Multipath tools

.kres.yaml

@@ -33,6 +33,7 @@ spec:
     - mdadm
     - mei
     - metal-agent
+    - multipath-tools
     - nebula
     - netbird
     - newt
@@ -58,6 +59,7 @@ spec:
     - tailscale
     - tenstorrent
     - thunderbolt
+    - trident-iscsi-tools
     - uinput
     - usb-modem-drivers
     - usb-audio-drivers

Makefile

@@ -90,6 +90,7 @@ TARGETS += lldpd
 TARGETS += mdadm
 TARGETS += mei
 TARGETS += metal-agent
+TARGETS += multipath-tools
 TARGETS += nebula
 TARGETS += netbird
 TARGETS += newt
@@ -115,6 +116,7 @@ TARGETS += stargz-snapshotter
 TARGETS += tailscale
 TARGETS += tenstorrent
 TARGETS += thunderbolt
+TARGETS += trident-iscsi-tools
 TARGETS += uinput
 TARGETS += usb-modem-drivers
 TARGETS += usb-audio-drivers
@@ -293,4 +295,3 @@ release-notes: $(ARTIFACTS)
 conformance:
 	@docker pull $(CONFORMANCE_IMAGE)
 	@docker run --rm -it -v $(PWD):/src -w /src $(CONFORMANCE_IMAGE) enforce
-

storage/multipath-tools/README.md

@@ -0,0 +1,44 @@
+# multipath-tools
+
+This extension provides the `multipathd` daemon on the host for handling device-mapper multipathing.
+It enables consistent, fault-tolerant access to storage devices that expose multiple I/O paths.
+
+## What's Included
+
+* **multipathd**: Multipath daemon
+* **multipath**: Device mapper target autoconfig
+* **multipathc**: Interactive client for multipathd
+* **mpathpersist**: Manages SCSI persistent reservations on dm multipath devices
+* **kpartx**: Create device maps from partition tables.
+
+## Use Case
+
+To run this daemon you need the following **kernel** modules:
+```yaml
+kernel:
+    modules:
+      - name: dm_multipath
+      - name: dm_round-robin # or dm-queue-length
+```
+To configure multipath accordingly you need to apply something like:
+```yaml
+apiVersion: v1alpha1
+kind: ExtensionServiceConfig
+name: multipathd
+configFiles:
+    - content: |
+        defaults {
+            user_friendly_names yes
+            find_multipaths no
+            path_selector "round-robin 0"
+        }
+      mountPath: /etc/multipath.conf
+```
+You probably need to use `round-robin` or `queue-length` (if that is supported by your use case) as the default `service-time` is not supported, since `dm-service-time` kernel module is not jet in talos build at the moment.
+
+
+## References
+
+- [multipath man page](https://linux.die.net/man/8/multipath)
+- [multipathd man page](https://linux.die.net/man/8/multipathd)
+- [Related Kernel module issue](https://github.com/siderolabs/talos/issues/9515)

storage/multipath-tools/manifest.yaml.tmpl

@@ -0,0 +1,10 @@
+version: v1alpha1
+metadata:
+  name: multipath-tools
+  version: "{{ .VERSION }}"
+  author: Institute for Networks and Security (INS) at OST
+  description: |
+    [{{ .TIER }}] This system extension provides multipath-tools.
+  compatibility:
+    talos:
+      version: ">= v1.9.0"

storage/multipath-tools/multipathd.yaml

@@ -0,0 +1,55 @@
+name: multipathd
+container:
+  security:
+    maskedPaths: []
+    readonlyPaths: []
+    writeableRootfs: true
+  entrypoint: /usr/local/sbin/multipathd
+  args:
+    - -d
+    - -s
+  mounts:
+    # ld-musl-x86_64.so.1
+    - source: /lib
+      destination: /lib
+      type: bind
+      options:
+        - bind
+        - ro
+    # libs
+    - source: /usr/local/lib/
+      destination: /usr/local/lib/
+      type: bind
+      options:
+        - bind
+        - ro
+    - source: /usr/local/sbin
+      destination: /usr/local/sbin
+      type: bind
+      options:
+        - bind
+        - ro
+    # /dev/mapper and multipath disk
+    - source: /dev
+      destination: /dev
+      type: bind
+      options:
+        - bind
+        - rw
+    - source: /sys
+      destination: /sys
+      type: bind
+      options:
+        - bind
+        - rw
+depends:
+  - network:
+      - addresses
+      - connectivity
+      - hostname
+      - etcfiles
+  - service: udevd
+  - path: /dev/mapper/control
+  - service: cri
+  # - configuration: true
+restart: always

