IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This brings in a few minor improvements to the metal platform. The first
is to use talos.config=metal-iso to indicate that the machine's config
can be found in an ISO image. The second is a fix to ensure that /mnt
exists.
This adds support for creating more than one node using the qemu-boot.sh
script.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This moves to using a single revision of pkgs. It includes a few
changes:
- kernel with KVM host support
- containerd v1.3.0
This change brings in a kernel with host KVM support. This will allow us
to use VMs within Talos for things like integrations tests. This also
allows users to do things with KVM as they see fit.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will add the ability to query metadata servers in azure to fetch
external IPs. Needed to ensure certs get generated with proper cert SANs
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This package provides a consistent way for us to retry arbitrary logic.
It provides the following backoff algorithms:
- exponential
- linear
- constant
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Memory usage reduced around 8-10x: now it stays stable at 1GB.
I disabled some of the new linters, and one rule which is violated a
lot.
I might make sense to go back and enable `wsl` fixing all the issues
(leaving that for another PR).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves from translating a config into an internal config
representation, to using an interface. The idea is that an interface
gives us stronger compile time checks, and will prevent us from having to copy
from on struct to another. As long as a concrete type implements the
Configurator interface, it can be used to provide instructions to Talos.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This introduces the functionality for discovering external addresses configured on an intance.
This allows us to automatically append these external addresses to our certificate SANs so we can
access the machines from these addresses without having to know about them ahead of time.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This detangles the gRPC client code from the userdata code. The
motivation behind this is to make creating clients more simple and not
dependent on our configuration format.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This changes the controlplane logic to write the audit policy to disk
from a common template instead of using trustd to distribute it.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change allows us to generate the EncryptionConfig on each
controlplane node. The benefit is that we no longer need to distibute
the EncryptionConfig via trustd.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change ensures that the installer has access to the machine config
so that it can set the extra kernel arguments when installing.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Looks like containerd creates shim file sockets in Linux abstract
namespace which are fixed (don't depend on containerd root directory)
and depend on container namespace and id. So if two containerd instances
on the same host run same namespace/id pair, that is going to create a
conflict on that shim filesocket.
Avoid that by randomizing namespace name. CRI tests should be fine as
namespace is fixed, but container ID is random.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
The gofumports does everything that gofumpt does with the addition of
formatting imports. This change proposes the use of the `-local` flag so
that we can have imports separated in the following order:
- standard library
- third party
- Talos specific
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
The gofumpt linter is a stricter drop-in replacement for gofmt. The
rules are ones that I strongly agree with and I think it would be better
if we added this linter instead of nit picking every PR.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This TODO no longer applies. We have setteled on a fixed boot size. This
also removes variables no longer needed.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will make sure that each platform gets the console settings it
needs by setting them as extra flags in the makefile. This should ensure
that we have console logs flowing properly for each cloud.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Added a decomposition option to the kernel.NewDefaultCmdline() so that
the Defaults can be added _after_ constructing a custom commandline.
This is then implemented for `osctl install`.
Fixes#1128
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Added a property to userdata to allow a network interface to be ignored,
such that Talos will perform no operations on it (including DHCP).
Also added kernel commandline parameter (talos.network.interface.ignore)
to specify a network interface should be ignored.
Also allows chaining of kernel cmdline parameter Contains() where the
parameter in question does not exist.
Fixes#1124
Signed-off-by: Seán C McCord <ulexus@gmail.com>
This sets the default install image just before installation. It was
erroneously placed in the boot verification.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
We have no need for this anymore since installs and upgrades are now
completely handled in a container.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will move to using the external kubeadm v1beta2 structs for our
code base. This will hopefully allow for more stable integrations with
kubeadm in the long term, as well as solve some needs we have in the
machine config rewrite.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This adds a well defined task for handling all overlay mount points that
are required by the system.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This moves to using BLKPG ioctl instead of BLKRRPART. BLKRRPART is older
and more sensitive to EBUSY errors. BLKPG has the potential to minimize
the changes of encountering an EBUSY error when manipulating partition
tables.
In looking at a comparison between BLKPG and BLKRRPART, it seems that
both have their pros and cons. Eventually a combination of the two may
serve us better, but for now I think BLKPG will get us further.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This is a major rewrite of our network subsystem.
- This changes networkd to run as a standalone app versus internal goroutine
- This changes out the netlink package with the more idiomatic netlink/rtnetlink
packages
- This changes the initial network bootstrap/discovery from using a single
interface to attempting to bring up all interfaces
- This moves us back on to the upstream dhcp library
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
In order to DRY up all installation methods and mount methods, this PR
introduces a few more runtime modes. The modes are then used to
determine the strategy for creating and or mounting the paritions.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This adds a command runner function that can be used everywhere we need
to exec a binary. It adds addtional logic around error handling that
will allow for viewing errors in the case of a failed command.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This fixes the possibility of panicing on a nil pointer by running the
verification steps earlier.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This changes the data partition name to something more appropriate. We
chose ephemeral to make it very clear that the disk should not be used
for application data.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This is not ideal, but it works. We essentially need to start using
replace statements in order to pull in the modules we need.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This also includes a fix for #955 which had the unintended side effect
of breaking image creation ( since it would attempt to grow the filesystem
always ).
The refactor standardizes around looking for the DATA and ESP labels to
discover any existing installations/filesystems. If none are found, an
installation will proceed -- for both image creation and bare metal.
During bootup, the DATA partition will always attempt to expand/grow.
This also introduces a new phase to verify the installation through the
existance of /boot/installed ( migrated from install stage ).
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This adds the logic for mounting the owned block device and resizing the
ephemeral partition for cloud platforms.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change aims to make installations more unified and reliable. It
introduces the concept of a mountpoint manager that is capable of
mounting, unmounting, and moving a set of mountpoints in the correct
order.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will fix a bug we encountered in GCE, where the interface was
already up and the MTU value wasn't getting set.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This change aims to standardize the boot process. It introduces the
concept of a phase, which is comprised of tasks. Phases are ran in serial and
the tasks that make up a phase are ran concurrently.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
It runs containers via CRI interface in a pod sandbox. This is the very
first version: I tried not to introduce any changes to common runner
interface.
There should be some CRI-speficic options for the runner (like polling
interval, as it doesn't have nice `Wait()` API), plus my plan so far is
to use OCI as the common layer for container options, so that we can
analyze OCI and translate to CRI (when possible, return errors when
option is not implemented).
CRI interface doesn't have a concept of 'unpacking' an image, so we
probably need to unpack via containerd API (or any other
runtime-specific API) by targeting CRI namespace.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
The responsibility of init should only be to mount the rootfs. This
change moves Talos specific logic into machined. This will allow us to
define a version of Talos in a single binary instead of split across
two. This will enable cleaner upgrades and helps make the codebase
easier to reason about.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
