Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Recreate watcher if the file unlinked and replaced #2893

Merged
merged 2 commits into from
Aug 3, 2024
Merged

🐛 Recreate watcher if the file unlinked and replaced #2893

merged 2 commits into from
Aug 3, 2024

Conversation

m-messiah
Copy link
Member

@m-messiah m-messiah commented Jul 30, 2024
edited
Loading

The current certwatcher misses some events, so if the certificate is maintained in a failsafe-backup way it cannot be watched and fails to get any updates.

For example, when it started with certwartcher.New("app.crt", "app.key") and someone does:

curl -O app.crt.new example.com/cert
curl -O app.key.new example.com/key
diff app.crt.new app.crt || (echo "No change"; exit 0)
ln app.crt app.crt.old
ln app.key app.key.old
mv app.crt.new app.crt
mv app.key.new app.key

The FD of the file gets these inotify events and stops being watched.

# Diff
app.crt OPEN
app.crt CLOSE_NOWRITE,CLOSE
# Move
app.crt ATTRIB
app.crt MOVE_SELF
app.crt ATTRIB
app.crt DELETE_SELF

Please take a look at the added test for the implementation of failsafe cert replacement.
The problem is that in this stage because of hardlink the certwatcher continues to watch app.crt.old and app.key.old inodes until they are removed. If they are removed properly - it gets a REMOVE fsnotify event and recreates the watch, but if they use something like unlink and still have open FD or another watch - they would be watched forever.

The case is already mentioned in fsnotify library comments: https://github.com/fsnotify/fsnotify/blob/c1467c02fba575afdb5f4201072ab8403bbf00f4/fsnotify.go#L40-L48

// # Linux notes
//
// When a file is removed a Remove event won't be emitted until all file
// descriptors are closed, and deletes will always emit a Chmod. For example:
//
//      fp := os.Open("file")
//      os.Remove("file")        // Triggers Chmod
//      fp.Close()               // Triggers Remove
//

and https://github.com/fsnotify/fsnotify/blob/c1467c02fba575afdb5f4201072ab8403bbf00f4/fsnotify.go#L135-L139

        //   fsnotify.Chmod     Attributes were changed. On Linux this is also sent
        //                      when a file is removed (or more accurately, when a
        //                      link to an inode is removed). On kqueue it's sent
        //                      when a file is truncated. On Windows it's never
        //                      sent.

So the PR adds fsnotify.Chmod event to be treated equally to fsnotify.Remove in case someone still looks at the old inode, because for certiwatcher the important data are in the filename, not inode.

Note, there is no harm in recreating the watch for a file that is already monitored (in case Chmod was thrown for any other reason) as watcher would just reuse the existing: https://github.com/fsnotify/fsnotify/blob/c1467c02fba575afdb5f4201072ab8403bbf00f4/fsnotify.go#L277-L312

// A path can only be watched once; watching it more than once is a no-op and will
// not return an error. Paths that do not yet exist on the filesystem cannot be
// watched.
//
// A watch will be automatically removed if the watched path is deleted or
// renamed. The exception is the Windows backend, which doesn't remove the
// watcher on renames.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 30, 2024
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 30, 2024
@m-messiah m-messiah marked this pull request as draft July 30, 2024 16:29
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 30, 2024
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 30, 2024
@vincepri
Copy link
Member

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Jul 30, 2024
@m-messiah m-messiah changed the title 🐛 Recreate watcher if the file was renamed 🐛 Recreate watcher if the file unlinked and replaced Aug 1, 2024
@m-messiah m-messiah marked this pull request as ready for review August 1, 2024 15:56
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 1, 2024
vincepri
vincepri reviewed Aug 1, 2024
View reviewed changes
Copy link
Member

@vincepri vincepri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/assign @sbueringer

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: m-messiah, vincepri

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 1, 2024
@sbueringer
Copy link
Member

/lgtm
/hold

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Aug 1, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: b9055ed877ccf5bafe16326c138eddb0e39f675f

@alvaroaleman alvaroaleman added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Aug 3, 2024
@alvaroaleman
Copy link
Member

/hold cancel
Thank you!

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 3, 2024
@k8s-ci-robot k8s-ci-robot merged commit 5b943b9 into kubernetes-sigs:main Aug 3, 2024
12 checks passed
@m-messiah m-messiah deleted the patch-1 branch August 12, 2024 08:32
@vincepri
Copy link
Member

/cherry-pick release-1.8

@k8s-infra-cherrypick-robot
Copy link

@vincepri: cannot checkout release-1.8: error checking out "release-1.8": exit status 1 error: pathspec 'release-1.8' did not match any file(s) known to git

In response to this:

/cherry-pick release-1.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@vincepri
Copy link
Member

/cherry-pick release-0.18

@vincepri
Copy link
Member

/cherry-pick release-0.17

@k8s-infra-cherrypick-robot
Copy link

@vincepri: new pull request created: #2919

In response to this:

/cherry-pick release-0.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Aug 12, 2024
Merged
@k8s-infra-cherrypick-robot
Copy link

@vincepri: new pull request created: #2920

In response to this:

/cherry-pick release-0.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-infra-cherrypick-robot k8s-infra-cherrypick-robot mentioned this pull request Aug 12, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vincepri vincepri vincepri left review comments

@inteon inteon Awaiting requested review from inteon

@varshaprasad96 varshaprasad96 Awaiting requested review from varshaprasad96

@alvaroaleman alvaroaleman Awaiting requested review from alvaroaleman

Assignees

@sbueringer sbueringer

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@m-messiah @vincepri @k8s-ci-robot @sbueringer @alvaroaleman @k8s-infra-cherrypick-robot