adding secret watcher to restart ptp4l process

Author: gtannous-spec

pkg/daemon/daemon.go

@@ -3,7 +3,9 @@ package daemon
 import (
 	"bufio"
 	"cmp"
+	"crypto/sha256"
 	"fmt"
+	"io"
 	"net"
 	"os"
 	"os/exec"
@@ -73,6 +75,13 @@ var ptpProcesses = []string{
 	chronydProcessName, // there can be only one chronyd process in the system
 }
 
+// saFileInfo tracks authentication file information for a profile
+type saFileInfo struct {
+	profileName string
+	filePath    string
+	fileHash    string
+}
+
 var ptpTmpFiles = []string{
 	ts2phcProcessName,
 	syncEProcessName,
@@ -306,6 +315,10 @@ type Daemon struct {
 
 	// Allow vendors to include plugins
 	pluginManager plugin.PluginManager
+
+	// Track sa_file (authentication) files for monitoring changes
+	saFileTracker map[string]*saFileInfo
+	saFileMutex   sync.Mutex
 }
 
 // New LinuxPTP is called by daemon to generate new linuxptp instance
@@ -348,19 +361,43 @@ func New(
 		processManager:       pm,
 		readyTracker:         tracker,
 		stopCh:               stopCh,
+		saFileTracker:        make(map[string]*saFileInfo),
 	}
 }
 
 // Run in a for loop to listen for any LinuxPTPConfUpdate changes
+// This function handles two types of configuration changes:
+// 1. PtpConfig changes (via ConfigMap) - triggers UpdateCh
+// 2. Authentication file changes (via Secret) - triggers sa_file check
+// Both trigger applyNodePTPProfiles() which restarts PTP processes WITHOUT restarting the pod
 func (dn *Daemon) Run() {
 	go dn.processManager.ptpEventHandler.ProcessEvents()
+
+	// Start sa_file monitoring ticker (check every 5 seconds for faster detection)
+	// This detects when Kubernetes updates the mounted secret file
+	// Total delay = Kubernetes propagation (1-10s) + our check interval (0-5s)
+	saFileCheckTicker := time.NewTicker(5 * time.Second)
+	defer saFileCheckTicker.Stop()
+
 	for {
 		select {
 		case <-dn.ptpUpdate.UpdateCh:
+			// PtpConfig change detected via ConfigMap
+			glog.Info("PtpConfig change detected, restarting PTP processes")
 			err := dn.applyNodePTPProfiles()
 			if err != nil {
 				glog.Errorf("linuxPTP apply node profile failed: %v", err)
 			}
+		case <-saFileCheckTicker.C:
+			// Check for sa_file (authentication) changes
+			// When Secret is updated, Kubernetes automatically updates the mounted file
+			if dn.checkSaFileChanges() {
+				glog.Info("sa_file authentication file changed, restarting PTP processes")
+				err := dn.applyNodePTPProfiles()
+				if err != nil {
+					glog.Errorf("linuxPTP apply node profile failed after sa_file change: %v", err)
+				}
+			}
 		case <-dn.stopCh:
 			dn.stopAllProcesses()
 			glog.Infof("linuxPTP stop signal received, existing..")
@@ -369,6 +406,131 @@ func (dn *Daemon) Run() {
 	}
 }
 
