diff --git a/.kres.yaml b/.kres.yaml index 10cc6f99..757297a0 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -33,6 +33,7 @@ spec: - mdadm - mei - metal-agent + - multipath-tools - nebula - netbird - newt @@ -48,6 +49,7 @@ spec: - nvidia-open-gpu-kernel-modules-lts - nvidia-open-gpu-kernel-modules-production - nvme-cli + - soci-snapshotter - panfrost - qemu-guest-agent - qlogic-firmware @@ -58,6 +60,7 @@ spec: - tailscale - tenstorrent - thunderbolt + - trident-iscsi-tools - uinput - usb-modem-drivers - usb-audio-drivers @@ -88,11 +91,11 @@ spec: - name: EXTENSIONS_IMAGE_REF defaultValue: $(REGISTRY_AND_USERNAME)/extensions:$(TAG) - name: PKGS - defaultValue: v1.12.0 + defaultValue: v1.12.0-6-gcd63cf9 - name: PKGS_PREFIX defaultValue: ghcr.io/siderolabs - name: TOOLS - defaultValue: v1.12.0 + defaultValue: v1.12.0-1-g188885e - name: TOOLS_PREFIX defaultValue: ghcr.io/siderolabs useBldrPkgTagResolver: true diff --git a/MAINTAINERS.md b/MAINTAINERS.md index 8b0e1f27..3141941e 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -8,68 +8,70 @@ If the field is marked as `Needs Maintainer`, it means that the package is curre ## Maintainers -| Name | Maintainer | Github ID | -| ----------------------------------------- | ------------------ | -------------------------------------------------------------------- | -| amazon-ena | Sidero Labs | NA | -| amdgpu | Sidero Labs | NA | -| amd-ucode | Sidero Labs | NA | -| binfmt-misc | Serge Logvinov | [sergelogvinov](https://github.com/sergelogvinov) | -| bnx2-bnx2x | Sidero Labs | NA | -| btrfs | Enno Boland | [Gottox](https://github.com/Gottox) | -| chelsio-drivers | Sidero Labs | NA | -| chelsio-firmware | Sidero Labs | NA | -| cloudflared | Maxime Nrb | [maxnrb](https://github.com/maxnrb) | -| crun | Henrik Gerdes | [hegerdes](https://github.com/hegerdes) | -| drbd | Needs Maintainer | NA | -| dvb-cx23885 | Skyler Mäntysaari | [samip5](https://github.com/samip5) | -| dvb-m88ds3103 | Yehia Amer | [yehia2amer](https://github.com/yehia2amer) | -| ecr-credential-provider | Florian Ströger | [Preisschild](https://github.com/Preisschild) | -| fuse3 | Sidero Labs | NA | -| gasket-driver | Sidero Labs | NA | -| gvisor | Sidero Labs | NA | -| gvisor-debug | Sidero Labs | NA | -| hello-world-service | Sidero Labs | NA | -| i915 | Sidero Labs | NA | -| intel-ice-firmware | Sidero Labs | NA | -| intel-ucode | Sidero Labs | NA | -| iscsi-tools | Sidero Labs | NA | -| kata-containers | Fabiano Fidêncio | [fidencio](https://github.com/fidencio) | -| lldpd | Nokia (Niklas Wik) | [salkin](https://github.com/salkin) | -| mdadm | Serge Logvinov | [sergelogvinov](https://github.com/sergelogvinov) | -| mei | Nick Meyer | [e3b0c442](https://github.com/e3b0c442) | -| metal-agent | Sidero Labs | NA | -| nebula | s e | [iamwacko](https://github.com/iamwacko) | -| netbird | Łukasz Szczepański | [l-szczepanski-speednet](https://github.com/l-szczepanski-speednet) | -| nfs-utils | Clément Nussbaumer | [clementnuss](https://github.com/clementnuss) | -| nut-client | Sidero Labs | NA | -| nvidia-container-toolkit-lts | Sidero Labs | NA | -| nivida-container-toolkit-production | Sidero Labs | NA | -| nvidia-fabricmanager-lts | Sidero Labs | NA | -| nvidia-fabricmanager-production | Sidero Labs | NA | -| nvidia-open-gpu-kernel-modules-lts | Sidero Labs | NA | -| nvidia-open-gpu-kernel-modules-production | Sidero Labs | NA | -| nvme-cli | Sidelo Labs | NA | -| nonfree-kmod-nvidia-lts | Sidero Labs | NA | -| nonfree-kmod-nvidia-production | Sidero Labs | NA | -| panfrost | Adam Cirillo | [adamcirillo](https://github.com/adamcirillo) | -| qemu-guest-agent | Markus Reiter | [reitermarkus](https://github.com/reitermarkus) | -| qlogic-firmware | Sidero Labs | NA | -| realtek-firmware | Sidero Labs | NA | -| revpi-firmware | Martin Schuessler | [c0ffee](https://github.com/c0ffee) | -| spin | Sven Pfennig | [0xE282B0](https://github.com/0xE282B0) | -| stargz-snapshotter | Sidero Labs | NA | -| tailscale | Beau Trepp | [btrepp](https://github.com/btrepp) | -| thunderbolt | Igor Rzegocki | [ajgon](https://github.com/ajgon) | -| uinput | Judah Rand | [judahrand](https://github.com/judahrand) | -| usb-audio-drivers | Breland Miley | [mindstorms6](https://github.com/mindstorms6) | -| usb-modem-drivers | Sidero Labs | NA | -| util-linux-tools | Sidero Labs | NA | -| v4l-uvc-drivers | Jacob McSwain | [USA-RedDragon](https://github.com/USA-RedDragon) | -| vc4 | Jorn Vanthienen | [Jorn Vanthienen](https://github.com/jvanthienen-gluo) | -| vmtoolsd-guest-agent | Robin Elfrink | [robinelfrink](https://github.com/robinelfrink) | -| wasmedge | Sidero Labs | NA | -| xdma-driver | Nikolai Shields | [nikolaishields](https://github.com/nikolaishields) | -| xen-guest-agent | Jerwin NJ | [j3rwin](https://github.com/j3rwin) | -| youki | 0xBrandon | [0xBrandon](https://github.com/0x4272616E646F6E) | -| zerotier | rob-htl | [rob-htl](https://github.com/rob-htl) | -| zfs | Aenix, Enix | [kvaps](https://github.com/kvaps), [donch](https://github.com/donch) | +| Name | Maintainer | Github ID | +| ----------------------------------------- | ------------------ | ---------------------------------------------------------------------------------------- | +| amazon-ena | Sidero Labs | NA | +| amdgpu | Sidero Labs | NA | +| amd-ucode | Sidero Labs | NA | +| binfmt-misc | Serge Logvinov | [sergelogvinov](https://github.com/sergelogvinov) | +| bnx2-bnx2x | Sidero Labs | NA | +| btrfs | Enno Boland | [Gottox](https://github.com/Gottox) | +| chelsio-drivers | Sidero Labs | NA | +| chelsio-firmware | Sidero Labs | NA | +| cloudflared | Maxime Nrb | [maxnrb](https://github.com/maxnrb) | +| crun | Henrik Gerdes | [hegerdes](https://github.com/hegerdes) | +| drbd | Needs Maintainer | NA | +| dvb-cx23885 | Skyler Mäntysaari | [samip5](https://github.com/samip5) | +| dvb-m88ds3103 | Yehia Amer | [yehia2amer](https://github.com/yehia2amer) | +| ecr-credential-provider | Florian