IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This adds `CAP_DAC_READ_SEARCH`, `CAP_DAC_OVERRIDE`, and `CAP_SYSLOG`
capabilities to osd. This fixes the ability to read dmesg and kubeconfig.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
Since bootkube should only be ran once, we need a way to determine if it
has already been ran. This makes use of etcd to store a key-value pair
indicating that the cluster has been initialized.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
- adjust ul margin to keep the bullets inside the content area
- fix a few docs page responsiveness problems on small screens
- adjust the layout of the logo relative to the docs sidebar
- clean up some vestigial CSS classes
Signed-off-by: Tim Gerla <tim@gerla.net>
The v0.2 docs are inaccurate, and in general just bad. Since we made so
many breaking changes in v0.3 I think its better we just hit the reset
button and stick to v0.3 going forward.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This sets the list-style-position to inside by default, and overrides
the landing page to use outside. This way we only need to maintain the
CSS for the landing page and not all the other potential places we would
want inside in the future.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds a "Troubleshooting" section to the documention along with a
guide on generating a certificate. This covers the scenario when a
user's certificate has expired.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds a note on the usage of random.trust_cpu to get around slow
boot times due to low entropy.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This replaces ECDSA with Ed25519. Ed25519 is considered to be safer and
more trustworthy than ECDSA NIST curves.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This removes the default privileged mode that all containers were
started with and adds the required capabilities on a per-service basis.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
- tweak whitespace between sections
- fix the top menu for small screens
- fix the terminal overlapping on small screens
- tweak wording on a few of the bullet points
- clean up the display of the "certified" logo on small screens
- clean up the "features" grid on medium/large screens
Signed-off-by: Tim Gerla <tim@gerla.net>
This PR introduces APId. This service replaces the frontend functionality
previously provided by OSD. The main driver for this is two fold:
1. Create a single purpose application to expose the talos api
2. Make use of code generation to DRY api changes
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This PR fixes a bug on mac with the localhost not making it into cert
sans when doing `osctl cluster create`. Now that they're present, we're
able to use kubectl again.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
- Most of the landing page is responsive on small/medium screens now. There are still
some bugs around the ascii cinema.
- Some wording tweaks, mostly I removed words to make things more concise. Feel free
to edit my edits.
- Simplified a couple of HTML constructs.
- Expanded the "features" section into two rows with a placeholder image for the 6th item.
Happy for feedback.
Signed-off-by: Tim Gerla <tim@gerla.net>
Things have changed since v0.2. This is a refresh to make the getting
started guide up to date.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will add the ability for talos to detect if the machine config
that it downloads from the platform is a gzipped file. If so, it will
unzip it and overwrite the byte slice that gets written to disk.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
There are use cases where a Talos node will not be publicly accessible.
This treats platform external IP errors as non-fatal.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
I can't say how exactly those conflicts happen in the tests, but I tried
to randomize more container IDs and namespace names (which both feed
into final abstract unix socket path).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This is not 100% fix as I can't reproduce tests hanging in local
environment, but the idea is the following:
1. `reaper.Start()` started reaper loop in a goroutine which starts with
subscribing to `SIGCHLD`.
2. `reaper.Start()` just spawned goroutine never waiting for it.
3. if after `reaper.Start()` reaper goroutine never runs, but process is
created in the test and it terminates, `SIGCHLD` will be ignored and
reaper will never wake up to reap the child.
4. process test hangs as it waits for reaper to reap the child and
return its exit status.
Sample failures:
```
=== RUN TestProcessSuite/runReaper=true/TestRunLogs
2019/10/15 14:17:41 state Running: Process Process(["/bin/sh" "-c" "echo -n \"Test 1\nTest 2\n\""]) started with PID 11802
coverage: 60.0% of statements
panic: test timed out after 10m0s
```
```
=== RUN TestCmdSuite/runReaper=true/TestRun
true
coverage: 71.4% of statements
panic: test timed out after 10m0s
```
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
The problem was that if container fails to start, it never reaches
'StateRunning' and test hangs waiting for that state. Assertion doesn't
abort whole test (it only aborts goroutine it was called from), so this
doesn't help.
Fix that by signalling back if some containers fail to start.
This is not a fix, but it should expose the actual failure happening in
this test.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This replaces `time.Sleep()` wait with calls to `retry.Constant` to
wait for specific condition to be reached.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Failure:
```
--- FAIL: Test_constantRetryer_Retry (7.00s)
--- FAIL: Test_constantRetryer_Retry/test_expected_number_of_retries (2.00s)
constant_test.go:168: expected count of 2, got 3
```
The problem is that retry interval (1s) perfectly aligns with timeout
(2s), so depending on which timer fires first, function might be called
two or three times. Fix that by extending timeout a bit so it fits one
more run and not more.
P.S. This test might be still flaky under load if function doesn't have
a chance to run (starvation). Proper fix is to use fake time in the
tests.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
- Added common.proto to host NodeMetadata
- go_package names were fixed up so imports are generated with the proper
package names
- fixed up build work (dockerfile) to prevent copying the previously
generated go proto files. This fixes a bug where we could incorrectly
copy the previously generated protobuf instead of a new one generated
at an incorrect location/name/etc.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