+// computeFileHash computes SHA256 hash of a file for change detection
+// This is completely generic and works with any file content (binary, text, any format)
+// Used to detect when Kubernetes updates mounted secret files
+func computeFileHash(filePath string) (string, error) {
+	file, err := os.Open(filePath)
+	if err != nil {
+		return "", err
+	}
+	defer file.Close()
+
+	hash := sha256.New()
+	if _, err := io.Copy(hash, file); err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("%x", hash.Sum(nil)), nil
+}
+
+// extractSaFileFromConf extracts sa_file path from ptp4lConf if present
+func extractSaFileFromConf(ptp4lConf *string) string {
+	if ptp4lConf == nil {
+		return ""
+	}
+
+	// Parse the config to extract sa_file from [global] section
+	for _, line := range strings.Split(*ptp4lConf, "\n") {
+		line = strings.TrimSpace(line)
+		// Skip comments
+		if strings.HasPrefix(line, "#") {
+			continue
+		}
+		// Look for sa_file option
+		if strings.HasPrefix(line, "sa_file") {
+			parts := strings.Fields(line)
+			if len(parts) >= 2 {
+				return parts[1]
+			}
+		}
+	}
+	return ""
+}
+
+// checkSaFileChanges checks if any tracked sa_file has changed
+// When a Secret is updated in Kubernetes, the mounted file is automatically updated
+// This function detects those changes via hash comparison and returns true if any file changed
+// This triggers a PTP process restart (not pod restart) - same as ConfigMap changes
+func (dn *Daemon) checkSaFileChanges() bool {
+	dn.saFileMutex.Lock()
+	defer dn.saFileMutex.Unlock()
+
+	changed := false
+	for _, info := range dn.saFileTracker {
+		if info.filePath == "" {
+			continue
+		}
+
+		// Check if file exists
+		if _, err := os.Stat(info.filePath); os.IsNotExist(err) {
+			glog.Warningf("sa_file %s for profile %s does not exist", info.filePath, info.profileName)
+			continue
+		}
+
+		// Compute current hash
+		currentHash, err := computeFileHash(info.filePath)
+		if err != nil {
+			glog.Errorf("Failed to compute hash for sa_file %s: %v", info.filePath, err)
+			continue
+		}
+
+		// Compare with stored hash
+		if currentHash != info.fileHash {
+			glog.Infof("sa_file %s for profile %s has changed (old hash: %.16s... -> %.16s...)",
+				info.filePath, info.profileName, info.fileHash, currentHash)
+			info.fileHash = currentHash
+			changed = true
+		}
+	}
+
+	return changed
+}
+
+// updateSaFileTracking updates the tracking information for sa_files from current profiles
+// Called after profiles are applied to initialize or update sa_file monitoring
+// Extracts sa_file paths from ptp4lConf and sets up hash-based change detection
+func (dn *Daemon) updateSaFileTracking() {
+	dn.saFileMutex.Lock()
+	defer dn.saFileMutex.Unlock()
+
+	// Clear old tracking
+	dn.saFileTracker = make(map[string]*saFileInfo)
+
+	// Add tracking for each profile that has sa_file configured
+	for _, profile := range dn.ptpUpdate.NodeProfiles {
+		if profile.Name == nil {
+			continue
+		}
+
+		saFilePath := extractSaFileFromConf(profile.Ptp4lConf)
+		if saFilePath == "" {
+			continue
+		}
+
+		glog.Infof("Tracking sa_file %s for profile %s", saFilePath, *profile.Name)
+
+		// Compute initial hash
+		hash := ""
+		if _, err := os.Stat(saFilePath); err == nil {
+			if h, err := computeFileHash(saFilePath); err == nil {
+				hash = h
+				glog.Infof("Initialized tracking for sa_file %s (hash: %.16s...)", saFilePath, h)
+			} else {
+				glog.Warningf("Failed to compute initial hash for sa_file %s: %v", saFilePath, err)
+			}
+		} else {
+			glog.Warningf("sa_file %s does not exist yet for profile %s", saFilePath, *profile.Name)
+		}
+
+		dn.saFileTracker[*profile.Name] = &saFileInfo{
+			profileName: *profile.Name,
+			filePath:    saFilePath,
+			fileHash:    hash,
+		}
+	}
+}
+
 func printWhenNotNil(p interface{}, description string) {
 	switch v := p.(type) {
 	case *string:
@@ -502,6 +664,10 @@ func (dn *Daemon) applyNodePTPProfiles() error {
 	dn.pluginManager.PopulateHwConfig(dn.hwconfigs)
 	*dn.refreshNodePtpDevice = true
 	dn.readyTracker.setConfig(true)
+
+	// Update sa_file tracking after profiles are applied
+	dn.updateSaFileTracking()
+
 	return nil
 }