From 8a7635b2c9ce2cb02fd389192da3d1392ca37674 Mon Sep 17 00:00:00 2001 From: Niklas Wik Date: Wed, 9 Oct 2024 15:46:03 +0300 Subject: [PATCH] feat: introduce LLDPD extension service LLDPD service is depending on configuration to not start LLDPD before the user have ensured a LLDPD configuration they want to use is in place Signed-off-by: Niklas Wik Signed-off-by: Noel Georgi --- .github/workflows/ci.yaml | 6 ++-- .github/workflows/weekly.yaml | 4 +-- .kres.yaml | 1 + MAINTAINERS.md | 1 + Makefile | 1 + README.md | 9 ++--- hack/release.toml | 5 +++ network/lldpd/README.md | 39 ++++++++++++++++++++ network/lldpd/files/group | 1 + network/lldpd/files/passwd | 1 + network/lldpd/lldpd.yaml | 52 +++++++++++++++++++++++++++ network/lldpd/manifest.yaml | 13 +++++++ network/lldpd/pkg.yaml | 67 +++++++++++++++++++++++++++++++++++ network/lldpd/vars.yaml | 4 +++ network/vars.yaml | 2 ++ reproducibility/pkg.yaml | 1 + 16 files changed, 198 insertions(+), 9 deletions(-) create mode 100644 network/lldpd/README.md create mode 100644 network/lldpd/files/group create mode 100644 network/lldpd/files/passwd create mode 100644 network/lldpd/lldpd.yaml create mode 100644 network/lldpd/manifest.yaml create mode 100644 network/lldpd/pkg.yaml create mode 100644 network/lldpd/vars.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 79e19634..8cc52cc4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-08-29T14:13:04Z by kres b5ca957. +# Generated on 2024-10-15T11:50:44Z by kres 34e72ac. name: default concurrency: @@ -33,7 +33,7 @@ jobs: labels: ${{ steps.retrieve-pr-labels.outputs.result }} services: buildkitd: - image: moby/buildkit:v0.15.2 + image: moby/buildkit:v0.16.0 options: --privileged ports: - 1234:1234 @@ -143,7 +143,7 @@ jobs: - default services: buildkitd: - image: moby/buildkit:v0.15.2 + image: moby/buildkit:v0.16.0 options: --privileged ports: - 1234:1234 diff --git a/.github/workflows/weekly.yaml b/.github/workflows/weekly.yaml index f3c67fe3..ea020545 100644 --- a/.github/workflows/weekly.yaml +++ b/.github/workflows/weekly.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2024-08-29T14:13:04Z by kres b5ca957. +# Generated on 2024-10-15T11:50:44Z by kres 34e72ac. name: weekly concurrency: @@ -16,7 +16,7 @@ jobs: - pkgs services: buildkitd: - image: moby/buildkit:v0.15.2 + image: moby/buildkit:v0.16.0 options: --privileged ports: - 1234:1234 diff --git a/.kres.yaml b/.kres.yaml index 07d7b90d..fc512bef 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -22,6 +22,7 @@ spec: - intel-ucode - iscsi-tools - kata-containers + - lldpd - mdadm - mei - nut-client diff --git a/MAINTAINERS.md b/MAINTAINERS.md index a191d687..90e9027b 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -30,6 +30,7 @@ If the field is marked as `Needs Maintainer`, it means that the package is curre | intel-ucode | Sidero Labs | NA | | iscsi-tools | Sidero Labs | NA | | kata-containers | Fabiano Fidêncio | [fidencio](https://github.com/fidencio) | +| lldpd | Nokia (Niklas Wik) | [salkin](https://github.com/salkin) | | mdadm | Serge Logvinov | [sergelogvinov](https://github.com/sergelogvinov) | | mei | Nick Meyer | [e3b0c442](https://github.com/e3b0c442) | | nut-client | Sidero Labs | NA | diff --git a/Makefile b/Makefile index f0e16a52..6a8c2d17 100644 --- a/Makefile +++ b/Makefile @@ -73,6 +73,7 @@ TARGETS += intel-ice-firmware TARGETS += intel-ucode TARGETS += iscsi-tools TARGETS += kata-containers +TARGETS += lldpd TARGETS += mdadm TARGETS += mei TARGETS += nut-client diff --git a/README.md b/README.md index 3569005d..f68a2f4b 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi | [mei](drivers/mei/) | [ghcr.io/siderolabs/mei](https://github.com/siderolabs/extensions/pkgs/container/mei) | Driver for Intel Management Engine | `talos version` | | [nvidia](nvidia-gpu/nvidia-modules/) | [ghcr.io/siderolabs/nvidia-open-gpu-kernel-modules](https://github.com/siderolabs/extensions/pkgs/container/nvidia-open-gpu-kernel-modules) | NVIDIA OSS Driver | `nvidia driver upstream version`-`talos version` | | [thunderbolt](drivers/thunderbolt/) | [ghcr.io/siderolabs/thunderbolt](https://github.com/siderolabs/extensions/pkgs/container/thunderbolt) | Thunderbolt drivers | `talos version` | -| [uinput](drivers/uinput/) | [ghcr.io/siderolabs/uinput](https://github.com/siderolabs/extensions/pkgs/container/uinput) | uinput drivers | `talos version` | +| [uinput](drivers/uinput/) | [ghcr.io/siderolabs/uinput](https://github.com/siderolabs/extensions/pkgs/container/uinput) | uinput drivers | `talos version` | | [usb-modem](drivers/usb-modem/) | [ghcr.io/siderolabs/usb-modem-drivers](https://github.com/siderolabs/extensions/pkgs/container/usb-modem-drivers) | USB Modem drivers | `talos version` | | [v4l-uvc](drivers/v4l-uvc/) | [ghcr.io/siderolabs/v4l-uvc-drivers](https://github.com/siderolabs/extensions/pkgs/container/v4l-uvc-drivers) | USB Video Class (Webcam) drivers | `talos version` | @@ -85,9 +85,10 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi ### Network -| Name | Image | Description | Version Format | -| ------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------- | ------------------ | -| [tailscale](network/tailscale/) | [ghcr.io/siderolabs/tailscale](https://github.com/siderolabs/extensions/pkgs/container/tailscale) | [Tailscale](https://tailscale.com) | `upstream version` | +| Name | Image | Description | Version Format | +| ------------------------------- | ------------------------------------------------------------------------------------------------- | -------------------------------------- | ------------------ | +| [tailscale](network/tailscale/) | [ghcr.io/siderolabs/tailscale](https://github.com/siderolabs/extensions/pkgs/container/tailscale) | [Tailscale](https://tailscale.com) | `upstream version` | +| [lldpd](network/lldpd/) | [ghcr.io/siderolabs/lldpd](https://github.com/siderolabs/extensions/pkgs/container/lldpd) | [LLDP](https://github.com/lldpd/lldpd) | `upstream version` | ### Storage diff --git a/hack/release.toml b/hack/release.toml index 64880240..4503f0ea 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -15,5 +15,10 @@ See [Talos Linux documentation](https://www.talos.dev/v1.9/talos-guides/configur """ [notes] + [notes.lldpd] + title = "LLDP" + description = """ +lldpd is now available as a system extension. +""" [make_deps] diff --git a/network/lldpd/README.md b/network/lldpd/README.md new file mode 100644 index 00000000..6f1510bd --- /dev/null +++ b/network/lldpd/README.md @@ -0,0 +1,39 @@ +# LLDPD + +Adds https://lldpd.github.io/ as system extensions. +This means a lldpd server is started