Ströger | [Preisschild](https://github.com/Preisschild) | +| fuse3 | Sidero Labs | NA | +| gasket-driver | Sidero Labs | NA | +| gvisor | Sidero Labs | NA | +| gvisor-debug | Sidero Labs | NA | +| hello-world-service | Sidero Labs | NA | +| i915 | Sidero Labs | NA | +| intel-ice-firmware | Sidero Labs | NA | +| intel-ucode | Sidero Labs | NA | +| iscsi-tools | Sidero Labs | NA | +| kata-containers | Fabiano Fidêncio | [fidencio](https://github.com/fidencio) | +| lldpd | Nokia (Niklas Wik) | [salkin](https://github.com/salkin) | +| mdadm | Serge Logvinov | [sergelogvinov](https://github.com/sergelogvinov) | +| mei | Nick Meyer | [e3b0c442](https://github.com/e3b0c442) | +| metal-agent | Sidero Labs | NA | +| multipath-tools | INS | [Untersander](https://github.com/Untersander), [SimLi1333](https://github.com/SimLi1333) | +| nebula | s e | [iamwacko](https://github.com/iamwacko) | +| netbird | Łukasz Szczepański | [l-szczepanski-speednet](https://github.com/l-szczepanski-speednet) | +| nfs-utils | Clément Nussbaumer | [clementnuss](https://github.com/clementnuss) | +| nut-client | Sidero Labs | NA | +| nvidia-container-toolkit-lts | Sidero Labs | NA | +| nivida-container-toolkit-production | Sidero Labs | NA | +| nvidia-fabricmanager-lts | Sidero Labs | NA | +| nvidia-fabricmanager-production | Sidero Labs | NA | +| nvidia-open-gpu-kernel-modules-lts | Sidero Labs | NA | +| nvidia-open-gpu-kernel-modules-production | Sidero Labs | NA | +| nvme-cli | Sidelo Labs | NA | +| nonfree-kmod-nvidia-lts | Sidero Labs | NA | +| nonfree-kmod-nvidia-production | Sidero Labs | NA | +| panfrost | Adam Cirillo | [adamcirillo](https://github.com/adamcirillo) | +| qemu-guest-agent | Markus Reiter | [reitermarkus](https://github.com/reitermarkus) | +| qlogic-firmware | Sidero Labs | NA | +| realtek-firmware | Sidero Labs | NA | +| revpi-firmware | Martin Schuessler | [c0ffee](https://github.com/c0ffee) | +| spin | Sven Pfennig | [0xE282B0](https://github.com/0xE282B0) | +| stargz-snapshotter | Sidero Labs | NA | +| tailscale | Beau Trepp | [btrepp](https://github.com/btrepp) | +| thunderbolt | Igor Rzegocki | [ajgon](https://github.com/ajgon) | +| trident-iscsi-tools | INS | [Untersander](https://github.com/Untersander), [SimLi1333](https://github.com/SimLi1333) | +| uinput | Judah Rand | [judahrand](https://github.com/judahrand) | +| usb-audio-drivers | Breland Miley | [mindstorms6](https://github.com/mindstorms6) | +| usb-modem-drivers | Sidero Labs | NA | +| util-linux-tools | Sidero Labs | NA | +| v4l-uvc-drivers | Jacob McSwain | [USA-RedDragon](https://github.com/USA-RedDragon) | +| vc4 | Jorn Vanthienen | [Jorn Vanthienen](https://github.com/jvanthienen-gluo) | +| vmtoolsd-guest-agent | Robin Elfrink | [robinelfrink](https://github.com/robinelfrink) | +| wasmedge | Sidero Labs | NA | +| xdma-driver | Nikolai Shields | [nikolaishields](https://github.com/nikolaishields) | +| xen-guest-agent | Jerwin NJ | [j3rwin](https://github.com/j3rwin) | +| youki | 0xBrandon | [0xBrandon](https://github.com/0x4272616E646F6E) | +| zerotier | rob-htl | [rob-htl](https://github.com/rob-htl) | +| zfs | Aenix, Enix | [kvaps](https://github.com/kvaps), [donch](https://github.com/donch) | diff --git a/Makefile b/Makefile index 26c92788..4591dde1 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-11-14T09:20:25Z by kres e1d6dac. +# Generated on 2025-11-27T15:58:33Z by kres e1d6dac. # common variables @@ -51,9 +51,9 @@ COMMON_ARGS += $(BUILD_ARGS) # extra variables EXTENSIONS_IMAGE_REF ?= $(REGISTRY_AND_USERNAME)/extensions:$(TAG) -PKGS ?= v1.12.0 +PKGS ?= v1.12.0-6-gcd63cf9 PKGS_PREFIX ?= ghcr.io/siderolabs -TOOLS ?= v1.12.0 +TOOLS ?= v1.12.0-1-g188885e TOOLS_PREFIX ?= ghcr.io/siderolabs IMAGE_SIGNER_RELEASE ?= v0.1.1 @@ -90,6 +90,7 @@ TARGETS += lldpd TARGETS += mdadm TARGETS += mei TARGETS += metal-agent +TARGETS += multipath-tools TARGETS += nebula TARGETS += netbird TARGETS += newt @@ -105,6 +106,7 @@ TARGETS += nvidia-gdrdrv-device TARGETS += nvidia-open-gpu-kernel-modules-lts TARGETS += nvidia-open-gpu-kernel-modules-production TARGETS += nvme-cli +TARGETS += soci-snapshotter TARGETS += panfrost TARGETS += qemu-guest-agent TARGETS += qlogic-firmware @@ -115,6 +117,7 @@ TARGETS += stargz-snapshotter TARGETS += tailscale TARGETS += tenstorrent TARGETS += thunderbolt +TARGETS += trident-iscsi-tools TARGETS += uinput TARGETS += usb-modem-drivers TARGETS += usb-audio-drivers diff --git a/Pkgfile b/Pkgfile index 64c5d42f..34ea1a0e 100644 --- a/Pkgfile +++ b/Pkgfile @@ -4,8 +4,8 @@ format: v1alpha2 vars: CONTAINERD_VERSION: v2.1.5 # update this when updating PKGS_VERSION in Makefile - LINUX_FIRMWARE_VERSION: "20251111" # update this when updating PKGS_VERSION in Makefile - DRBD_DRIVER_VERSION: 9.2.15 # update this when updating PKGS_VERSION in Makefile + LINUX_FIRMWARE_VERSION: "20251125" # update this when updating PKGS_VERSION in Makefile + DRBD_DRIVER_VERSION: 9.2.16 # update this when updating PKGS_VERSION in Makefile ZFS_DRIVER_VERSION: 2.4.0-rc2 # update this when updating PKGS_VERSION in Makefile ZFS_TOOLS_SHA256: 6b5b821e03520034b49f965acb198ff4f37661195689326a1c05a4782389987f ZFS_TOOLS_SHA512: 7fa6caecc6818af17bdc104624eb7638a6c41bfca03a5b45ce996e7bbf8bfd1b06a54714ca7cb59ac70b061cb0eb11bc68868f786a502f427775f1bcfe1a5de0 diff --git a/README.md b/README.md index 2f84736a..9f0c4244 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ tiers based on support level: | Name | Tier | Image | Version | Description | | ---- | ---- | ----- | ------- | ----------- | -| [crun](container-runtime/crun) | :yellow_square: extra | [ghcr.io/siderolabs/crun](https://github.com/siderolabs/extensions/pkgs/container/crun) | `1.25` | This system extension provides crun using containerd's runtime handler. | +| [crun](container-runtime/crun) | :yellow_square: extra | [ghcr.io/siderolabs/crun](https://github.com/siderolabs/extensions/pkgs/container/crun) | `1.25.1` | This system extension