IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes#4525
The previous implementation had several issues:
* etcd concurrency session never closed
* Unlock() with potentially closed context
* unlocking when upgrade sequence finishes, but this overlaps with the
machine reboot, so a chance that it never got unlocked
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is useful when the VMs are booted without machine config,
so default hostnames based on controlplanes/workers no longer make
sense.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Proxmox _does_ support manually editing the configuration files, but a safer option is to use the CLI or API for the sake of option validation.
This PR updates the documentation that suggested reading and editing the VM configuration by hand, and replaces that with CLI commands to do the same. The `qm` command needs to be run from a root shell, but you need to be `root` to edit (or even read!) the configuration via something like SFTP, anyway.
I also updated the UUID to be a real UUID, and then tested these commands on my home Proxmox server.
Signed-off-by: bri <284789+b-@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
While we decide what to do with #8263 and #8256 this quickfix at least allows us to
see what went wrong
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Don't ask me why this weird syntax for flags.
Don't ask me why it fails with exit code zero (success) on invalid
flags.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
With switching to RSA service account, machine config generation time is
considerably higher now, so the test might not make it in time.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also:
* Linux 6.6.14 + XDP enablement
* etcd 3.5.12
Various other bumps for the tools, utilities, and Go modules.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
It was deprecated 16 months ago, time to cleanup.
(This is to prepare for the first v1.7 release)
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8069
The image age from the CRI is the moment the image was pulled, so if it
was pulled long time ago, the previous version would nuke the image as
soon as it is unreferenced. The new version would allow the image to
stay for the full grace period in case the rollback is requested.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#7612
Drop the customizing rootfs docs, and point towards system extensions
documentation, as it is the right way.
Document building custom Talos Linux kernel.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8111
Starting with 1.7, use RSA instead of ECDSA.
RSA is way slower, but it has better support with other providers.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We had these retries in other places, but not here.
This seems to happen more frequently with Linux 6.6 update, the tl;dr is
same: `udevd` tries to rescan the partition table at the wrong moment,
preventing Talos installer to open the partition which was just created.
It's a race, so workaround it by retrying the call.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
In the previous implementation, even though `installer.err` was set, it
was never checked 🤦.
The run loop was stolen from the dashboard code.
Fixes#8205
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8202
If some mountpoint can't be queried successfully for 'diskfree'
information, don't treat that as an error, and report zero values for
disk usage/size instead.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add an example of using a custom extension via tarball.
Signed-off-by: stereobutter <sascha.desch@hotmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR adds a new controller - `DNSServerController` that starts tcp and udp dns servers locally. Just like `EtcFileController` it monitors `ResolverStatusType` and updates the list of destinations from there.
Most of the caching logic is in our "lobotomized" "`CoreDNS` fork. We need this fork because default `CoreDNS` carries
full Caddy server and various other modules that we don't need in Talos. On our side we implement
random selection of the actual dns and request forwarding.
Closes#7693
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixed the set of same links in 1.4, 1.5, 1.6, and 1.7, with an exception
of a link in 1.4 where the it links to boot assets and boot assets, if
we were to place a copy in that version, is missing a bunch of
supporting links. Opted to skip that update, as that documentation is
unsupported.
Signed-off-by: edwinavalos <edwin.a.avalos@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR sets proper defaults based on the series of talos. Defaults to last release in each series.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Add support for using the GOVC_NETWORK environment variable to determine which vSphere vSwitch PortGroup to use.
This checks if the GOVC_NETWORK environment variable is set, if that's the case, use that value. If not, continue with the default PortGroup (VM Network) as before.
Checks added for both control plane and worker nodes.
Signed-off-by: Christian Mohn <christian@drible.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
After the JSON schema is generated in a build container, copy it over to the host, so it becomes a part of the codebase.
This is required as the location of the schema changed recently from being under `pkg/machinery/config/types/` to be under `pkg/machinery/config/schemas/`.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Fixes#8186
This is planned to be backported to Talos 1.6.3.
This allows to pass large META values (YAML for platform network
configuration) which might otherwise exceed the limit for kernel
command line params.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add missing `--talosconfig` flag to setting up vmtoolds secret step.
Signed-off-by: ExtraClock <35864862+ExtraClock@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
This is currently no-op, just noticed that while looking into another
bug. This should make the intention more clean.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use custom pkgs repository by setting PKGS_PREFIX as argument.
Signed-off-by: Anthony ARNAUD <github@anthony-arnaud.fr>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The audit policy is marked as `merge: replace`, but there's no check for
zero value. So the problem is that any patch which has `cluster:`
section zeroes out previously set `cluster.apiServer.auditPolicy`.
Add regression tests.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8157
This PR contains two fixes, both related to the same problem.
Several routes for different links but same IPv6 destination might exist
at the same time, so route resource ID should handle that. The problem
was that these routes were mis-reported causing internally updates for
the same resources multiple times (equal to the number of the links).
Don't trigger controllers more often than 10 times/seconds (with burst of
5) for kernel notifications. This ensures Talos doesn't try to reflect
current state of the network subsystem too often as resources, which
causes excessive CPU usage and might potentially lead to the buffer
overrun under high rate of changes.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
PEM was converted to DER incorrectly when the output was a X509 certificate and not a public key.
Skip unnecessary parsing of it to an RSA public key before writing it in DER format as output.
Simplify the code as we do not generate `*-signing-public-key.pem` anymore.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
