IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Turns out there is actually no black magic in systemd, they simply listen on 127.0.0.53 and forward dns requests there in resolv.conf.
Reason is the same as ours — to preserve compatibility with other applications. So we do the same in our code.
This PR also does two things:
- Adds `::1` into resolv.conf for IPv6 only resolvers.
- Drops `SO_REUSEPORT` from control options (it works without them).
Closes#8328
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This errors pops up when `udevd` rescans the partition table with Talos
trying to mount a device concurrently.
This feels to be something new with Linux 6.6 probably.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8345
Both `apid` and `trustd` services use a gRPC connection back to
`machined` to watch changes to the certificates (new certificates being
issued).
This refactors the code to follow regular conventions, so that a failure
to watch will crash the process, and they have a way to restart and
re-establish the watch.
Use the context and errgroup consistently.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Preallocation still done by default for correct max usage estimates, but
in development environment it could be beneficial not to use up that
space, so I added a flag to disable preallocation
Signed-off-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Allow passing a partial config to the machines using the `--input-dir` flag of `talosctl cluster create`.
With this change, it is not required to have talosconfig inside the input directory, neither for the configuration documents to contain a `v1alpha1` config document. They can solely contain maintenance config, e.g., `KmsgLogConfig`.
This is useful for testing scenarios such as partial machine configs being provided via cloud user data.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Let's add a very basic test for the Kata Containers extension, mimicing
what's already in place for gVisor.
This depends on the work being done in:
https://github.com/siderolabs/extensions/pull/279
Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Drop the Kubernetes manifests as static files clean up (this is only
needed for upgrades from 1.2.x).
Fix Talos handling of cgroup hierarchy: if started in container in a
non-root cgroup hiearachy, use that to handle proper cgroup paths.
Add a test for a simple TinK mode (Talos-in-Kubernetes).
Update the docs.
Fixes#8274
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
SideroLink is a secure channel, so we can allow read access to the resources. This will give us more control of the node via Omni and/or other systems using SideroLink.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This disables by default (if not specified in the machine config) the
endpoint harvesting for KubeSpan peers.
The idea was to observe Wireguard endpoints as seen by other peers in
the cluster, and add them to the list of endpoints for the node. This
might be helpful only in case of some special type of NATs which are
almost never seen in the wild today.
So disable by default, but keep an option to enable it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Prevent `DNSUpstreamController` from panicking by checking if the `machine` section in the config is `nil`. This is the case when a machine has partial configuration, e.g., when the machine has only a `SideroLinkConfig` in its config.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Update extensions test to use strategic patches and use
`ExtensionServiceConfig` document.
Depends on: https://github.com/siderolabs/extensions/pull/320
Signed-off-by: Noel Georgi <git@frezbo.dev>
Talos Linux 1.7.0 will ship with Kubernetes v1.30.0.
Drop some compatibility for Kubernetes < 1.25, as 1.25 is the minimum
supported version now.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The previous implementation used old events API, which had several
issues:
* buffer overruns, and weird checks
* big timeout even if the all nodes are booted up
Replace that with direct reading of `MachineStatus` resource which is
available since Talos 1.2.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixed URL to point to repository that exists.
Signed-off-by: Michael Stephenson <m.k.stephenson@outlook.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8196
Example (profile excerpt):
```yaml
output:
kind: iso
isoOptions:
sdBootEnrollKeys: force
outFormat: raw
```
Defaults are still same (`if-safe` unless explicitly overridden).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8270
The base bug was that the registry will return `nil` `ConfigDocument` if
the version is not registered for a kind, which would result into weird
config decoding errors.
Add more unit-tests, while at it, also add more fuzzing samples.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Allow to override each package reference.
Signed-off-by: Louis SCHNEIDER <louis.schneider@bedrockstreaming.com>
Signed-off-by: Louis SCHNEIDER <louis@schne.id>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#4525
The previous implementation had several issues:
* etcd concurrency session never closed
* Unlock() with potentially closed context
* unlocking when upgrade sequence finishes, but this overlaps with the
machine reboot, so a chance that it never got unlocked
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is useful when the VMs are booted without machine config,
so default hostnames based on controlplanes/workers no longer make
sense.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Proxmox _does_ support manually editing the configuration files, but a safer option is to use the CLI or API for the sake of option validation.
This PR updates the documentation that suggested reading and editing the VM configuration by hand, and replaces that with CLI commands to do the same. The `qm` command needs to be run from a root shell, but you need to be `root` to edit (or even read!) the configuration via something like SFTP, anyway.
I also updated the UUID to be a real UUID, and then tested these commands on my home Proxmox server.
Signed-off-by: bri <284789+b-@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
While we decide what to do with #8263 and #8256 this quickfix at least allows us to
see what went wrong
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Don't ask me why this weird syntax for flags.
Don't ask me why it fails with exit code zero (success) on invalid
flags.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