provides crun using containerd's runtime handler. | | [ecr-credential-provider](container-runtime/ecr-credential-provider) | :yellow_square: extra | [ghcr.io/siderolabs/ecr-credential-provider](https://github.com/siderolabs/extensions/pkgs/container/ecr-credential-provider) | `v1.34.1` | This system extension provides a binary which implements Kubelet's CredentialProvider API to authenticate against AWS' Elastic Container Registry and pull images. | | [gvisor](container-runtime/gvisor) | :green_square: core | [ghcr.io/siderolabs/gvisor](https://github.com/siderolabs/extensions/pkgs/container/gvisor) | `20251103.0` | This system extension provides gVisor using containerd's runtime handler. | | [gvisor-debug](container-runtime/gvisor-debug) | :yellow_square: extra | [ghcr.io/siderolabs/gvisor-debug](https://github.com/siderolabs/extensions/pkgs/container/gvisor-debug) | `v1.0.0` | This system extension enables gVisor debug logging. | @@ -75,24 +75,24 @@ tiers based on support level: | Name | Tier | Image | Version | Description | | ---- | ---- | ----- | ------- | ----------- | -| [amd-ucode](firmware/amd-ucode) | :green_square: core | [ghcr.io/siderolabs/amd-ucode](https://github.com/siderolabs/extensions/pkgs/container/amd-ucode) | `20251111` | This system extension provides AMD microcode binaries. | -| [bnx2-bnx2x](firmware/bnx2-bnx2x) | :green_square: core | [ghcr.io/siderolabs/bnx2-bnx2x](https://github.com/siderolabs/extensions/pkgs/container/bnx2-bnx2x) | `20251111` | This system extension provides bnx2 and bnx2x binaries. | -| [chelsio-firmware](firmware/chelsio) | :white_large_square: contrib | [ghcr.io/siderolabs/chelsio-firmware](https://github.com/siderolabs/extensions/pkgs/container/chelsio-firmware) | `20251111` | This system extension provides Chelsio NIC firmware binaries. | -| [intel-ice-firmware](firmware/intel-ice-firmware) | :green_square: core | [ghcr.io/siderolabs/intel-ice-firmware](https://github.com/siderolabs/extensions/pkgs/container/intel-ice-firmware) | `20251111` | This system extension provides Intel Ice firmware binaries. | +| [amd-ucode](firmware/amd-ucode) | :green_square: core | [ghcr.io/siderolabs/amd-ucode](https://github.com/siderolabs/extensions/pkgs/container/amd-ucode) | `20251125` | This system extension provides AMD microcode binaries. | +| [bnx2-bnx2x](firmware/bnx2-bnx2x) | :green_square: core | [ghcr.io/siderolabs/bnx2-bnx2x](https://github.com/siderolabs/extensions/pkgs/container/bnx2-bnx2x) | `20251125` | This system extension provides bnx2 and bnx2x binaries. | +| [chelsio-firmware](firmware/chelsio) | :white_large_square: contrib | [ghcr.io/siderolabs/chelsio-firmware](https://github.com/siderolabs/extensions/pkgs/container/chelsio-firmware) | `20251125` | This system extension provides Chelsio NIC firmware binaries. | +| [intel-ice-firmware](firmware/intel-ice-firmware) | :green_square: core | [ghcr.io/siderolabs/intel-ice-firmware](https://github.com/siderolabs/extensions/pkgs/container/intel-ice-firmware) | `20251125` | This system extension provides Intel Ice firmware binaries. | | [intel-ucode](firmware/intel-ucode) | :green_square: core | [ghcr.io/siderolabs/intel-ucode](https://github.com/siderolabs/extensions/pkgs/container/intel-ucode) | `20251111` | This system extension provides Intel microcode binaries. | -| [qlogic-firmware](firmware/qlogic-firmware) | :green_square: core | [ghcr.io/siderolabs/qlogic-firmware](https://github.com/siderolabs/extensions/pkgs/container/qlogic-firmware) | `20251111` | This system extension provides firmware for QLogic devices. | -| [realtek-firmware](firmware/realtek-firmware) | :green_square: core | [ghcr.io/siderolabs/realtek-firmware](https://github.com/siderolabs/extensions/pkgs/container/realtek-firmware) | `20251111` | This system extension provides realtek firmware binaries. | +| [qlogic-firmware](firmware/qlogic-firmware) | :green_square: core | [ghcr.io/siderolabs/qlogic-firmware](https://github.com/siderolabs/extensions/pkgs/container/qlogic-firmware) | `20251125` | This system extension provides firmware for QLogic devices. | +| [realtek-firmware](firmware/realtek-firmware) | :green_square: core | [ghcr.io/siderolabs/realtek-firmware](https://github.com/siderolabs/extensions/pkgs/container/realtek-firmware) | `20251125` | This system extension provides realtek firmware binaries. | | [revpi-firmware](firmware/revpi-firmware) | :white_large_square: contrib | [ghcr.io/siderolabs/revpi-firmware](https://github.com/siderolabs/extensions/pkgs/container/revpi-firmware) | `v1.0.0` | This system extension provides tools e.g. udev rules for the RevolutionPi platform. | ### Direct Rendering Manager (DRM) | Name | Tier | Image | Version | Description | | ---- | ---- | ----- | ------- | ----------- | -| [amdgpu](drm/amdgpu) | :green_square: core | [ghcr.io/siderolabs/amdgpu](https://github.com/siderolabs/extensions/pkgs/container/amdgpu) | `20251111-VERSION` | This system extension provides AMDGPU firmware binaries and kernel modules. | -| [i915](drm/i915) | :green_square: core | [ghcr.io/siderolabs/i915](https://github.com/siderolabs/extensions/pkgs/container/i915) | `20251111-VERSION` | This system extension provides Intel GPU microcode binaries and kernel modules. | -| [panfrost](drm/panfrost) | :white_large_square: contrib | [ghcr.io/siderolabs/panfrost](https://github.com/siderolabs/extensions/pkgs/container/panfrost) | `20251111-VERSION` | This system extension provides ARM Mali Midgard, Bifrost, and Valhall firmware binaries and kernel modules. | +| [amdgpu](drm/amdgpu) | :green_square: core | [ghcr.io/siderolabs/amdgpu](https://github.com/siderolabs/extensions/pkgs/container/amdgpu) | `20251125-VERSION` | This system extension provides AMDGPU firmware binaries and kernel modules. | +| [i915](drm/i915) | :green_square: core | [ghcr.io/siderolabs/i915](https://github.com/siderolabs/extensions/pkgs/container/i915) | `20251125-VERSION` | This system extension