fix: orb-agent docker image restart

[leoparente]

This pull request introduces several improvements focused on container signal handling, resource cleanup, and platform-specific socket configuration for faster and more reliable agent restarts. The most significant changes are grouped below:

Container entrypoint and signal handling improvements:

• The Docker image now uses tini as the entrypoint, ensuring proper signal forwarding and reaping of zombie processes. The orb-agent-entry.sh script was simplified to directly exec the agent binary, removing custom signal traps and the run-agent.sh helper script. This makes shutdown and restart behavior more robust in container environments. [1] [2] [3] [4] [5]

Platform-specific socket options for fast port reuse:

• The gRPC server now uses platform-specific socket configuration: on Unix, sockets are created with SO_REUSEADDR enabled to allow fast port reuse (important for Docker restarts); on Windows, standard socket creation is used. This is implemented via new listen helper functions in socket_unix.go and socket_windows.go, and integrated into the server startup. [1] [2] [3]

Resource and process cleanup:

• The pktvisor backend now removes any old temporary config files before creating new ones, preventing resource leaks and stale files.
• The agent main routine now explicitly exits after handling a stop signal, ensuring a clean shutdown.

Dependency updates:

• The golang.org/x/sys dependency is now a direct requirement in go.mod to support the new socket configuration code. [1] [2]

Minor code cleanup:

• Removed an unnecessary comment and improved context management in the pktvisor backend's reset logic.
• Added a minor defer improvement in the pktvisor backend's stop logic.

[leoparente]

@codex review

[github-actions]

Go test coverage

STATUS	ELAPSED	PACKAGE	COVER	PASS	FAIL	SKIP
🟢 PASS	1.05s	github.com/netboxlabs/orb-agent/agent	44.5%	6	0	0
🟢 PASS	31.88s	github.com/netboxlabs/orb-agent/agent/backend	75.2%	40	0	0
🟢 PASS	6.04s	github.com/netboxlabs/orb-agent/agent/backend/devicediscovery	66.5%	4	0	0
🟢 PASS	0.78s	github.com/netboxlabs/orb-agent/agent/backend/mocks	0.0%	0	0	0
🟢 PASS	6.04s	github.com/netboxlabs/orb-agent/agent/backend/networkdiscovery	58.3%	4	0	0
🟢 PASS	4.02s	github.com/netboxlabs/orb-agent/agent/backend/opentelemetryinfinity	45.2%	2	0	0
🟢 PASS	4.03s	github.com/netboxlabs/orb-agent/agent/backend/pktvisor	66.5%	2	0	0
🟢 PASS	6.04s	github.com/netboxlabs/orb-agent/agent/backend/snmpdiscovery	58.3%	4	0	0
🟢 PASS	7.04s	github.com/netboxlabs/orb-agent/agent/backend/worker	67.4%	5	0	0
🟢 PASS	1.01s	github.com/netboxlabs/orb-agent/agent/config	100.0%	6	0	0
🟢 PASS	1.37s	github.com/netboxlabs/orb-agent/agent/configmgr	49.9%	32	0	0
🟢 PASS	2.71s	github.com/netboxlabs/orb-agent/agent/configmgr/fleet	65.5%	141	0	0
🟢 PASS	1.02s	github.com/netboxlabs/orb-agent/agent/otlpbridge	44.1%	8	0	0
🟢 PASS	1.01s	github.com/netboxlabs/orb-agent/agent/policies	98.9%	18	0	0
🟢 PASS	1.03s	github.com/netboxlabs/orb-agent/agent/policymgr	71.6%	11	0	0
🟢 PASS	1.03s	github.com/netboxlabs/orb-agent/agent/redact	81.6%	84	0	0
🟢 PASS	19.22s	github.com/netboxlabs/orb-agent/agent/secretsmgr	48.9%	54	0	0
🟢 PASS	1.02s	github.com/netboxlabs/orb-agent/agent/telemetry	81.7%	19	0	0
🟢 PASS	1.01s	github.com/netboxlabs/orb-agent/agent/version	100.0%	1	0	0

Total coverage: 60.1%

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6271f330f5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

This pull request introduces reliability improvements to the orb-agent, focusing on Docker container restart handling, backend timeout adjustments, and temporary file cleanup. The changes aim to make the agent more resilient to restarts and reduce downtime during container lifecycle events.

Changes:

• Increased readinessBackoff timeout from 10 to 12 seconds across all backend modules to improve startup reliability
• Enhanced pktvisor backend to clean up temporary configuration files during shutdown and reconfiguration
• Improved agent entry script to handle stale PID files gracefully instead of exiting the container
• Added SO_REUSEADDR socket option to OTLP bridge server for faster port reuse after restarts

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
agent/otlpbridge/server.go	Implements SO_REUSEADDR using ListenConfig to enable faster port reuse after agent restarts
agent/docker/orb-agent-entry.sh	Refactored PID file handling logic to detect and clean up stale PID files instead of exiting
agent/backend/worker/worker.go	Increased readinessBackoff timeout from 10 to 12 seconds
agent/backend/snmpdiscovery/snmp_discovery.go	Increased readinessBackoff timeout from 10 to 12 seconds
agent/backend/pktvisor/pktvisor.go	Added temp file cleanup in Stop() and Configure(), increased readinessBackoff to 12 seconds
agent/backend/opentelemetryinfinity/opentelemetry_infinity.go	Increased readinessBackoff timeout from 10 to 12 seconds
agent/backend/networkdiscovery/network_discovery.go	Increased readinessBackoff timeout from 10 to 12 seconds
agent/backend/devicediscovery/device_discovery.go	Increased readinessBackoff timeout from 10 to 12 seconds

Comments suppressed due to low confidence (1)

agent/backend/pktvisor/pktvisor.go:461

• After Stop() deletes the temporary config file, FullReset() calls Start() which will attempt to use the now-deleted config file path (line 118 in Start method uses p.configFile). This will likely cause pktvisord to fail to start because it's passed a non-existent config file path via the --config flag. Consider either: 1) not deleting p.configFile in Stop() (just let it be cleaned up on reconfiguration), or 2) clearing p.configFile in Stop() so Start() doesn't try to use a deleted file, or 3) having FullReset() call Configure() to create a new temp file before calling Start().

	// Note: Stop() already cleaned up temp file, but kept path for restart
	// for each policy, restart the scraper
	backendCtx, cancelFunc := context.WithCancel(context.WithValue(ctx, config.ContextKey("routine"), "pktvisor"))

	// start it
	if err := p.Start(backendCtx, cancelFunc); err != nil {

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[leoparente]

@codex review

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f27555c387

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[leoparente]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep it up!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[leoparente]

@codex review

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 7c9f4cf894

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[leoparente]

@codex review

[Copilot]

Pull request overview

Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Delightful!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[leoparente]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep it up!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 395db7e49b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[leoparente]

@codex review

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

agent/backend/pktvisor/pktvisor.go:354

• The temporary file created by os.CreateTemp is never closed before being written to with os.WriteFile. While os.WriteFile handles opening the file, the file descriptor from CreateTemp should be closed to avoid resource leaks. Add tmpFile.Close() after creating the file and before writing to it with os.WriteFile, or use defer tmpFile.Close() immediately after successful creation.

	tmpFile, err := os.CreateTemp(tmpDir, "pktvisor-*.yaml")
	if err != nil {
		return fmt.Errorf("failed to create pktvisor temp config file: %w", err)
	}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Delightful!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".