From d1b6f32981c12563602580f26d4f6c3a66e52c3b Mon Sep 17 00:00:00 2001
From: Karl Stoney <me@karlstoney.com>
Date: Sat, 17 Feb 2018 20:24:50 +0000
Subject: [PATCH] Enabled the dynamic reload of GeoIP data (#2107)

* Moved geoip data into its own folder so it can be volume mounted

* Added FS watches for the geoip data

* Fixed single quotes issue (interpolation)

* Fixed gofmt errors

* Updated to directory crawl
---
 images/nginx/build.sh                | 18 +++++++------
 internal/ingress/controller/nginx.go | 38 ++++++++++++++++++++++++----
 rootfs/etc/nginx/template/nginx.tmpl |  6 ++---
 3 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/images/nginx/build.sh b/images/nginx/build.sh
index cb064f886..413389758 100755
--- a/images/nginx/build.sh
+++ b/images/nginx/build.sh
@@ -95,14 +95,16 @@ if [[ ${ARCH} == "s390x" ]]; then
   git config --global pack.threads "1"
 fi
 
-# download GeoIP databases
-wget -O /etc/nginx/GeoIP.dat.gz https://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz || { echo 'Could not download GeoLiteCountry, exiting.' ; exit 1; }
-wget -O /etc/nginx/GeoLiteCity.dat.gz https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz || { echo 'Could not download GeoLiteCity, exiting.' ; exit 1; }
-wget -O /etc/nginx/GeoIPASNum.dat.gz http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz || { echo 'Could not download GeoLiteOrg, exiting.' ; exit 1; }
-
-gunzip /etc/nginx/GeoIP.dat.gz
-gunzip /etc/nginx/GeoLiteCity.dat.gz
-gunzip /etc/nginx/GeoIPASNum.dat.gz
+# Get the GeoIP data
+GEOIP_FOLDER=/etc/nginx/geoip
+mkdir -p $GEOIP_FOLDER
+function geoip_get {
+  wget -O $GEOIP_FOLDER/$1 $2 || { echo "Could not download $1, exiting." ; exit 1; }
+  gunzip $GEOIP_FOLDER/$1
+}
+geoip_get "GeoIP.dat.gz" "https://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz"
+geoip_get "GeoLiteCity.dat.gz" "https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"
+geoip_get "GeoIPASNum.dat.gz" "http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz"
 
 mkdir --verbose -p "$BUILD_PATH"
 cd "$BUILD_PATH"
diff --git a/internal/ingress/controller/nginx.go b/internal/ingress/controller/nginx.go
index 9a8aa262d..2a621077d 100644
--- a/internal/ingress/controller/nginx.go
+++ b/internal/ingress/controller/nginx.go
@@ -56,6 +56,7 @@ import (
 	"k8s.io/ingress-nginx/internal/net/ssl"
 	"k8s.io/ingress-nginx/internal/task"
 	"k8s.io/ingress-nginx/internal/watch"
+	"path/filepath"
 )
 
 type statusModule string
@@ -69,6 +70,7 @@ const (
 
 var (
 	tmplPath    = "/etc/nginx/template/nginx.tmpl"
+	geoipPath   = "/etc/nginx/geoip"
 	cfgPath     = "/etc/nginx/nginx.conf"
 	nginxBinary = "/usr/sbin/nginx"
 )
@@ -152,8 +154,8 @@ func NewNGINXController(config *Configuration, fs file.Filesystem) *NGINXControl
 		glog.Warning("Update of ingress status is disabled (flag --update-status=false was specified)")
 	}
 
-	var onChange func()
-	onChange = func() {
+	var onTemplateChange func()
+	onTemplateChange = func() {
 		template, err := ngx_template.NewTemplate(tmplPath, fs)
 		if err != nil {
 			// this error is different from the rest because it must be clear why nginx is not working
@@ -179,12 +181,38 @@ Error loading new template : %v
 
 	// TODO: refactor
 	if _, ok := fs.(filesystem.DefaultFs); !ok {
-		watch.NewDummyFileWatcher(tmplPath, onChange)
+		watch.NewDummyFileWatcher(tmplPath, onTemplateChange)
 	} else {
-		_, err = watch.NewFileWatcher(tmplPath, onChange)
+
+		_, err = watch.NewFileWatcher(tmplPath, onTemplateChange)
 		if err != nil {
-			glog.Fatalf("unexpected error watching template %v: %v", tmplPath, err)
+			glog.Fatalf("unexpected error creating file watcher: %v", err)
 		}
+
+		filesToWatch := []string{}
+		err := filepath.Walk("/etc/nginx/geoip/", func(path string, info os.FileInfo, err error) error {
+			if info.IsDir() {
+				return nil
+			}
+
+			filesToWatch = append(filesToWatch, path)
+			return nil
+		})
+
+		if err != nil {
+			glog.Fatalf("unexpected error creating file watcher: %v", err)
+		}
+
+		for _, f := range filesToWatch {
+			_, err = watch.NewFileWatcher(f, func() {
+				glog.Info("file %v changed. Reloading NGINX", f)
+				n.SetForceReload(true)
+			})
+			if err != nil {
+				glog.Fatalf("unexpected error creating file watcher: %v", err)
+			}
+		}
+
 	}
 
 	return n
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 7fa74be64..9eff38d97 100644
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -47,9 +47,9 @@ http {
     {{/* databases used to determine the country depending on the client IP address */}}
     {{/* http://nginx.org/en/docs/http/ngx_http_geoip_module.html */}}
     {{/* this is require to calculate traffic for individual country using GeoIP in the status page */}}
-    geoip_country       /etc/nginx/GeoIP.dat;
-    geoip_city          /etc/nginx/GeoLiteCity.dat;
-    geoip_org           /etc/nginx/GeoIPASNum.dat;
+    geoip_country       /etc/nginx/geoip/GeoIP.dat;
+    geoip_city          /etc/nginx/geoip/GeoLiteCity.dat;
+    geoip_org           /etc/nginx/geoip/GeoIPASNum.dat;
     geoip_proxy_recursive on;
 
     {{ if $cfg.EnableVtsStatus }}