use tmpfiles.d to create /var/run/kong, create text files with prefix…
d62f079 
… and runtime dir locations
@brentos
Remove script to remove sockets from docker entrypoint, fix message f…
aaee5be 
…or dangling sockets
@brentos
Remove unnecessary clean_runtime_dir, add test and use abspath instea…
0bca45c 
…d of normpath
@brentos
Add missing pl.path
fde4bda
@brentos
Fix lint issues
cb68be6
@brentos
Update permissions for /var/run/kong
e1723fb
@brentos
Move get_runtime_data_path to system
e3c58bc
@brentos
add space back to utils.lua
57d61d4
@brentos
Add logic to clear dangling sockets in docker entrypoint
8a5a1ba
@brentos brentos force-pushed the fix/kag-328-relocate-unix-domain-sockets branch from 72b9a53 to 8a5a1ba Compare November 30, 2023 01:29
@locao locao marked this pull request as draft December 19, 2023 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flrgh flrgh flrgh left review comments

@fffonion fffonion fffonion left review comments

@Tieske Tieske Tieske left review comments

@bungle bungle bungle left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

@brentos brentos

Labels
build/bazel chore Not part of the core functionality of kong, but still needed core/cli core/clustering core/configuration core/proxy core/templates size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@brentos @CLAassistant @fffonion @Tieske @bungle @flrgh @dndx @locao