refactor: simplify sa_file monitoring with early binding approach

gtannous-spec · gtannous-spec · commit 16ed150f1cae · 2025-11-27T21:31:11.000Z
- Add PTP_SEC_FOLDER constant for /etc/ptp-secret-mount/
- Watch security mount folder from daemon startup instead of per-profile
- Remove saFileTracker, saFileMutex, and saFileInfo (no longer needed)
- Remove checkSaFileChanges, updateSaFileTracking, extractSaFileFromConf
- Simplify fsnotify handler: any file change triggers PTP restart
- Eliminates late binding complexity since mount path is known ahead of time
diff --git a/pkg/daemon/daemon.go b/pkg/daemon/daemon.go
@@ -57,6 +57,7 @@ const (
 	MessageTagSuffixSeperator       = ":"
 	TBC                             = "T-BC"
 	TGM                             = "T-GM"
+	PTP_SEC_FOLDER                  = "/etc/ptp-secret-mount/"
 )
 
 var (
@@ -76,13 +77,6 @@ var ptpProcesses = []string{
 	phc2sysProcessName, // there can be only one phc2sys process in the system
 }
 
-// saFileInfo tracks authentication file information for a profile
-type saFileInfo struct {
-	profileName string
-	filePath    string
-	fileHash    string
-}
-
 var ptpTmpFiles = []string{
 	ts2phcProcessName,
 	syncEProcessName,
@@ -316,10 +310,6 @@ type Daemon struct {
 
 	// Allow vendors to include plugins
 	pluginManager plugin.PluginManager
-
-	// Track sa_file (authentication) files for monitoring changes
-	saFileTracker map[string]*saFileInfo
-	saFileMutex   sync.Mutex
 	saFileWatcher *fsnotify.Watcher
 }
 
@@ -351,6 +341,7 @@ func New(
 	}
 	tracker.processManager = pm
 
+	// Initialize fsnotify watcher for sa_file change detection
 	// Initialize fsnotify watcher for sa_file change detection
 	watcher, err := fsnotify.NewWatcher()
 	if err != nil {
@@ -359,6 +350,12 @@ func New(
 		watcher = nil
 	} else {
 		glog.Info("fsnotify watcher initialized for sa_file change detection")
+		// Watch the known security mount folder from startup
+		if err := watcher.Add(PTP_SEC_FOLDER); err != nil {
+			glog.Warningf("Failed to watch %s (may not exist yet): %v", PTP_SEC_FOLDER, err)
+		} else {
+			glog.Infof("Watching %s for sa_file changes", PTP_SEC_FOLDER)
+		}
 	}
 
 	return &Daemon{
@@ -374,7 +371,6 @@ func New(
 		processManager:       pm,
 		readyTracker:         tracker,
 		stopCh:               stopCh,
-		saFileTracker:        make(map[string]*saFileInfo),
 		saFileWatcher:        watcher,
 	}
 }
@@ -425,23 +421,24 @@ func (dn *Daemon) Run() {
 				continue // Ignore hidden files like ..data
 			}
 
-			glog.Infof("File system event: %s (op: %s)", event.Name, event.Op.String())
-
-			// Prevent restart flooding from multiple rapid events
-			// Check if any tracked sa_file actually changed
-			if dn.checkSaFileChanges() {
-				glog.Info("sa_file authentication file changed, restarting PTP processes")
-				err := dn.applyNodePTPProfiles()
-				if err != nil {
-					glog.Errorf("linuxPTP apply node profile failed after sa_file change: %v", err)
-				}
+			glog.Infof("Security file changed: %s (op: %s), restarting PTP processes", event.Name, event.Op.String())
+			err := dn.applyNodePTPProfiles()
+			if err != nil {
+				glog.Errorf("linuxPTP apply node profile failed after security file change: %v", err)
 			}
 
 		case err, ok := <-watcherErrors:
 			// fsnotify watcher error
 			if !ok {
 				watcherErrors = nil
-				continue
+				// recreate the watcher
+				dn.saFileWatcher, err = fsnotify.NewWatcher()
+				if err != nil {
+					glog.Errorf("Failed to recreate fsnotify watcher for sa_file monitoring: %v", err)
+					continue
+				}
+				glog.Info("fsnotify watcher reinitialized for sa_file change detection")
+
 			}
 			glog.Errorf("fsnotify watcher error: %v", err)
 
@@ -471,152 +468,6 @@ func computeFileHash(filePath string) (string, error) {
 	return fmt.Sprintf("%x", hash.Sum(nil)), nil
 }
 
