feat: introduce LLDPD extension service

LLDPD service is depending on configuration to not start LLDPD before the user have ensured a LLDPD configuration they want to use is in place Signed-off-by: Niklas Wik <niklas.wik@nokia.com> Signed-off-by: Noel Georgi <git@frezbo.dev>
2026-05-05 12:16:46 +02:00 · 2024-10-09 15:46:03 +03:00 · 2024-10-09 15:46:03 +03:00 · 8a7635b2c9
commit 8a7635b2c9
parent 6a184b8acc
16 changed files with 198 additions and 9 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-08-29T14:13:04Z by kres b5ca957.
+# Generated on 2024-10-15T11:50:44Z by kres 34e72ac.

 name: default
 concurrency:
@ -33,7 +33,7 @@ jobs:
      labels: ${{ steps.retrieve-pr-labels.outputs.result }}
    services:
      buildkitd:
-        image: moby/buildkit:v0.15.2
+        image: moby/buildkit:v0.16.0
        options: --privileged
        ports:
          - 1234:1234
@ -143,7 +143,7 @@ jobs:
      - default
    services:
      buildkitd:
-        image: moby/buildkit:v0.15.2
+        image: moby/buildkit:v0.16.0
        options: --privileged
        ports:
          - 1234:1234
--- a/.github/workflows/weekly.yaml
+++ b/.github/workflows/weekly.yaml
@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-08-29T14:13:04Z by kres b5ca957.
+# Generated on 2024-10-15T11:50:44Z by kres 34e72ac.

 name: weekly
 concurrency:
@ -16,7 +16,7 @@ jobs:
      - pkgs
    services:
      buildkitd:
-        image: moby/buildkit:v0.15.2
+        image: moby/buildkit:v0.16.0
        options: --privileged
        ports:
          - 1234:1234
--- a/.kres.yaml
+++ b/.kres.yaml
@ -22,6 +22,7 @@ spec:
    - intel-ucode
    - iscsi-tools
    - kata-containers
+    - lldpd
    - mdadm
    - mei
    - nut-client
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@ -30,6 +30,7 @@ If the field is marked as `Needs Maintainer`, it means that the package is curre
 | intel-ucode                               | Sidero Labs         | NA                                                                   |
 | iscsi-tools                               | Sidero Labs         | NA                                                                   |
 | kata-containers                           | Fabiano Fidêncio    | [fidencio](https://github.com/fidencio)                              |
+| lldpd                                     | Nokia (Niklas Wik)  | [salkin](https://github.com/salkin)                                  |
 | mdadm                                     | Serge Logvinov      | [sergelogvinov](https://github.com/sergelogvinov)                    |
 | mei                                       | Nick Meyer          | [e3b0c442](https://github.com/e3b0c442)                              |
 | nut-client                                | Sidero Labs         | NA                                                                   |
--- a/1
+++ b/1
@ -73,6 +73,7 @@ TARGETS += intel-ice-firmware
 TARGETS += intel-ucode
 TARGETS += iscsi-tools
 TARGETS += kata-containers
+TARGETS += lldpd
 TARGETS += mdadm
 TARGETS += mei
 TARGETS += nut-client
--- a/README.md
+++ b/README.md
@ -73,7 +73,7 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi
 | [mei](drivers/mei/)                  | [ghcr.io/siderolabs/mei](https://github.com/siderolabs/extensions/pkgs/container/mei)                                                       | Driver for Intel Management Engine   | `talos version`                                       |
 | [nvidia](nvidia-gpu/nvidia-modules/) | [ghcr.io/siderolabs/nvidia-open-gpu-kernel-modules](https://github.com/siderolabs/extensions/pkgs/container/nvidia-open-gpu-kernel-modules) | NVIDIA OSS Driver                    | `nvidia driver upstream version`-`talos version`      |
 | [thunderbolt](drivers/thunderbolt/)  | [ghcr.io/siderolabs/thunderbolt](https://github.com/siderolabs/extensions/pkgs/container/thunderbolt)                                       | Thunderbolt drivers                  | `talos version`                                       |
-| [uinput](drivers/uinput/)  | [ghcr.io/siderolabs/uinput](https://github.com/siderolabs/extensions/pkgs/container/uinput)                                       | uinput drivers                  | `talos version`                                       |
+| [uinput](drivers/uinput/)            | [ghcr.io/siderolabs/uinput](https://github.com/siderolabs/extensions/pkgs/container/uinput)                                                 | uinput drivers                       | `talos version`                                       |
 | [usb-modem](drivers/usb-modem/)      | [ghcr.io/siderolabs/usb-modem-drivers](https://github.com/siderolabs/extensions/pkgs/container/usb-modem-drivers)                           | USB Modem drivers                    | `talos version`                                       |
 | [v4l-uvc](drivers/v4l-uvc/)          | [ghcr.io/siderolabs/v4l-uvc-drivers](https://github.com/siderolabs/extensions/pkgs/container/v4l-uvc-drivers)                               | USB Video Class (Webcam) drivers     | `talos version`                                       |

@ -85,9 +85,10 @@ cosign verify --certificate-identity-regexp '@siderolabs\.com$' --certificate-oi

 ### Network

-| Name                            | Image                                                                                             | Description                        | Version Format     |
-| ------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------- | ------------------ |
-| [tailscale](network/tailscale/) | [ghcr.io/siderolabs/tailscale](https://github.com/siderolabs/extensions/pkgs/container/tailscale) | [Tailscale](https://tailscale.com) | `upstream version` |
+| Name                            | Image                                                                                             | Description                            | Version Format     |
+| ------------------------------- | ------------------------------------------------------------------------------------------------- | -------------------------------------- | ------------------ |
+| [tailscale](network/tailscale/) | [ghcr.io/siderolabs/tailscale](https://github.com/siderolabs/extensions/pkgs/container/tailscale) | [Tailscale](https://tailscale.com)     | `upstream version` |
+| [lldpd](network/lldpd/)         | [ghcr.io/siderolabs/lldpd](https://github.com/siderolabs/extensions/pkgs/container/lldpd)         | [LLDP](https://github.com/lldpd/lldpd) | `upstream version` |

 ### Storage

--- a/hack/release.toml
+++ b/hack/release.toml
@ -15,5 +15,10 @@ See [Talos Linux documentation](https://www.talos.dev/v1.9/talos-guides/configur
 """

 [notes]
+    [notes.lldpd]
+        title = "LLDP"
+        description = """
+lldpd is now available as a system extension.
+"""