provides Intel GPU microcode binaries and kernel modules. | +| [panfrost](drm/panfrost) | :white_large_square: contrib | [ghcr.io/siderolabs/panfrost](https://github.com/siderolabs/extensions/pkgs/container/panfrost) | `20251125-VERSION` | This system extension provides ARM Mali Midgard, Bifrost, and Valhall firmware binaries and kernel modules. | | [vc4](drm/vc4) | :yellow_square: extra | [ghcr.io/siderolabs/vc4](https://github.com/siderolabs/extensions/pkgs/container/vc4) | `VERSION` | This system extension provides kernel modules for Broadcom VideoCore GPU. | -| [xe](drm/xe) | :green_square: core | [ghcr.io/siderolabs/xe](https://github.com/siderolabs/extensions/pkgs/container/xe) | `20251111-VERSION` | This system extension provides Intel GPU microcode binaries and kernel modules. | +| [xe](drm/xe) | :green_square: core | [ghcr.io/siderolabs/xe](https://github.com/siderolabs/extensions/pkgs/container/xe) | `20251125-VERSION` | This system extension provides Intel GPU microcode binaries and kernel modules. | ### Drivers @@ -134,7 +134,7 @@ tiers based on support level: | [nebula](network/nebula) | :white_large_square: contrib | [ghcr.io/siderolabs/nebula](https://github.com/siderolabs/extensions/pkgs/container/nebula) | `1.9.7` | A scalable overlay networking tool with a focus on performance, simplicity and security | | [netbird](network/netbird) | :white_large_square: contrib | [ghcr.io/siderolabs/netbird](https://github.com/siderolabs/extensions/pkgs/container/netbird) | `0.59.12` | NetBird combines a WireGuard®-based overlay network with Zero Trust Network Access, providing a unified open source platform for reliable and secure connectivity. | | [newt](network/newt) | :white_large_square: contrib | [ghcr.io/siderolabs/newt](https://github.com/siderolabs/extensions/pkgs/container/newt) | `1.6.0` | Newt is a fully user space WireGuard tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing. More info: https://github.com/fosrl/newt | -| [tailscale](network/tailscale) | :yellow_square: extra | [ghcr.io/siderolabs/tailscale](https://github.com/siderolabs/extensions/pkgs/container/tailscale) | `1.90.6` | Tailscale connects your team's devices and development environments for easy access to remote resources. | +| [tailscale](network/tailscale) | :yellow_square: extra | [ghcr.io/siderolabs/tailscale](https://github.com/siderolabs/extensions/pkgs/container/tailscale) | `1.90.9` | Tailscale connects your team's devices and development environments for easy access to remote resources. | | [zerotier](network/zerotier) | :white_large_square: contrib | [ghcr.io/siderolabs/zerotier](https://github.com/siderolabs/extensions/pkgs/container/zerotier) | `1.16.0` | Connect your Talos cluster into a zerotier network | ### Storage @@ -142,13 +142,15 @@ tiers based on support level: | Name | Tier | Image | Version | Description | | ---- | ---- | ----- | ------- | ----------- | | [btrfs](storage/btrfs) | :yellow_square: extra | [ghcr.io/siderolabs/btrfs](https://github.com/siderolabs/extensions/pkgs/container/btrfs) | `VERSION` | This system extension provides kernel module driver for BTRFS built against a specific Talos version. | -| [drbd](storage/drbd) | :yellow_square: extra | [ghcr.io/siderolabs/drbd](https://github.com/siderolabs/extensions/pkgs/container/drbd) | `9.2.15-VERSION` | This system extension provides kernel module driver for DRBD built against a specific Talos version. | +| [drbd](storage/drbd) | :yellow_square: extra | [ghcr.io/siderolabs/drbd](https://github.com/siderolabs/extensions/pkgs/container/drbd) | `9.2.16-VERSION` | This system extension provides kernel module driver for DRBD built against a specific Talos version. | | [fuse3](storage/fuse3) | :green_square: core | [ghcr.io/siderolabs/fuse3](https://github.com/siderolabs/extensions/pkgs/container/fuse3) | `3.17.4` | This system extension provides fuse3 functionality. | | [iscsi-tools](storage/iscsi-tools) | :green_square: core | [ghcr.io/siderolabs/iscsi-tools](https://github.com/siderolabs/extensions/pkgs/container/iscsi-tools) | `v0.2.0` | This system extension provides iscsi-tools. | | [mdadm](storage/mdadm) | :white_large_square: contrib | [ghcr.io/siderolabs/mdadm](https://github.com/siderolabs/extensions/pkgs/container/mdadm) | `v4.4` | This system extension provides mdadm binary. | +| [multipath-tools](storage/multipath-tools) | :white_large_square: contrib | [ghcr.io/siderolabs/multipath-tools](https://github.com/siderolabs/extensions/pkgs/container/multipath-tools) | `v0.0.1` | This system extension provides multipath-tools. | | [nfs-utils](storage/nfs-utils) | :white_large_square: contrib | [ghcr.io/siderolabs/nfs-utils](https://github.com/siderolabs/extensions/pkgs/container/nfs-utils) | `v0.1.1` | This system extension provides rpcbind and rpc.statd for NFSv3 file locking support. rpcbind is a server that converts RPC program numbers into universal addresses. rpc.statd is the NSM (Network Status Monitor) service daemon that notifies NFS peers of restarts. These services are required for NFSv3 mounts with file locking support. | | [nfsd](storage/nfsd) | :yellow_square: extra | [ghcr.io/siderolabs/nfsd](https://github.com/siderolabs/extensions/pkgs/container/nfsd) | `VERSION` | This system extension provides kernel module driver for NFSD built against a specific Talos version. | | [nfsrahead](storage/nfsrahead) | :white_large_square: contrib | [ghcr.io/siderolabs/nfsrahead](https://github.com/siderolabs/extensions/pkgs/container/nfsrahead) | `2.8.3` | This system extension provides nfsrahead, a tool to configure the readahead for NFS mounts. | +| [trident-iscsi-tools](storage/trident-iscsi-tools) | :white_large_square: contrib | [ghcr.io/siderolabs/trident-iscsi-tools](https://github.com/siderolabs/extensions/pkgs/container/trident-iscsi-tools) | `v0.0.1` | This system extension provides the tools and binaries used by the NetApp Trident CSI for iSCSI. It contains