feat: add full disk volumes

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>

Author: shanduur

hack/release.toml

@@ -151,6 +151,16 @@ When `volumeType = "directory"`:
 
 Note: this mode does not provide filesystem-level isolation and inherits the EPHEMERAL partition capacity limits.
 It should not be used for workloads requiring predictable storage quotas.
+"""
+
+    [notes.disk-user-volumes]
+        title = "New User Volume type - disk"
+        description = """\
+`volumeType` in UserVolumeConfig can be set to `disk`.
+When set to `disk`, a full block device is used for the volume.
+
+When `volumeType = "disk"`:
+- Size specific settings are not allowed in the provisioning block (`minSize`, `maxSize`, `grow`).
 """
 
 [make_deps]

internal/app/machined/pkg/controllers/block/user_volume_config.go

@@ -304,13 +304,16 @@ func (ctrl *UserVolumeConfigController) handleUserVolumeConfig(
 	volumeID string,
 ) error {
 	switch userVolumeConfig.Type().ValueOr(block.VolumeTypePartition) {
-	case block.VolumeTypePartition:
-		return ctrl.handlePartitionUserVolumeConfig(userVolumeConfig, v, volumeID)
-
 	case block.VolumeTypeDirectory:
 		return ctrl.handleDirectoryUserVolumeConfig(userVolumeConfig, v)
 
-	case block.VolumeTypeDisk, block.VolumeTypeTmpfs, block.VolumeTypeSymlink, block.VolumeTypeOverlay:
+	case block.VolumeTypeDisk:
+		return ctrl.handleDiskUserVolumeConfig(userVolumeConfig, v, volumeID)
+
+	case block.VolumeTypePartition:
+		return ctrl.handlePartitionUserVolumeConfig(userVolumeConfig, v, volumeID)
+
+	case block.VolumeTypeTmpfs, block.VolumeTypeSymlink, block.VolumeTypeOverlay:
 		fallthrough
 
 	default:
@@ -364,6 +367,49 @@ func (ctrl *UserVolumeConfigController) handlePartitionUserVolumeConfig(
 	return nil
 }
 
+func (ctrl *UserVolumeConfigController) handleDiskUserVolumeConfig(
+	userVolumeConfig configconfig.UserVolumeConfig,
+	v *block.VolumeConfig,
+	volumeID string,
+) error {
+	diskSelector, ok := userVolumeConfig.Provisioning().DiskSelector().Get()
+	if !ok {
+		// this shouldn't happen due to validation
+		return fmt.Errorf("disk selector not found for volume %q", volumeID)
+	}
+
+	v.TypedSpec().Type = block.VolumeTypeDisk
+	v.TypedSpec().Locator.Match = labelVolumeMatch(volumeID)
+	v.TypedSpec().Provisioning = block.ProvisioningSpec{
+		Wave: block.WaveUserVolumes,
+		DiskSelector: block.DiskSelector{
+			Match: diskSelector,
+		},
+		PartitionSpec: block.PartitionSpec{
+			Label:    volumeID,
+			TypeUUID: partition.LinuxFilesystemData,
+		},
+		FilesystemSpec: block.FilesystemSpec{
+			Type: userVolumeConfig.Filesystem().Type(),
+		},
+	}
+	v.TypedSpec().Mount = block.MountSpec{
+		TargetPath:          userVolumeConfig.Name(),
+		ParentID:            constants.UserVolumeMountPoint,
+		SelinuxLabel:        constants.EphemeralSelinuxLabel,
+		FileMode:            0o755,
+		UID:                 0,
+		GID:                 0,
+		ProjectQuotaSupport: userVolumeConfig.Filesystem().ProjectQuotaSupport(),
+	}
+
+	if err := convertEncryptionConfiguration(userVolumeConfig.Encryption(), v.TypedSpec()); err != nil {
+		return fmt.Errorf("error apply encryption configuration: %w", err)
+	}
+
+	return nil
+}
+
 func (ctrl *UserVolumeConfigController) handleDirectoryUserVolumeConfig(
 	userVolumeConfig configconfig.UserVolumeConfig,
 	v *block.VolumeConfig,