that sends/receives LLDP messages. + +## Installation + +See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions). + +## Usage + +Configure the extension via `ExtensionServiceConfig` document. You can add any lldpd related configuration and these will be executed at the LLDPD server startup. + +```yaml +--- +apiVersion: v1alpha1 +kind: ExtensionServiceConfig +name: lldpd +configFiles: + - content: | + configure lldpd portidsubtype ifname + unconfigure lldp management-addresses-advertisements + unconfigure lldp capabilities-advertisements + configure system description "Talos Node" + mountPath: /usr/local/etc/lldpd/lldpd.conf +``` + +Then apply the patch to your node's MachineConfigs +```bash +talosctl patch mc -p @lldpd-config.yaml +``` + +You will then be able to verify that it is in place with the following command +```bash +talosctl get extensionserviceconfigs + +NODE NAMESPACE TYPE ID VERSION +mynode runtime ExtensionServiceConfig lldpd 1 +``` diff --git a/network/lldpd/files/group b/network/lldpd/files/group new file mode 100644 index 00000000..1dbf9013 --- /dev/null +++ b/network/lldpd/files/group @@ -0,0 +1 @@ +root:x:0: diff --git a/network/lldpd/files/passwd b/network/lldpd/files/passwd new file mode 100644 index 00000000..35a01eb6 --- /dev/null +++ b/network/lldpd/files/passwd @@ -0,0 +1 @@ +root:x:0:0:root:/:/sbin/false diff --git a/network/lldpd/lldpd.yaml b/network/lldpd/lldpd.yaml new file mode 100644 index 00000000..f60aa33f --- /dev/null +++ b/network/lldpd/lldpd.yaml @@ -0,0 +1,52 @@ +# © 2024 Nokia +# Licensed under the Mozilla Public License 2.0 +# SPDX-License-Identifier: MPL-2.0 +name: lldpd +depends: + - service: cri + - network: + - addresses + - connectivity + - etcfiles + - configuration: true +container: + args: + - -d + - -u + - /var/run/lldpd/lldpd.socket + - -I + - eth*,enp*,ens*,eno* + entrypoint: /usr/local/sbin/lldpd + mounts: + # release file + - source: /etc/os-release + destination: /etc/os-release + type: bind + options: + - bind + - ro + # libs + - source: /lib + destination: /lib + type: bind + options: + - bind + - ro + # more libs + - source: /usr/lib + destination: /usr/lib + type: bind + options: + - bind + - ro + # lldpd socket + - source: /var/run/lldpd + destination: /var/run/lldpd + type: bind + options: + - bind + - rw + security: + writeableRootfs: false + writeableSysfs: true +restart: always diff --git a/network/lldpd/manifest.yaml b/network/lldpd/manifest.yaml new file mode 100644 index 00000000..a4fa8ee7 --- /dev/null +++ b/network/lldpd/manifest.yaml @@ -0,0 +1,13 @@ +# © 2024 Nokia +# Licensed under the Mozilla Public License 2.0 +# SPDX-License-Identifier: MPL-2.0 +version: v1alpha1 +metadata: + name: lldpd + version: "$VERSION" + author: Niklas Wik + description: | + LLDP adds a LLDP discovery service to Talos. LLDP cli can be used to interface with the daemon. + compatibility: + talos: + version: ">= v1.7.0" diff --git a/network/lldpd/pkg.yaml b/network/lldpd/pkg.yaml new file mode 100644 index 00000000..48cce63a --- /dev/null +++ b/network/lldpd/pkg.yaml @@ -0,0 +1,67 @@ +# © 2024 Nokia +# Licensed under the Mozilla Public License 2.0 +# SPDX-License-Identifier: MPL-2.0 +name: lldpd +variant: scratch +shell: /toolchain/bin/bash +dependencies: + - stage: base +steps: + - sources: + - url: https://github.com/lldpd/lldpd/releases/download/{{ .LLDPD_VERSION }}/lldpd-{{ .LLDPD_VERSION }}.tar.gz + destination: lldpd.tar.gz + sha256: 38cd319aa02ab61d9a2ad130e22f906795ccca9ac73a0a0d9dac19ca99a8a870 + sha512: c8734221767cd879c98ea3ee6fa80e1dce2f8470a97b0f757cfe7ef8fe2adaf878fdedcda896cf65e1af980634f2ab312588658fb85f89c6d5b6cc9d2da52045 + # ref: https://git.alpinelinux.org/aports/tree/main/libc-dev + # https://wiki.musl-libc.org/faq.html#Q:-Why-is-%3Ccode%3Esys/queue.h%3C/code%3E-not-included + - url: https://git.alpinelinux.org/aports/plain/main/libc-dev/sys-queue.h?id=87f42de0e1c1c6d2b229edfc126a3d4191c835ed + sha256: c13407edd0e33be73cae72514cb234f8612e1c0e54401c9448daffd3a240158b + sha512: 2f0d5e6e4dc3350285cf17009265dddcbe12431c111868eea39bc8cb038ab7c1f2acacbb21735c4e9d4a1fd106a8fc0f8611ea33987d4faba37dde5ce6da0750 + destination: sys-queue.h + env: + SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }} + prepare: + - | + sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml + - | + tar -xf lldpd.tar.gz --strip-components=1 + + mkdir -p /usr/local/include/sys + cp sys-queue.h /usr/local/include/sys/queue.h + - | + ln -sf /toolchain/bin/env /usr/bin/env + + export CFLAGS="${CFLAGS} -I/usr/local/include" + + ./configure \ + --prefix=/usr/local \ + --libexecdir=/usr/local/lib/lldpd \ + --datadir=/usr/local/share/lldpd \ + --sysconfdir=/usr/local/etc/lldpd \ + --enable-hardening \ + --with-privsep-user=root \ + --with-privsep-group=root \ + --with-privsep-chroot=/opt/lldpd + build: + - | + make -j $(nproc) all + install: + - | + mkdir -p /rootfs/usr/local/{etc/containers,lib/containers/lldpd/{etc,opt/lldpd}} + + cp /pkg/lldpd.yaml /rootfs/usr/local/etc/containers/lldpd.yaml + + cp /pkg/files/* /rootfs/usr/local/lib/containers/lldpd/etc + + make DESTDIR=/rootfs/usr/local/lib/containers/lldpd install-exec + test: + - | + mkdir -p /extensions-validator-rootfs + cp -r /rootfs/ /extensions-validator-rootfs/rootfs + cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml + /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" +finalize: + - from: /rootfs + to: /rootfs + - from: /pkg/manifest.yaml + to: / diff --git a/network/lldpd/vars.yaml b/network/lldpd/vars.yaml new file mode 100644 index 00000000..f3e20b30 --- /dev/null +++ b/network/lldpd/vars.yaml @@ -0,0 +1,4 @@ +# © 2024 Nokia +# Licensed under the Mozilla Public License 2.0 +# SPDX-License-Identifier: MPL-2.0 +VERSION: "{{ .LLDPD_VERSION }}" diff --git a/network/vars.yaml b/network/vars.yaml index d29f534a..506c4a1f 100644 --- a/network/vars.yaml +++ b/network/vars.yaml @@ -1,2 +1,4 @@ # renovate: datasource=github-releases extractVersion=^v(?.*)$ depName=tailscale/tailscale TAILSCALE_VERSION: 1.72.1 +# renovate: datasource=github-releases depName=lldpd/lldpd +LLDPD_VERSION: 1.0.18 diff --git a/reproducibility/pkg.yaml b/reproducibility/pkg.yaml index 582c7b0a..fae29ee0 100644 --- a/reproducibility/pkg.yaml +++ b/reproducibility/pkg.yaml @@ -35,6 +35,7 @@ dependencies: - stage: iscsi-tools # kata-containers can be ignored from reproducibility test since it's a tarball downloaded and extracted (no build happens) # - stage: kata-containers + - stage: lldpd - stage: mdadm # mei can be ignored from reproducibility test since it's kernel modules copied from pkgs # - stage: mei