-// extractSaFileFromConf extracts sa_file path from ptp4lConf if present
-func extractSaFileFromConf(ptp4lConf *string) string {
-	if ptp4lConf == nil {
-		return ""
-	}
-
-	// Parse the config to extract sa_file from [global] section
-	for _, line := range strings.Split(*ptp4lConf, "\n") {
-		line = strings.TrimSpace(line)
-		// Skip comments
-		if strings.HasPrefix(line, "#") {
-			continue
-		}
-		// Look for sa_file option
-		if strings.HasPrefix(line, "sa_file") {
-			parts := strings.Fields(line)
-			if len(parts) >= 2 {
-				return parts[1]
-			}
-		}
-	}
-	return ""
-}
-
-// checkSaFileChanges checks if any tracked sa_file has changed
-// When a Secret is updated in Kubernetes, the mounted file is automatically updated
-// This function detects those changes via hash comparison and returns true if any file changed
-// This triggers a PTP process restart (not pod restart) - same as ConfigMap changes
-func (dn *Daemon) checkSaFileChanges() bool {
-	dn.saFileMutex.Lock()
-	defer dn.saFileMutex.Unlock()
-
-	changed := false
-	for _, info := range dn.saFileTracker {
-		if info.filePath == "" {
-			continue
-		}
-
-		// Check if file exists
-		if _, err := os.Stat(info.filePath); os.IsNotExist(err) {
-			if info.fileHash != "" {
-				glog.Warningf("sa_file %s for profile %s was deleted (had hash: %.16s...)",
-					info.filePath, info.profileName, info.fileHash)
-				changed = true
-			}
-			continue
-		}
-
-		// Compute current hash
-		currentHash, err := computeFileHash(info.filePath)
-		if err != nil {
-			glog.Errorf("Failed to compute hash for sa_file %s: %v", info.filePath, err)
-			continue
-		}
-
-		// Compare with stored hash
-		if currentHash != info.fileHash {
-			glog.Infof("sa_file %s for profile %s has changed (old hash: %.16s... -> %.16s...)",
-				info.filePath, info.profileName, info.fileHash, currentHash)
-			info.fileHash = currentHash
-			changed = true
-		}
-	}
-
-	return changed
-}
-
-// updateSaFileTracking updates the tracking information for sa_files from current profiles
-// Called after profiles are applied to initialize or update sa_file monitoring
-// Extracts sa_file paths from ptp4lConf and sets up fsnotify watches for instant change detection
-// Reuses existing hashes when file path hasn't changed to avoid redundant computation
-func (dn *Daemon) updateSaFileTracking() {
-	dn.saFileMutex.Lock()
-	defer dn.saFileMutex.Unlock()
-
-	// Save old tracking to reuse hashes for unchanged files
-	oldTracker := dn.saFileTracker
-
-	// Remove all existing watches first
-	if dn.saFileWatcher != nil {
-		for _, info := range oldTracker {
-			if info.filePath != "" {
-				dirPath := filepath.Dir(info.filePath)
-				dn.saFileWatcher.Remove(dirPath)
-			}
-		}
-	}
-
-	// Create new tracking
-	dn.saFileTracker = make(map[string]*saFileInfo)
-	watchedDirs := make(map[string]bool)
-
-	// Add tracking for each profile that has sa_file configured
-	for _, profile := range dn.ptpUpdate.NodeProfiles {
-		if profile.Name == nil {
-			continue
-		}
-
-		saFilePath := extractSaFileFromConf(profile.Ptp4lConf)
-		if saFilePath == "" {
-			continue
-		}
-
-		glog.Infof("Tracking sa_file %s for profile %s", saFilePath, *profile.Name)
-
-		// Optimize: Reuse hash if same file path in old tracker (avoid recomputation)
-		hash := ""
-		if oldInfo, exists := oldTracker[*profile.Name]; exists && oldInfo.filePath == saFilePath {
-			// File path unchanged, reuse existing hash
-			hash = oldInfo.fileHash
-			glog.Infof("Reusing existing hash for sa_file %s (hash: %.16s...)", saFilePath, hash)
-		} else {
-			// New file or path changed, compute hash
-			if _, err := os.Stat(saFilePath); err == nil {
-				if h, err := computeFileHash(saFilePath); err == nil {
-					hash = h
-					glog.Infof("Computed new hash for sa_file %s (hash: %.16s...)", saFilePath, h)
-				} else {
-					glog.Warningf("Failed to compute hash for sa_file %s: %v", saFilePath, err)
-				}
-			} else {
-				glog.Warningf("sa_file %s does not exist yet for profile %s", saFilePath, *profile.Name)
-			}
-		}
-
-		dn.saFileTracker[*profile.Name] = &saFileInfo{
-			profileName: *profile.Name,
-			filePath:    saFilePath,
-			fileHash:    hash,
-		}
-
-		// Setup fsnotify watch on directory (not file, due to Kubernetes symlinks)
-		if dn.saFileWatcher != nil {
-			dirPath := filepath.Dir(saFilePath)
-			if !watchedDirs[dirPath] {
-				if err := dn.saFileWatcher.Add(dirPath); err != nil {
-					glog.Errorf("Failed to watch directory %s for sa_file changes: %v", dirPath, err)
-				} else {
-					glog.Infof("Watching directory %s for instant sa_file change detection", dirPath)
-					watchedDirs[dirPath] = true
-				}
-			}
-		}
-	}
-}
-
 func printWhenNotNil(p interface{}, description string) {
 	switch v := p.(type) {
 	case *string:
@@ -750,10 +601,6 @@ func (dn *Daemon) applyNodePTPProfiles() error {
 	dn.pluginManager.PopulateHwConfig(dn.hwconfigs)
 	*dn.refreshNodePtpDevice = true
 	dn.readyTracker.setConfig(true)
-
-	// Update sa_file tracking after profiles are applied
-	dn.updateSaFileTracking()
-
 	return nil
 }
 