lsscsi, ls, free, pgrep, cat and dd. | | [zfs](storage/zfs) | :yellow_square: extra | [ghcr.io/siderolabs/zfs](https://github.com/siderolabs/extensions/pkgs/container/zfs) | `2.4.0-rc2-VERSION` | This system extension provides the ZFS kernel module, the ZFS utilities, and a service to import all ZFS pools on start and unmount all pools on stop. | ### Power diff --git a/container-runtime/soci-snapshotter/pkg.yaml b/container-runtime/soci-snapshotter/pkg.yaml index 8dc497d4..275dbee7 100644 --- a/container-runtime/soci-snapshotter/pkg.yaml +++ b/container-runtime/soci-snapshotter/pkg.yaml @@ -30,8 +30,8 @@ steps: - | cd ${GOPATH}/src/github.com/awslabs/soci-snapshotter - make soci-snapshotter-grpc - make soci + make soci-snapshotter-grpc STATIC=1 + make soci STATIC=1 install: - | mkdir -p /rootfs/usr/local/bin diff --git a/container-runtime/vars.yaml b/container-runtime/vars.yaml index 2df35677..cc719de7 100644 --- a/container-runtime/vars.yaml +++ b/container-runtime/vars.yaml @@ -39,11 +39,11 @@ KATA_CONTAINERS_STATIC_ARM64_SHA512: 2724fb89abd24e524a1f7cac08d47ec7cff4ee2aa0d KATA_CONTAINERS_STATIC_AMD64_SHA256: 9c8a1e8832a53bbb821b57b1fd8bda077c2d99adb22b655b7b6a567423b3cc3a KATA_CONTAINERS_STATIC_AMD64_SHA512: ac9e3c6c2dabe9b30cd92556e99b397d85f01e2574beea2287b6f33b9d49717f02397db4c0dbf8350b8beb5602237e4ab8629f7355ef8f54cb558c7f009d50fe # renovate: datasource=github-releases depName=containers/crun -CRUN_VERSION: 1.25 -CRUN_ARM64_SHA256: 7c1907ad518a04c8b6496c8210d7f2ccc78917f261740782d8758af084c66a02 -CRUN_ARM64_SHA512: c4f986a43ce48b985ef09b5ad5480ba1a55869b44ef7b1541251453c7a4e260f1a28bf42adfcd493e11757d6514c0fd291f59a593236fee3dc1a564a3cb52582 -CRUN_AMD64_SHA256: d83b8d16ef8807229b4d23c2de321f06da26e6dff6e78cacf1e4e5b0ed953608 -CRUN_AMD64_SHA512: 5f0a05c1a52dea87b5bf68e90e54e2a76133b804a2a81613831a1fd328b2fa73d1aab6637292df4e6a6394ab13731ff1d9bbb72050baff3b910a1d37087c6df9 +CRUN_VERSION: 1.25.1 +CRUN_ARM64_SHA256: 3a6463b3b633132c0c13218e019084ca156156973a81a544725cd7253c19c3e9 +CRUN_ARM64_SHA512: 2b6b035ec595f684f3156e89f558acc90f4de983c72b8ed160adfe9ea831dadfe93537129c5383a000e4f003c61629b1b0b34ee135f1b99d3508fc86706e513f +CRUN_AMD64_SHA256: 2d762b2e8be5789445f42246cff47e278e88013604764a0adc322426de413668 +CRUN_AMD64_SHA512: 782e091d1477681d1ac8956e0278cd49cc56745455f2bcdc339cfdeffd28b007f65d21dcb2a4d3e792cfcdf448ee9171a5d9961b98aadc0da21cfb89388abe49 # renovate: datasource=github-releases extractVersion=^v(?.*)$ depName=youki-dev/youki YOUKI_VERSION: 0.5.7 YOUKI_ARM64_SHA256: b3002d9d39b04f797e783745f92cffec9e0caa464254be98aa0b4dfc184f0233 diff --git a/hack/release.toml b/hack/release.toml index 039737dd..2c4c4406 100644 --- a/hack/release.toml +++ b/hack/release.toml @@ -24,8 +24,8 @@ NVIDIA LTS: 580.95.05 NVIDIA Production: 570.195.03 NVIDIA Container Toolkit: 1.18.0 ctr: 2.1.5 -crun: 1.25 -drbd: 9.2.15 +crun: 1.25.1 +drbd: 9.2.16 ecr-credential-provider: 1.34.1 fuse3: 3.17.4 glibc: 2.42 @@ -41,7 +41,7 @@ nut-client: 2.8.4 qemu: 10.1.2 spin: 0.22.0 stargz-snapshotter: 0.18.1 -tailscale: 1.90.6 +tailscale: 1.90.9 talos-vmtoolsd: 1.4.0 youki: 0.5.7 zerotier: 1.16.0 @@ -51,7 +51,7 @@ tenstorrent: 2.5.0 mdadm: 4.4 Intel u-code: 20251111 -wolfi-base: sha256:77891a12dc762228955294f2207ee1cbd2b127f18dc7c7458203116288dce828 +wolfi-base: sha256:42012fa027adc864efbb7cf68d9fc575ea45fe1b9fb0d16602e00438ce3901b1 """ [make_deps] diff --git a/misc/glibc/vars.yaml b/misc/glibc/vars.yaml index 54ac7d14..9d63134b 100644 --- a/misc/glibc/vars.yaml +++ b/misc/glibc/vars.yaml @@ -1,5 +1,5 @@ # renovate: datasource=docker versioning=docker depName=cgr.dev/chainguard/wolfi-base -WOLFI_BASE_REF: sha256:77891a12dc762228955294f2207ee1cbd2b127f18dc7c7458203116288dce828 +WOLFI_BASE_REF: sha256:42012fa027adc864efbb7cf68d9fc575ea45fe1b9fb0d16602e00438ce3901b1 VERSION: {{ .GLIBC_VERSION }} diff --git a/network/vars.yaml b/network/vars.yaml index bcbeb917..0454bf7e 100644 --- a/network/vars.yaml +++ b/network/vars.yaml @@ -1,7 +1,7 @@ # renovate: datasource=github-releases extractVersion=^v(?.*)$ depName=tailscale/tailscale -TAILSCALE_VERSION: 1.90.6 -TAILSCALE_SHA256: 7873cf720d22e931952a23a24c9f44829d512174acb5b6454496a18376e98d67 -TAILSCALE_SHA512: 74078b5fe2ecc06528b1ec54496d49ff701c97f792f7c8dbd08203646e88819ef65260357d0fac09e3319ce17749f8b7b5da95ed02f2b2e9a6e2b6196b483e47 +TAILSCALE_VERSION: 1.90.9 +TAILSCALE_SHA256: df3f8fc2635826b59677f34b17d81299ffb0c6a0fe484d52e47f2bbdea000193 +TAILSCALE_SHA512: 83768716f81864f048e4843c101f113ce7849b66c8e2c44f7009c9846b041c1ba927b83e8d6ab599493b06bfb093edf96325b268ae6bcd80751da788548976eb # renovate: datasource=github-releases depName=lldpd/lldpd LLDPD_VERSION: 1.0.20 LLDPD_SHA256: c851ce102444b932b691f0d00142520333030822709fc4566ef20c651ae1714f diff --git a/nvidia-gpu/nvidia-container-toolkit/lts/nvidia-persistenced.yaml b/nvidia-gpu/nvidia-container-toolkit/lts/nvidia-persistenced.yaml index ffd99967..5be8bea8 100644 --- a/nvidia-gpu/nvidia-container-toolkit/lts/nvidia-persistenced.yaml +++ b/nvidia-gpu/nvidia-container-toolkit/lts/nvidia-persistenced.yaml @@ -19,6 +19,13 @@ container: - bind - ro # shared libraries + - source: /lib + destination: /lib + type: bind + options: + - bind + - ro + # shared libraries - source: /usr/local/glibc destination: /usr/local/glibc type: bind diff --git a/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/main.go b/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/main.go index 39992ed9..14d8763e 100644 --- a/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/main.go +++ b/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/main.go @@ -109,16 +109,12 @@ func main() { gracefulShutdown() }() - nvswitchPorts := findNvswitchMgmtPorts() - for _, port := range nvswitchPorts { - log.Printf("nvidia-fabricmanager-wrapper: found NVSwitch LPF: device=%s guid=0x%x\n", port.IBDevice, port.PortGUID) - } - fmSmMgmtPortGUID := "" - if len(nvswitchPorts) > 0 { - fmSmMgmtPortGUID = fmt.Sprintf("0x%x", nvswitchPorts[0].PortGUID) + if err, nvswitchPort := findNvswitchMgmtPort(); err == nil { + fmSmMgmtPortGUID = fmt.Sprintf("0x%x", nvswitchPort.PortGUID) log.Printf("nvidia-fabricmanager-wrapper: using NVSwitch management port GUID: %s\n", fmSmMgmtPortGUID) } else { + log.Printf("nvidia-fabricmanager-wrapper: NVSwitch management disabled: %v\n", err) log.Println("nvidia-fabricmanager-wrapper: No InfiniBand NVSwitch detected. On Blackwell HGX baseboards and newer", "with NVLink 5.0+, please load kernel module 'ib_umad' for NVLSM to run along FabricManager. Otherwise it will", "fail to start with error NV_WARN_NOTHING_TO_DO, and GPU workloads will report CUDA_ERROR_SYSTEM_NOT_READY.") diff --git a/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/nvswitch.go b/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/nvswitch.go index 1351e748..ca25c306 100644 --- a/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/nvswitch.go +++ b/nvidia-gpu/nvidia-fabricmanager/nvidia-fabricmanager-wrapper/nvswitch.go @@ -12,6 +12,8 @@ import "C" import ( "bytes" "encoding/binary" + "errors" + "log" "os" "path" "unsafe" @@ -56,51 +58,124 @@ func findLpfDevices() (devices []string) { } if bytes.Contains(vpd, []byte("SMDL=SW_MNG")) { + log.Printf("nvidia-fabricmanager-wrapper: infiniband: found NVSwitch LPF device: %s\n", device.Name()) devices = append(devices, device.Name()) } } return } -func findNvswitchMgmtPorts() (ports []NVSwitchMgmtPort) { +/* +Replication of the logic found in script "nvidia-fabricmanager-start.sh" from the FabricManager package: + + for each LPF device: + for each LPF device port: + skip port if the IsSMDisabled bit is set + read the port GUID + configure FM and SM to use that port + stop looking for a management port + +Unlike the upstream algorithm, we'll continue scanning all ports after a first management port is found to generate +useful log messages for bug reports. +*/ +func findNvswitchMgmtPort() (err error, port *NVSwitchMgmtPort) { lpfDevs := findLpfDevices() if len(lpfDevs) == 0 { - return + return errors.New("no NVSwitch LPF device found"), nil } if C.umad_init() < 0 { - return + return errors.New("failed to initialize libibumad"), nil } + defer C.umad_done() - for _, lpf := range lpfDevs { - const maxPorts = 16 - var portGUIDs [maxPorts]C.__be64 + for _, device := range lpfDevs { + // device name as a C string to use with libibumad + cDeviceName := C.CString(device) + defer C.free(unsafe.Pointer(cDeviceName)) /* - $ man 3 umad_get_ca_portguids + * get IB device attributes + */ - On success, umad_get_ca_portguids() returns a non-negative value equal to the number of port GUIDs actually - filled. Not all filled entries may be valid. Invalid entries will be 0. For example, on a CA node with only - one port, this function returns a value of 2. In this case, the value at index 0 will be invalid as it is - reserved for switches. On failure, a negative value is returned. - */ - numPort := C.umad_get_ca_portguids(C.CString(lpf), &portGUIDs[0], maxPorts) + caPtr := (*C.struct_umad_ca)(C.malloc(C.sizeof_struct_umad_ca)) + defer C.free(unsafe.Pointer(caPtr)) + + if C.umad_get_ca(cDeviceName, caPtr) < 0 { + log.Printf("nvidia-fabricmanager-wrapper: infiniband: failed to get interface attributes device=%s\n", device) + continue + } + + numPorts := int(caPtr.numports) + log.Printf("nvidia-fabricmanager-wrapper: infiniband: successful read of interface attributes device=%s"+ + " numPorts=%d\n", device, numPorts) + + /* + * iterate over device ports + */ - for i := range int(numPort) { - var guid uint64 + portPtr := (*C.struct_umad_port)(C.malloc(C.sizeof_struct_umad_port)) + defer C.free(unsafe.Pointer(portPtr)) - // convert kernel __be64 to uint64 - buf := bytes.NewReader((*[8]byte)(unsafe.Pointer(&portGUIDs[i]))[:]) - if err := binary.Read(buf, binary.BigEndian, &guid); err != nil { + // index 0 is not a valid port per IB specifications + for portIdx := 1; portIdx <= numPorts; portIdx++ { + if C.umad_get_port(cDeviceName, C.int(portIdx), portPtr) < 0 { + log.Printf("nvidia-fabricmanager-wrapper: infiniband: failed to get port attributes device=%s port=%d\n", + device, portIdx) continue } - if guid != 0 { - ports = append(ports, NVSwitchMgmtPort{lpf, guid}) + // read port GUID, we have to convert kernel __be64 to uint64 + var portGUID uint64 + buf := bytes.NewReader((*[8]byte)(unsafe.Pointer(&portPtr.port_guid))[:]) + if err := binary.Read(buf, binary.BigEndian, &portGUID); err != nil { + log.Printf("nvidia-fabricmanager-wrapper: infiniband: failed to convert port GUID endianness device=%s port=%d\n", + device, portIdx) + continue + } + + // read port capabilities + const IsSMDisabledMask = 0x00000400 + var capMask uint32 + buf = bytes.NewReader((*[4]byte)(unsafe.Pointer(&portPtr.capmask))[:]) + if err := binary.Read(buf, binary.BigEndian, &capMask); err != nil { + log.Printf("nvidia-fabricmanager-wrapper: infiniband: failed to convert port capmask endianness device=%s port=%d\n", + device, portIdx) + continue + } + isSMDisabled := (capMask & IsSMDisabledMask) != 0 + + // read port state + portState := uint32(portPtr.state) + portStateStr := "Unknown" + switch portState { + case 1: + portStateStr = "Down" + case 2: + portStateStr = "Init" + case 4: + portStateStr = "Active" + } + + log.Printf("nvidia-fabricmanager-wrapper: infiniband: successful read of port attributes device=%s port=%d"+ + " guid=0x%x capabilities=0x%x isSMDisabled=%t state=%s\n", device, portIdx, portGUID, capMask, isSMDisabled, + portStateStr) + + // still looking for a management port + if port == nil { + // evaluate candidate port + if portGUID != 0 && isSMDisabled == false { + port = &NVSwitchMgmtPort{device, portGUID} + log.Printf("nvidia-fabricmanager-wrapper: infiniband: selected NVSwitch management port device=%s guid=0x%x\n", device, portGUID) + + } } } } - C.umad_done() + if port == nil { + return errors.New("failed to find a NVSwitch management port"), nil + } + return } diff --git a/nvidia-gpu/vars.yaml b/nvidia-gpu/vars.yaml index b6d9b935..bca1374c 100644 --- a/nvidia-gpu/vars.yaml +++ b/nvidia-gpu/vars.yaml @@ -40,7 +40,7 @@ LIBNVIDIA_CONTAINER_REF: 889a3bb5408c195ed7897ba2cb8341c7d249672f LIBNVIDIA_CONTAINER_SHA256: 29c41b8db4d56a5d761a11b6552e2208b746ba9053d9bcfa80a32d9bfb4c64cc LIBNVIDIA_CONTAINER_SHA512: 230b6d3b0a29a54796cebdc212b4cb4b2249d8bb370e97778be88093b6d36153d1325a5755ef69d5b856cfc6b9a904e30d39466d86efd3369b2c838fa57cd7e9 # renovate: datasource=docker versioning=docker depName=cgr.dev/chainguard/wolfi-base -WOLFI_BASE_REF: sha256:77891a12dc762228955294f2207ee1cbd2b127f18dc7c7458203116288dce828 +WOLFI_BASE_REF: sha256:42012fa027adc864efbb7cf68d9fc575ea45fe1b9fb0d16602e00438ce3901b1 # renovate: datasource=github-tags extractVersion=^v(?.