 [make_deps]
--- a/network/lldpd/README.md
+++ b/network/lldpd/README.md
@ -0,0 +1,39 @@
+# LLDPD
+
+Adds https://lldpd.github.io/ as system extensions.
+This means a lldpd server is started that sends/receives LLDP messages.
+
+## Installation
+
+See [Installing Extensions](https://github.com/siderolabs/extensions#installing-extensions).
+
+## Usage
+
+Configure the extension via `ExtensionServiceConfig` document. You can add any lldpd related configuration and these will be executed at the LLDPD server startup.
+
+```yaml
+---
+apiVersion: v1alpha1
+kind: ExtensionServiceConfig
+name: lldpd
+configFiles:
+  - content: |
+      configure lldpd portidsubtype ifname
+      unconfigure lldp management-addresses-advertisements
+      unconfigure lldp capabilities-advertisements
+      configure system description "Talos Node"
+    mountPath: /usr/local/etc/lldpd/lldpd.conf
+```
+
+Then apply the patch to your node's MachineConfigs
+```bash
+talosctl patch mc -p @lldpd-config.yaml
+```
+
+You will then be able to verify that it is in place with the following command
+```bash
+talosctl get extensionserviceconfigs
+
+NODE          NAMESPACE   TYPE                     ID           VERSION
+mynode   runtime     ExtensionServiceConfig   lldpd           1
+```
--- a/network/lldpd/files/group
+++ b/network/lldpd/files/group
@ -0,0 +1 @@
+root:x:0:
--- a/network/lldpd/files/passwd
+++ b/network/lldpd/files/passwd
@ -0,0 +1 @@
+root:x:0:0:root:/:/sbin/false
--- a/network/lldpd/lldpd.yaml
+++ b/network/lldpd/lldpd.yaml
@ -0,0 +1,52 @@
+# © 2024 Nokia
+# Licensed under the Mozilla Public License 2.0
+# SPDX-License-Identifier: MPL-2.0
+name: lldpd
+depends:
+  - service: cri
+  - network:
+    - addresses
+    - connectivity
+    - etcfiles
+  - configuration: true
+container:
+  args:
+    - -d
+    - -u
+    - /var/run/lldpd/lldpd.socket
+    - -I
+    - eth*,enp*,ens*,eno*
+  entrypoint: /usr/local/sbin/lldpd
+  mounts:
+    # release file
+    - source: /etc/os-release
+      destination: /etc/os-release
+      type: bind
+      options:
+        - bind
+        - ro
+    # libs
+    - source: /lib
+      destination: /lib
+      type: bind
+      options:
+        - bind
+        - ro
+    # more libs
+    - source: /usr/lib
+      destination: /usr/lib
+      type: bind
+      options:
+        - bind
+        - ro
+    # lldpd socket
+    - source: /var/run/lldpd
+      destination: /var/run/lldpd
+      type: bind
+      options:
+      - bind
+      - rw
+  security:
+    writeableRootfs: false
+    writeableSysfs: true
+restart: always
--- a/network/lldpd/manifest.yaml
+++ b/network/lldpd/manifest.yaml
@ -0,0 +1,13 @@
+# © 2024 Nokia
+# Licensed under the Mozilla Public License 2.0
+# SPDX-License-Identifier: MPL-2.0
+version: v1alpha1
+metadata:
+  name: lldpd
+  version: "$VERSION"
+  author: Niklas Wik
+  description: |
+    LLDP adds a LLDP discovery service to Talos. LLDP cli can be used to interface with the daemon.
+  compatibility:
+    talos:
+      version: ">= v1.7.0"
--- a/network/lldpd/pkg.yaml
+++ b/network/lldpd/pkg.yaml
@ -0,0 +1,67 @@
+# © 2024 Nokia
+# Licensed under the Mozilla Public License 2.0
+# SPDX-License-Identifier: MPL-2.0
+name: lldpd
+variant: scratch
+shell: /toolchain/bin/bash
+dependencies:
+    - stage: base
+steps:
+  - sources:
+      - url: https://github.com/lldpd/lldpd/releases/download/{{ .LLDPD_VERSION }}/lldpd-{{ .LLDPD_VERSION }}.tar.gz
+        destination: lldpd.tar.gz
+        sha256: 38cd319aa02ab61d9a2ad130e22f906795ccca9ac73a0a0d9dac19ca99a8a870
+        sha512: c8734221767cd879c98ea3ee6fa80e1dce2f8470a97b0f757cfe7ef8fe2adaf878fdedcda896cf65e1af980634f2ab312588658fb85f89c6d5b6cc9d2da52045
+        # ref: https://git.alpinelinux.org/aports/tree/main/libc-dev
+        # https://wiki.musl-libc.org/faq.html#Q:-Why-is-%3Ccode%3Esys/queue.h%3C/code%3E-not-included
+      - url: https://git.alpinelinux.org/aports/plain/main/libc-dev/sys-queue.h?id=87f42de0e1c1c6d2b229edfc126a3d4191c835ed
+        sha256: c13407edd0e33be73cae72514cb234f8612e1c0e54401c9448daffd3a240158b
+        sha512: 2f0d5e6e4dc3350285cf17009265dddcbe12431c111868eea39bc8cb038ab7c1f2acacbb21735c4e9d4a1fd106a8fc0f8611ea33987d4faba37dde5ce6da0750
+        destination: sys-queue.h
+    env:
+      SOURCE_DATE_EPOCH: {{ .BUILD_ARG_SOURCE_DATE_EPOCH }}
+    prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+      - |
+        tar -xf lldpd.tar.gz --strip-components=1
+
+        mkdir -p /usr/local/include/sys
+        cp sys-queue.h /usr/local/include/sys/queue.h
+      - |
+        ln -sf /toolchain/bin/env /usr/bin/env
+
+        export CFLAGS="${CFLAGS} -I/usr/local/include"
+
+        ./configure \
+                --prefix=/usr/local \
+                --libexecdir=/usr/local/lib/lldpd \
+                --datadir=/usr/local/share/lldpd \
+                --sysconfdir=/usr/local/etc/lldpd \
+                --enable-hardening \
+                --with-privsep-user=root \
+                --with-privsep-group=root \
+                --with-privsep-chroot=/opt/lldpd
+    build:
+      - |
+        make -j $(nproc) all
+    install:
+      - |
+        mkdir -p /rootfs/usr/local/{etc/containers,lib/containers/lldpd/{etc,opt/lldpd}}
+
+        cp /pkg/lldpd.yaml /rootfs/usr/local/etc/containers/lldpd.yaml
+
+        cp /pkg/files/* /rootfs/usr/local/lib/containers/lldpd/etc
+
+        make DESTDIR=/rootfs/usr/local/lib/containers/lldpd install-exec
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /
--- a/network/lldpd/vars.yaml
+++ b/network/lldpd/vars.yaml
@ -0,0 +1,4 @@
+# © 2024 Nokia
+# Licensed under the Mozilla Public License 2.0
+# SPDX-License-Identifier: MPL-2.0
+VERSION: "{{ .LLDPD_VERSION }}"
--- a/network/vars.yaml
+++ b/network/vars.yaml
@ -1,2 +1,4 @@
 # renovate: datasource=github-releases extractVersion=^v(?<version>.*)$ depName=tailscale/tailscale
 TAILSCALE_VERSION: 1.72.1
+# renovate: datasource=github-releases depName=lldpd/lldpd
+LLDPD_VERSION: 1.0.18
--- a/reproducibility/pkg.yaml
+++ b/reproducibility/pkg.yaml
@ -35,6 +35,7 @@ dependencies:
  - stage: iscsi-tools
  # kata-containers can be ignored from reproducibility test since it's a tarball downloaded and extracted (no build happens)
  # - stage: kata-containers
+  - stage: lldpd
  - stage: mdadm
  # mei can be ignored from reproducibility test since it's kernel modules copied from pkgs
  # - stage: mei