storage/multipath-tools/pkg.yaml

@@ -0,0 +1,68 @@
+name: multipath-tools
+variant: scratch
+shell: /bin/bash
+dependencies:
+  - stage: base
+  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/systemd-udevd:{{ .BUILD_ARG_PKGS }}"
+  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/libjson-c:{{ .BUILD_ARG_PKGS }}"
+  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/lvm2:{{ .BUILD_ARG_PKGS }}"
+  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/liburcu:{{ .BUILD_ARG_PKGS }}"
+  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/libaio:{{ .BUILD_ARG_PKGS }}"
+steps:
+  - sources:
+      - url: https://github.com/opensvc/multipath-tools/archive/refs/tags/{{ .MULTIPATH_TOOLS_VERSION }}.tar.gz
+        destination: multipath-tools.tar.gz
+        sha256: {{ .MULTIPATH_TOOLS_SHA256 }}
+        sha512: {{ .MULTIPATH_TOOLS_SHA512 }}
+    env:
+      PKG_CONFIG_PATH: /usr/lib/pkgconfig
+    prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+      - |
+        tar -xzf multipath-tools.tar.gz --strip-components=1
+    build:
+      - |
+        make -j $(nproc) prefix="/usr/local" \
+          sysconfdir="/etc" \
+          configdir="/etc/multipath/conf.d" \
+          mandir="/usr/share/man" \
+          infodir="/usr/share/info" \
+          statedir="/etc/multipath" \
+          etc_prefix="" \
+          LIB=lib \
+          SYSTEMD=""
+    install:
+      - |
+        mkdir -p /rootfs/usr/local/lib/containers/multipathd/usr/lib/
+        cp /usr/lib/libgcc_s.so.1 /rootfs/usr/local/lib/containers/multipathd/usr/lib/
+        make prefix="/usr/local" DESTDIR=/rootfs LIB=lib install
+      - |
+        mkdir -p /rootfs/usr/local/etc/containers
+        cp /pkg/multipathd.yaml /rootfs/usr/local/etc/containers/
+      # Remove kernel module loading config
+      - |
+        rm /rootfs/usr/lib/modules-load.d/multipath.conf
+        rmdir /rootfs/usr/lib/modules-load.d
+      # Remove unnecessary docs and includes
+      - |
+        rm -rf /rootfs/usr/local/share
+        rm -rf /rootfs/usr/local/include
+      # This file tries to create a tmpfs mount at `/var/run/multipath`.
+      - |
+        rm /rootfs/usr/lib/tmpfiles.d/multipath.conf
+        rmdir /rootfs/usr/lib/tmpfiles.d
+      # # Removed but might be needed by other users of multipath-tools
+      - |
+        rm /rootfs/usr/lib/udev/kpartx_id
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /

storage/multipath-tools/vars.yaml

@@ -0,0 +1,8 @@
+VERSION: v0.0.1
+
+# renovate: datasource=github-releases extractVersion=^multipath-tools (?<version>.*)$ depName=opensvc/multipath-tools
+MULTIPATH_TOOLS_VERSION: 0.13.0
+MULTIPATH_TOOLS_SHA256: f2e67a1d2167f3945afab6f0697207a03678f5b2bd80f1f45958c6fa1dfb8eef
+MULTIPATH_TOOLS_SHA512: 8f545609fa20df7547428f2929571dc0df87c17d9f61f11aad3559446c2e94755e18b1c4b3780b3de92ec2cbc450939ca15a9d6c95551eee4084064d83874b2d
+
+TIER: "contrib"