internal/app/machined/pkg/controllers/block/user_volume_config_test.go

@@ -40,18 +40,18 @@ func TestUserVolumeConfigSuite(t *testing.T) {
 }
 
 func (suite *UserVolumeConfigSuite) TestReconcileUserVolumesSwapVolumes() {
-	uv1 := blockcfg.NewUserVolumeConfigV1Alpha1()
-	uv1.MetaName = "data1"
-	suite.Require().NoError(uv1.ProvisioningSpec.DiskSelectorSpec.Match.UnmarshalText([]byte(`system_disk`)))
-	uv1.ProvisioningSpec.ProvisioningMinSize = blockcfg.MustByteSize("10GiB")
-	uv1.ProvisioningSpec.ProvisioningMaxSize = blockcfg.MustByteSize("100GiB")
-	uv1.FilesystemSpec.FilesystemType = block.FilesystemTypeXFS
-
-	uv2 := blockcfg.NewUserVolumeConfigV1Alpha1()
-	uv2.MetaName = "data2"
-	suite.Require().NoError(uv2.ProvisioningSpec.DiskSelectorSpec.Match.UnmarshalText([]byte(`!system_disk`)))
-	uv2.ProvisioningSpec.ProvisioningMaxSize = blockcfg.MustByteSize("1TiB")
-	uv2.EncryptionSpec = blockcfg.EncryptionSpec{
+	uvPart1 := blockcfg.NewUserVolumeConfigV1Alpha1()
+	uvPart1.MetaName = "data-part1"
+	suite.Require().NoError(uvPart1.ProvisioningSpec.DiskSelectorSpec.Match.UnmarshalText([]byte(`system_disk`)))
+	uvPart1.ProvisioningSpec.ProvisioningMinSize = blockcfg.MustByteSize("10GiB")
+	uvPart1.ProvisioningSpec.ProvisioningMaxSize = blockcfg.MustByteSize("100GiB")
+	uvPart1.FilesystemSpec.FilesystemType = block.FilesystemTypeXFS
+
+	uvPart2 := blockcfg.NewUserVolumeConfigV1Alpha1()
+	uvPart2.MetaName = "data-part2"
+	suite.Require().NoError(uvPart2.ProvisioningSpec.DiskSelectorSpec.Match.UnmarshalText([]byte(`!system_disk`)))
+	uvPart2.ProvisioningSpec.ProvisioningMaxSize = blockcfg.MustByteSize("1TiB")
+	uvPart2.EncryptionSpec = blockcfg.EncryptionSpec{
 		EncryptionProvider: block.EncryptionProviderLUKS2,
 		EncryptionKeys: []blockcfg.EncryptionKey{
 			{
@@ -65,25 +65,43 @@ func (suite *UserVolumeConfigSuite) TestReconcileUserVolumesSwapVolumes() {
 		},
 	}
 
-	uv3 := blockcfg.NewUserVolumeConfigV1Alpha1()
-	uv3.MetaName = "data3"
-	uv3.VolumeType = pointer.To(block.VolumeTypeDirectory)
+	uvDir1 := blockcfg.NewUserVolumeConfigV1Alpha1()
+	uvDir1.MetaName = "data-dir1"
+	uvDir1.VolumeType = pointer.To(block.VolumeTypeDirectory)
+
+	uvDisk1 := blockcfg.NewUserVolumeConfigV1Alpha1()
+	uvDisk1.MetaName = "data-disk1"
+	suite.Require().NoError(uvDisk1.ProvisioningSpec.DiskSelectorSpec.Match.UnmarshalText([]byte(`!system_disk`)))
+	uvDisk1.EncryptionSpec = blockcfg.EncryptionSpec{
+		EncryptionProvider: block.EncryptionProviderLUKS2,
+		EncryptionKeys: []blockcfg.EncryptionKey{
+			{
+				KeySlot: 0,
+				KeyTPM:  &blockcfg.EncryptionKeyTPM{},
+			},
+			{
+				KeySlot:   1,
+				KeyStatic: &blockcfg.EncryptionKeyStatic{KeyData: "secret"},
+			},
+		},
+	}
 
 	sv1 := blockcfg.NewSwapVolumeConfigV1Alpha1()
 	sv1.MetaName = "swap"
 	suite.Require().NoError(sv1.ProvisioningSpec.DiskSelectorSpec.Match.UnmarshalText([]byte(`disk.transport == "nvme"`)))
 	sv1.ProvisioningSpec.ProvisioningMaxSize = blockcfg.MustByteSize("2GiB")
 
-	ctr, err := container.New(uv1, uv2, uv3, sv1)
+	ctr, err := container.New(uvPart1, uvPart2, uvDir1, uvDisk1, sv1)
 	suite.Require().NoError(err)
 
 	cfg := config.NewMachineConfig(ctr)
 	suite.Create(cfg)
 
 	userVolumes := []string{
-		constants.UserVolumePrefix + "data1",
-		constants.UserVolumePrefix + "data2",
-		constants.UserVolumePrefix + "data3",
+		constants.UserVolumePrefix + "data-part1",
+		constants.UserVolumePrefix + "data-part2",
+		constants.UserVolumePrefix + "data-dir1",
+		constants.UserVolumePrefix + "data-disk1",
 	}
 
 	ctest.AssertResources(suite, userVolumes, func(vc *block.VolumeConfig, asrt *assert.Assertions) {
@@ -104,7 +122,7 @@ func (suite *UserVolumeConfigSuite) TestReconcileUserVolumesSwapVolumes() {
 			asrt.Equal(block.VolumeTypeDirectory, vc.TypedSpec().Type)
 		}
 
-		asrt.Contains([]string{"data1", "data2", "data3"}, vc.TypedSpec().Mount.TargetPath)
+		asrt.Contains(userVolumes, vc.TypedSpec().Mount.TargetPath)
 		asrt.Equal(constants.UserVolumeMountPoint, vc.TypedSpec().Mount.ParentID)
 
 		switch vc.Metadata().ID() {
@@ -143,8 +161,8 @@ func (suite *UserVolumeConfigSuite) TestReconcileUserVolumesSwapVolumes() {
 		suite.AddFinalizer(block.NewVolumeMountRequest(block.NamespaceName, volumeID).Metadata(), "test")
 	}
 
-	// drop the first volume
-	ctr, err = container.New(uv2)
+	// keep only the first volume
+	ctr, err = container.New(uvPart1)
 	suite.Require().NoError(err)
 
 	newCfg := config.NewMachineConfig(ctr)
@@ -153,32 +171,32 @@ func (suite *UserVolumeConfigSuite) TestReconcileUserVolumesSwapVolumes() {
 
 	// controller should tear down removed resources
 	ctest.AssertResources(suite, userVolumes, func(vc *block.VolumeConfig, asrt *assert.Assertions) {
-		if vc.Metadata().ID() == userVolumes[1] {
+		if vc.Metadata().ID() == userVolumes[0] {
 			asrt.Equal(resource.PhaseRunning, vc.Metadata().Phase())
 		} else {
 			asrt.Equal(resource.PhaseTearingDown, vc.Metadata().Phase())
 		}
 	})
 
 	ctest.AssertResources(suite, userVolumes, func(vmr *block.VolumeMountRequest, asrt *assert.Assertions) {
-		if vmr.Metadata().ID() == userVolumes[1] {
+		if vmr.Metadata().ID() == userVolumes[0] {
 			asrt.Equal(resource.PhaseRunning, vmr.Metadata().Phase())
 		} else {
 			asrt.Equal(resource.PhaseTearingDown, vmr.Metadata().Phase())
 		}
 	})
 
 	// remove finalizers
-	suite.RemoveFinalizer(block.NewVolumeConfig(block.NamespaceName, userVolumes[0]).Metadata(), "test")
-	suite.RemoveFinalizer(block.NewVolumeMountRequest(block.NamespaceName, userVolumes[0]).Metadata(), "test")
-	suite.RemoveFinalizer(block.NewVolumeConfig(block.NamespaceName, userVolumes[2]).Metadata(), "test")
-	suite.RemoveFinalizer(block.NewVolumeMountRequest(block.NamespaceName, userVolumes[2]).Metadata(), "test")
+	for _, userVolume := range userVolumes[1:] {
+		suite.RemoveFinalizer(block.NewVolumeConfig(block.NamespaceName, userVolume).Metadata(), "test")
+		suite.RemoveFinalizer(block.NewVolumeMountRequest(block.NamespaceName, userVolume).Metadata(), "test")
+	}
 
 	// now the resources should be removed
-	ctest.AssertNoResource[*block.VolumeConfig](suite, userVolumes[0])
-	ctest.AssertNoResource[*block.VolumeMountRequest](suite, userVolumes[0])
-	ctest.AssertNoResource[*block.VolumeConfig](suite, userVolumes[2])
-	ctest.AssertNoResource[*block.VolumeMountRequest](suite, userVolumes[2])
+	for _, userVolume := range userVolumes[1:] {
+		ctest.AssertNoResource[*block.VolumeConfig](suite, userVolume)
+		ctest.AssertNoResource[*block.VolumeMountRequest](suite, userVolume)
+	}
 }
 
 func (suite *UserVolumeConfigSuite) TestReconcileRawVolumes() {