Retry to download maxmind DB if it fails

[ssh2go]

We are using ingress-nginx in our project and in some cases we get the error like:

unexpected error downloading GeoIP2 database: Get [skipped URL and address]: connect: connection refused

At the same time, when we are trying to download that database manually a bit later, all works fine. This is because network connection become available a bit later than service starts. This issue is particularly common when using a service mesh proxy sidecar such as linkerd.

What this PR does / why we need it:

We can add extra delay on start, or try to download the database few times with a short delay. The last approach is proposed in that fix. User can define the download timeout for maxmind database, and the service will try to download it if that operation has been failed first time. The result in logs looks like:

I0629 17:29:48.476473 3794311 flags.go:311] "downloading maxmind GeoIP2 databases"
I0629 17:29:48.476825 3794311 maxmind.go:114] "download failed on attempt 1"
I0629 17:29:49.488997 3794311 maxmind.go:114] "download failed on attempt 2"
I0629 17:29:51.018738 3794311 maxmind.go:114] "download failed on attempt 3"
E0629 17:29:51.018915 3794311 flags.go:315] "unexpected error downloading GeoIP2 database" err="Get \"http://127.0.0.1/GeoLite2-City.tar.gz\": dial tcp 127.0.0.1:80: connect: connection refused"

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Which issue/s this PR fixes

How Has This Been Tested?

Tested it manually, also added new unit test TestMaxmindRetryDownload to cover the new code.

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I've read the CONTRIBUTION guide
• I have added tests to cover my changes.
• All new and existing tests passed.

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please log a ticket with the Linux Foundation Helpdesk: https://support.linuxfoundation.org/
• Should you encounter any issues with the Linux Foundation Helpdesk, send a message to the backup e-mail support address at: login-issues@jira.linuxfoundation.org

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

Welcome @ssh2go!

It looks like this is your first PR to kubernetes/ingress-nginx 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/ingress-nginx has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @ssh2go. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ssh2go]

/check-cla

[rikatz]

Please take a look into the suggestions and also sign the CLA

[rikatz]

Do we need this change? :)

[ssh2go]

Reverted

[rikatz]

Suggestion: Let's make this configurable as well?

[ssh2go]

Done, see arg --maxmind-retries-count. Default value is 1, any lower value will be changed to 1 as well

[rikatz]

What if we move all of this to DownloadGeoLite2DB instead of adding to this main function in flags.

ingress-nginx/internal/nginx/maxmind.go

Line 63 in b1c8e30

func DownloadGeoLite2DB() error {

Also, I would like to keep here simple, if possible. I do not opose myself of changing DownloadGeoLite2DB signature to pass the delay and retries as arguments, but infact we should deal an error as an error and not rely too much on the syscall in this case :)

If we have an error and the error happens here, we should just return to the caller function an error downloading the database, and parse this on the inner functions IMO

[ssh2go]

Moved all the download retry logic into DownloadGeoLite2DB func

[tao12345666333]

nit: the order of these two parameters should be reversed, IMO.

[ssh2go]

Fixed

[ssh2go]

/check-cla

[tao12345666333]

you can set it to MaxmindRetriesCount variable, instead of hard-coding it.

[ssh2go]

Thanks for that point. The only thing - we cannot use MaxmindRetriesCount because we are filling that variable with the value of according command line argument, and using it later as a first parameter in func DownloadGeoLite2DB. So I've added extra constant const minimumRetriesCount = 1, to avoid the hardcoding in the code.

[tao12345666333]

👍 yep. I missed it.

[tao12345666333]

same as above

[ssh2go]

fixed

[tao12345666333]

/ok-to-test

[rikatz]

/approve
Thanks.

Just fix the conflict in go.sum, and once @tao12345666333 is happy he can issue a lgtm and this gets merged :)

[tao12345666333]

/assign

[tao12345666333]

Sorry for delay. I think it could be merged. Thanks!

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rikatz, ssh2go, tao12345666333

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [rikatz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[NeckBeardPrince]

@ssh2go I believe this PR is causing issues, please see #8059 #8059 (comment)