storage/trident-iscsi-tools/README.md

@@ -0,0 +1,51 @@
+# trident-iscsi-tools
+
+This extension provides basic **Linux** tools like 'cat', 'ls', and other binaries on the host used by the **Trident CSI**, which are apparently not jet bundled in to Trident itself.
+
+
+## What's Included
+
+* **lsscsi**
+* **coreutils**: ls, cat, dd
+* **procps**: free, pgrep
+* **blockdev**
+
+
+## Use Case
+
+To run [trident-operator](https://github.com/NetApp/trident) with iSCSI, you need to enable the **extensions**:
+* `iscsi-tools`
+* `multipath-tools`
+* `util-linux` (for blkid)
+* `trident-iscsi-tools`
+
+and **additionally** the **kernel** modules:
+```yaml
+kernel:
+    modules:
+      - name: scsi-transport-iscsi
+      - name: libiscsi_tcp
+      - name: iscsi_tcp
+      - name: scsi_transport_fc
+      - name: dm_multipath
+      - name: dm_round-robin
+```
+To configure multipath accordingly you need to apply:
+```yaml
+apiVersion: v1alpha1
+kind: ExtensionServiceConfig
+name: multipathd
+configFiles:
+    - content: |
+        defaults {
+            user_friendly_names yes
+            find_multipaths no
+            path_selector "round-robin 0"
+        }
+      mountPath: /etc/multipath.conf
+```
+
+## References
+
+- [lsscsi man page](https://linux.die.net/man/8/lsscsi)
+- [Related Trident issue](https://github.com/NetApp/trident/issues/806#issuecomment-2399332314)

storage/trident-iscsi-tools/manifest.yaml.tmpl

@@ -0,0 +1,10 @@
+version: v1alpha1
+metadata:
+  name: trident-iscsi-tools
+  version: "{{ .VERSION }}"
+  author: Institute for Networks and Security (INS) at OST
+  description: |
+    [{{ .TIER }}] This system extension provides the tools and binaries used by the NetApp Trident CSI for iSCSI. It contains lsscsi, ls, free, pgrep, cat and dd.
+  compatibility:
+    talos:
+      version: ">= v1.9.0"

storage/trident-iscsi-tools/pkg.yaml

@@ -0,0 +1,46 @@
+name: trident-iscsi-tools
+variant: scratch
+shell: /bin/bash
+dependencies:
+  - stage: base
+steps:
+  - sources:
+      - url: "https://sg.danny.cz/scsi/lsscsi-{{ .LSSCSI_VERSION }}.tar.gz"
+        destination: lsscsi.tar.gz
+        sha256: {{ .LSSCSI_SHA256 }}
+        sha512: {{ .LSSCSI_SHA512 }}
+    prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+      - |
+        tar -xzf lsscsi.tar.gz --strip-components=1
+    build:
+      - |
+        ./configure --prefix=/usr/local --exec-prefix=/usr/local
+        # make -j $(nproc) DESTDIR=/rootfs
+    install:
+      - |
+        make DESTDIR=/rootfs install
+      # Remove man pages and info pages to save space
+      - |
+        rm -rf /rootfs/usr/local/share
+      - |
+        mkdir -p /rootfs/usr/local/bin
+        mkdir -p /rootfs/usr/local/sbin
+        cp /usr/bin/ls /rootfs/usr/local/bin
+        cp /usr/bin/free /rootfs/usr/local/bin
+        cp /usr/bin/pgrep /rootfs/usr/local/bin
+        cp /usr/bin/cat /rootfs/usr/local/bin
+        cp /usr/bin/dd /rootfs/usr/local/bin
+        cp /usr/sbin/blockdev /rootfs/usr/local/sbin
+    test:
+      - |
+        mkdir -p /extensions-validator-rootfs
+        cp -r /rootfs/ /extensions-validator-rootfs/rootfs
+        cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
+        /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /

storage/trident-iscsi-tools/vars.yaml

@@ -0,0 +1,8 @@
+VERSION: v0.0.1
+
+# renovate: datasource=github-tags extractVersion=^r(?<version>.*)$ depName=doug-gilbert/lsscsi
+LSSCSI_VERSION: 0.32
+LSSCSI_SHA256: 0a800e9e94dca2ab702d65d72777ae8cae078e3d74d0bcbed64ba0849e8029a1
+LSSCSI_SHA512: 96cb87be53eae9fa3a7defa0065f4dee8ccc23805a9ed1dc93d101c5e0610b78765b61449bf6ce58c13de8aae8400e4ac6a60ad64f840d092b9d7293106c5145
+
+TIER: "contrib"

tools/util-linux/pkg.yaml

@@ -26,6 +26,7 @@ steps:
             --disable-all-programs \
             --enable-libmount \
             --enable-libblkid \
+            --enable-blkid \
             --enable-nsenter \
             --enable-fstrim \
     build: