feat: implement device selector for 'physical'

Closes #8090

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>

hack/release.toml

@@ -25,6 +25,12 @@ runc: 1.1.11
 Flannel: 0.24.1
 
 Talos is built with Go 1.21.6.
+"""
+
+    [notes.device_selectors]
+        title = "Device Selectors"
+        description = """\
+Talos Linux now supports `physical: true` qualifier for device selectors, it selects non-virtual network interfaces (i.e. `en0` is selected, while `bond0` is not).
 """
 
 [make_deps]

internal/app/machined/pkg/controllers/network/device_config.go

@@ -210,7 +210,7 @@ func (ctrl *DeviceConfigController) selectDevices(selector talosconfig.NetworkDe
 	for iter := links.Iterator(); iter.Next(); {
 		linkStatus := iter.Value().TypedSpec()
 
-		match := false
+		var match optional.Optional[bool]
 
 		for _, pair := range [][]string{
 			{selector.HardwareAddress(), linkStatus.HardwareAddr.String()},
@@ -223,15 +223,19 @@ func (ctrl *DeviceConfigController) selectDevices(selector talosconfig.NetworkDe
 			}
 
 			if !glob.Glob(pair[0], pair[1]) {
-				match = false
+				match = optional.Some(false)
 
 				break
 			}
 
-			match = true
+			match = optional.Some(true)
 		}
 
-		if match {
+		if selector.Physical() != nil && match.ValueOr(true) {
+			match = optional.Some(*selector.Physical() == linkStatus.Physical())
+		}
+
+		if match.ValueOrZero() {
 			result = append(result, iter.Value())
 		}
 	}

internal/app/machined/pkg/controllers/network/device_config_test.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/cosi-project/runtime/pkg/resource/rtestutils"
 	"github.com/siderolabs/gen/maps"
+	"github.com/siderolabs/go-pointer"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 
@@ -108,6 +109,13 @@ func (suite *DeviceConfigSpecSuite) TestSelectors() {
 						},
 						DeviceAddresses: []string{"192.168.5.0/24"},
 					},
+					// device selector which matches physical interfaces
+					{
+						DeviceSelector: &v1alpha1.NetworkDeviceSelector{
+							NetworkDevicePhysical: pointer.To(true),
+						},
+						DeviceAddresses: []string{"192.168.6.0/24"},
+					},
 				},
 			},
 		},
@@ -119,6 +127,7 @@ func (suite *DeviceConfigSpecSuite) TestSelectors() {
 	status := network.NewLinkStatus(network.NamespaceName, "eth0")
 	status.TypedSpec().Driver = kernelDriver
 	status.TypedSpec().BusPath = "0000:01:00.0"
+	status.TypedSpec().Type = nethelpers.LinkEther // physical
 	suite.Require().NoError(suite.State().Create(suite.Ctx(), status))
 
 	status = network.NewLinkStatus(network.NamespaceName, "eth1")
@@ -143,6 +152,12 @@ func (suite *DeviceConfigSpecSuite) TestSelectors() {
 			assert.Equal([]string{"192.168.5.0/24"}, r.TypedSpec().Device.Addresses())
 		},
 	)
+
+	rtestutils.AssertResources(suite.Ctx(), suite.T(), suite.State(), []string{"eth0/004"},
+		func(r *network.DeviceConfigSpec, assert *assert.Assertions) {
+			assert.Equal([]string{"192.168.6.0/24"}, r.TypedSpec().Device.Addresses())
+		},
+	)
 }
 
 func (suite *DeviceConfigSpecSuite) TestBondSelectors() {

pkg/machinery/config/config/machine.go

@@ -291,6 +291,7 @@ type NetworkDeviceSelector interface {
 	HardwareAddress() string
 	PCIID() string
 	KernelDriver() string
+	Physical() *bool
 }
 
 // Time defines the requirements for a config that pertains to time related

pkg/machinery/config/types/v1alpha1/v1alpha1_provider.go

@@ -838,6 +838,11 @@ func (s *NetworkDeviceSelector) KernelDriver() string {
 	return s.NetworkDeviceKernelDriver
 }
 
+// Physical implements config.NetworkDeviceSelector interface.
+func (s *NetworkDeviceSelector) Physical() *bool {
+	return s.NetworkDevicePhysical
+}
+
 // Network implements the MachineNetwork interface.
 func (r *Route) Network() string {
 	return r.RouteNetwork

pkg/machinery/config/types/v1alpha1/v1alpha1_types.go

@@ -2289,6 +2289,8 @@ type NetworkDeviceSelector struct {
 	NetworkDevicePCIID string `yaml:"pciID,omitempty"`
 	// description: Kernel driver, supports matching by wildcard.
 	NetworkDeviceKernelDriver string `yaml:"driver,omitempty"`
+	// description: Select only physical devices.
+	NetworkDevicePhysical *bool `yaml:"physical,omitempty"`
 }
 
 // ClusterDiscoveryConfig struct configures cluster membership discovery.

website/content/v1.7/reference/configuration/v1alpha1/config.md

@@ -1175,6 +1175,7 @@ machine:
 |`hardwareAddr` |string |Device hardware address, supports matching by wildcard.  | |
 |`pciID` |string |PCI ID (vendor ID, product ID), supports matching by wildcard.  | |
 |`driver` |string |Kernel driver, supports matching by wildcard.  | |
+|`physical` |bool |Select only physical devices.  | |
 
 
 
@@ -1322,6 +1323,7 @@ machine:
 |`hardwareAddr` |string |Device hardware address, supports matching by wildcard.  | |
 |`pciID` |string |PCI ID (vendor ID, product ID), supports matching by wildcard.  | |
 |`driver` |string |Kernel driver, supports matching by wildcard.  | |
+|`physical` |bool |Select only physical devices.  | |
 
 
 

website/content/v1.7/talos-guides/network/device-selector.md

@@ -39,6 +39,16 @@ spec:
   pciID: 1969:E0B1
 ```
 
+The following qualifiers are available:
+
+- `driver` - matches a device by its driver name
+- `hardwareAddr` - matches a device by its hardware address
+- `busPath` - matches a device by its PCI bus path
+- `pciID` - matches a device by its PCI vendor and device ID
+- `physical` - matches only physical devices (vs. virtual devices, e.g. bonds and VLANs)
+
+All qualifiers except for `physical` support wildcard matching using `*` character.
+
 ## Using Device Selector for Bonding
 
 Device selectors can be used to configure bonded interfaces:

website/content/v1.7/talos-guides/network/vip.md

@@ -95,7 +95,7 @@ machine:
   network:
     interfaces:
       - deviceSelector:
-          busPath: "0*" # should select any hardware network device, if you have just one, it will be selected
+          physical: true # should select any hardware network device, if you have just one, it will be selected
       dhcp: true
       vip:
         ip: 192.168.0.15