*)$ depName=seccomp/libseccomp LIBSECCOMP_VERSION: 2.6.0 LIBSECCOMP_SHA256: 83b6085232d1588c379dc9b9cae47bb37407cf262e6e74993c61ba72d2a784dc diff --git a/storage/multipath-tools/README.md b/storage/multipath-tools/README.md new file mode 100644 index 00000000..fc8131c1 --- /dev/null +++ b/storage/multipath-tools/README.md @@ -0,0 +1,44 @@ +# multipath-tools + +This extension provides the `multipathd` daemon on the host for handling device-mapper multipathing. +It enables consistent, fault-tolerant access to storage devices that expose multiple I/O paths. + +## What's Included + +* **multipathd**: Multipath daemon +* **multipath**: Device mapper target autoconfig +* **multipathc**: Interactive client for multipathd +* **mpathpersist**: Manages SCSI persistent reservations on dm multipath devices +* **kpartx**: Create device maps from partition tables. + +## Use Case + +To run this daemon you need the following **kernel** modules: +```yaml +kernel: + modules: + - name: dm_multipath + - name: dm_round-robin # or dm-queue-length +``` +To configure multipath accordingly you need to apply something like: +```yaml +apiVersion: v1alpha1 +kind: ExtensionServiceConfig +name: multipathd +configFiles: + - content: | + defaults { + user_friendly_names yes + find_multipaths no + path_selector "round-robin 0" + } + mountPath: /etc/multipath.conf +``` +You probably need to use `round-robin` or `queue-length` (if that is supported by your use case) as the default `service-time` is not supported, since `dm-service-time` kernel module is not jet in talos build at the moment. + + +## References + +- [multipath man page](https://linux.die.net/man/8/multipath) +- [multipathd man page](https://linux.die.net/man/8/multipathd) +- [Related Kernel module issue](https://github.com/siderolabs/talos/issues/9515) \ No newline at end of file diff --git a/storage/multipath-tools/manifest.yaml.tmpl b/storage/multipath-tools/manifest.yaml.tmpl new file mode 100644 index 00000000..8af107a6 --- /dev/null +++ b/storage/multipath-tools/manifest.yaml.tmpl @@ -0,0 +1,10 @@ +version: v1alpha1 +metadata: + name: multipath-tools + version: "{{ .VERSION }}" + author: Institute for Network and Security (INS) at OST + description: | + [{{ .TIER }}] This system extension provides multipath-tools. + compatibility: + talos: + version: ">= v1.9.0" diff --git a/storage/multipath-tools/multipathd.yaml b/storage/multipath-tools/multipathd.yaml new file mode 100644 index 00000000..7b6b4207 --- /dev/null +++ b/storage/multipath-tools/multipathd.yaml @@ -0,0 +1,55 @@ +name: multipathd +container: + security: + maskedPaths: [] + readonlyPaths: [] + writeableRootfs: true + entrypoint: /usr/local/sbin/multipathd + args: + - -d + - -s + mounts: + # ld-musl-x86_64.so.1 + - source: /lib + destination: /lib + type: bind + options: + - bind + - ro + # libs + - source: /usr/local/lib/ + destination: /usr/local/lib/ + type: bind + options: + - bind + - ro + - source: /usr/local/sbin + destination: /usr/local/sbin + type: bind + options: + - bind + - ro + # /dev/mapper and multipath disk + - source: /dev + destination: /dev + type: bind + options: + - bind + - rw + - source: /sys + destination: /sys + type: bind + options: + - bind + - rw +depends: + - network: + - addresses + - connectivity + - hostname + - etcfiles + - service: udevd + - path: /dev/mapper/control + - service: cri + # - configuration: true +restart: always diff --git a/storage/multipath-tools/pkg.yaml b/storage/multipath-tools/pkg.yaml new file mode 100644 index 00000000..2daf01ab --- /dev/null +++ b/storage/multipath-tools/pkg.yaml @@ -0,0 +1,68 @@ +name: multipath-tools +variant: scratch +shell: /bin/bash +dependencies: + - stage: base + - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/systemd-udevd:{{ .BUILD_ARG_PKGS }}" + - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/libjson-c:{{ .BUILD_ARG_PKGS }}" + - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/lvm2:{{ .BUILD_ARG_PKGS }}" + - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/liburcu:{{ .BUILD_ARG_PKGS }}" + - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/libaio:{{ .BUILD_ARG_PKGS }}" +steps: + - sources: + - url: https://github.com/opensvc/multipath-tools/archive/refs/tags/{{ .MULTIPATH_TOOLS_VERSION }}.tar.gz + destination: multipath-tools.tar.gz + sha256: {{ .MULTIPATH_TOOLS_SHA256 }} + sha512: {{ .MULTIPATH_TOOLS_SHA512 }} + env: + PKG_CONFIG_PATH: /usr/lib/pkgconfig + prepare: + - | + sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml + - | + tar -xzf multipath-tools.tar.gz --strip-components=1 + build: + - | + make -j $(nproc) prefix="/usr/local" \ + sysconfdir="/etc" \ + configdir="/etc/multipath/conf.d" \ + mandir="/usr/share/man" \ + infodir="/usr/share/info" \ + statedir="/etc/multipath" \ + etc_prefix="" \ + LIB=lib \ + SYSTEMD="" + install: + - | + mkdir -p /rootfs/usr/local/lib/containers/multipathd/ /rootfs/usr/local/lib/ + cp /usr/lib/libgcc_s.so.1 /rootfs/usr/local/lib/ + make prefix="/usr/local" DESTDIR=/rootfs LIB=lib install + - | + mkdir -p /rootfs/usr/local/etc/containers + cp /pkg/multipathd.yaml /rootfs/usr/local/etc/containers/ + # Remove kernel module loading config + - | + rm /rootfs/usr/lib/modules-load.d/multipath.conf + rmdir /rootfs/usr/lib/modules-load.d + # Remove unnecessary docs and includes + - | + rm -rf /rootfs/usr/local/share + rm -rf /rootfs/usr/local/include + # This file tries to create a tmpfs mount at `/var/run/multipath`. + - | + rm /rootfs/usr/lib/tmpfiles.d/multipath.conf + rmdir /rootfs/usr/lib/tmpfiles.d + # # Removed but might be needed by other users of multipath-tools + - | + rm /rootfs/usr/lib/udev/kpartx_id + test: + - | + mkdir -p /extensions-validator-rootfs + cp -r /rootfs/ /extensions-validator-rootfs/rootfs + cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml + /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" +finalize: + - from: /rootfs + to: /rootfs + - from: /pkg/manifest.yaml + to: / diff --git a/storage/multipath-tools/vars.yaml b/storage/multipath-tools/vars.yaml new file mode 100644 index 00000000..2409a9c4 --- /dev/null +++ b/storage/multipath-tools/vars.yaml @@ -0,0 +1,8 @@ +VERSION: v0.0.1 + +# renovate: datasource=github-releases extractVersion=^multipath-tools (?.*)$ depName=opensvc/multipath-tools +MULTIPATH_TOOLS_VERSION: 0.13.0 +MULTIPATH_TOOLS_SHA256: ed0bf455d5886d642875c302f7cf0362ca29cd2ab8dbc42e50cca9bd5855640b +MULTIPATH_TOOLS_SHA512: 75c84524ee27590b8b751ea500898a44e5ac3d58d55be6bcab919d0d423049db3a4466fcb9135705cf63ba074416973bb651255063269e9f682f11d21ba57e59 + +TIER: "contrib" diff --git a/storage/trident-iscsi-tools/README.md b/storage/trident-iscsi-tools/README.md new file mode 100644 index 00000000..2debc0c2 --- /dev/null +++ b/storage/trident-iscsi-tools/README.md @@ -0,0 +1,51 @@ +# trident-iscsi-tools + +This extension provides basic **Linux** tools like 'cat', 'ls', and other binaries on the host used by the **Trident CSI**, which are apparently not jet bundled in to Trident itself. + + +## What's Included + +* **lsscsi** +* **coreutils**: ls, cat, dd +* **procps**: free, pgrep +* **blockdev** + + +## Use Case + +To run [trident-operator](https://github.com/NetApp/trident) with iSCSI, you need to enable the **extensions**: +* `iscsi-tools` +* `multipath-tools` +* `util-linux` (for blkid) +* `trident-iscsi-tools` + +and **additionally** the **kernel** modules: +```yaml +kernel: + modules: + - name: scsi-transport-iscsi + - name: libiscsi_tcp + - name: iscsi_tcp + - name: scsi_transport_fc + - name: dm_multipath + - name: dm_round-robin +``` +To configure multipath accordingly you need to apply: +```yaml +apiVersion: v1alpha1 +kind: ExtensionServiceConfig +name: multipathd +configFiles: + - content: | + defaults { + user_friendly_names yes + find_multipaths no + path_selector "round-robin 0" + } + mountPath: /etc/multipath.conf +``` + +## References + +- [lsscsi man page](https://linux.die.net/man/8/lsscsi) +- [Related Trident issue](https://github.com/NetApp/trident/issues/806#issuecomment-2399332314) \ No newline at end of file diff --git a/storage/trident-iscsi-tools/manifest.yaml.tmpl b/storage/trident-iscsi-tools/manifest.yaml.tmpl new file mode 100644 index 00000000..0a3fb21e --- /dev/null +++ b/storage/trident-iscsi-tools/manifest.yaml.tmpl @@ -0,0 +1,10 @@ +version: v1alpha1 +metadata: + name: trident-iscsi-tools + version: "{{ .VERSION }}" + author: Institute for Networks and Security (INS) at OST + description: | + [{{ .TIER }}] This system extension provides the tools and binaries used by the NetApp Trident CSI for iSCSI. It contains lsscsi, ls, free, pgrep, cat and dd. + compatibility: + talos: + version: ">= v1.9.0" diff --git a/storage/trident-iscsi-tools/pkg.yaml b/storage/trident-iscsi-tools/pkg.yaml new file mode 100644 index 00000000..25678924 --- /dev/null +++ b/storage/trident-iscsi-tools/pkg.yaml @@ -0,0 +1,46 @@ +name: trident-iscsi-tools +variant: scratch +shell: /bin/bash +dependencies: + - stage: base +steps: + - sources: + - url: "https://sg.danny.cz/scsi/lsscsi-{{ .LSSCSI_VERSION }}.tar.gz" + destination: lsscsi.tar.gz + sha256: {{ .LSSCSI_SHA256 }} + sha512: {{ .LSSCSI_SHA512 }} + prepare: + - | + sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml + - | + tar -xzf lsscsi.tar.gz --strip-components=1 + build: + - | + ./configure --prefix=/usr/local --exec-prefix=/usr/local + # make -j $(nproc) DESTDIR=/rootfs + install: + - | + make DESTDIR=/rootfs install + # Remove man pages and info pages to save space + - | + rm -rf /rootfs/usr/local/share + - | + mkdir -p /rootfs/usr/local/bin + mkdir -p /rootfs/usr/local/sbin + cp /usr/bin/ls /rootfs/usr/local/bin + cp /usr/bin/free /rootfs/usr/local/bin + cp /usr/bin/pgrep /rootfs/usr/local/bin + cp /usr/bin/cat /rootfs/usr/local/bin + cp /usr/bin/dd /rootfs/usr/local/bin + cp /usr/sbin/blockdev /rootfs/usr/local/sbin + test: + - | + mkdir -p /extensions-validator-rootfs + cp -r /rootfs/ /extensions-validator-rootfs/rootfs + cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml + /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" +finalize: + - from: /rootfs + to: /rootfs + - from: /pkg/manifest.yaml + to: / diff --git a/storage/trident-iscsi-tools/vars.yaml b/storage/trident-iscsi-tools/vars.yaml new file mode 100644 index 00000000..70571db6 --- /dev/null +++ b/storage/trident-iscsi-tools/vars.yaml @@ -0,0 +1,8 @@ +VERSION: v0.0.1 + +# renovate: datasource=github-tags extractVersion=^r(?.*)$ depName=doug-gilbert/lsscsi +LSSCSI_VERSION: 0.32 +LSSCSI_SHA256: 0a800e9e94dca2ab702d65d72777ae8cae078e3d74d0bcbed64ba0849e8029a1 +LSSCSI_SHA512: 96cb87be53eae9fa3a7defa0065f4dee8ccc23805a9ed1dc93d101c5e0610b78765b61449bf6ce58c13de8aae8400e4ac6a60ad64f840d092b9d7293106c5145 + +TIER: "contrib" diff --git a/tools/util-linux/pkg.yaml b/tools/util-linux/pkg.yaml index 0a66ad56..4041c1b5 100644 --- a/tools/util-linux/pkg.yaml +++ b/tools/util-linux/pkg.yaml @@ -26,6 +26,7 @@ steps: --disable-all-programs \ --enable-libmount \ --enable-libblkid \ + --enable-blkid \ --enable-nsenter \ --enable-fstrim \ build: