IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This includes sd-boot handling, EFI variables, etc.
There are some TODOs which need to be addressed to make things smooth.
Install to disk, upgrades work.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Also uncomment Azure uploader.
Add the Azure environment variables to the Makefile cloud-images step.
Change disk size and tier to 16GiB and tier: P3
Add boolean value to drone pipeline and the cloud images hack will check the value to determine which Azure Compute Gallery to push images to.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
Add flags for configuring the qemu bridge interface with chaos options:
- network-chaos-enabled
- network-jitter
- network-latency
- network-packet-loss
- network-packet-reorder
- network-packet-corrupt
- network-bandwidth
These flags are used in /pkg/provision/providers/vm/network.go at the end of the CreateNetwork function to first see if the network-chaos-enabled flag is set, and then check if bandwidth is set. This will allow developers to simulate clusters having a degraded WAN connection in the development environment and testing pipelines.
If bandwidth is not set, it will then enable the other options.
- Note that if bandwidth is set, the other options such as jitter, latency, packet loss, reordering and corruption will not be used. This is for two reasons:
- Restriction the bandwidth can often intoduce many of the other issues being set by the other options.
- Setting the bandwidth uses a separate queuing discipline (Token Bucket Filter) from the other options (Network Emulator) and requires a much more complex configuration using a Heirarchial Token Bucket Filter which cannot be configured at a granular enough level using the vishvananda/netlink library.
Adding both queuing disciplines to the same interface may be an option to look into in the future, but would take more extensive testing and control over many more variables which I believe is out of the scope of this PR. It is also possible to add custom profiles, but will also take more research to develop common scenarios which combine different options in a realistic manner.
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use `udevd` rules to create stable interface names.
Link controllers should wait for `udevd` to settle down, otherwise link
rename will fail (interface should not be UP).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use `pigz` and `--sparse` to handle more efficiently compression of the
assets.
Also move tasks out of `setup-ci` step, as it runs always, including for
the promoted pipelines.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This cleans up `Dockerfile` and `Makefile` targets to be in similar
parity with `kres` auto-generated targets.
Now `make talosctl` would only build the one for the specific local
machine making development easier. Also added a `iso` docker target
that builds iso for local development without having to push and pull
the imager. (`make local-iso DEST=_out`)
Signed-off-by: Noel Georgi <git@frezbo.dev>
Create Azure Community Gallery Image Version on release:
- Add /hack/cloud-image-uploader/azure.go
- Upload vhd file to container for all architectures
- Create managed disk from vhd file for all architectures
- Create image version from managed disk for all architectures
- Modify /hack/cloud-image-uploader/main.go
- Start Community Gallery processes concurently with AWS upload
- Modify /hack/cloud-image-uploader/options.go
- Add additional Options for Community Gallery processes
- Modify .drone.jsonnet to use secrets for environment variables
- The following secrets need to be created for this to work:
- azure_subscription_id
- azure_client_id
- azure_client_secret
- azure_tenant_id
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
chore: fix linting errors in readme
Fix linting errors in readme
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
chore: fix markdown linting errors
Fix markdown linting errors in readme
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
chore: fix markdown linting errors
Fix markdown linting errors in readme
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
chore: change disk size to match new 10GB cloud image size
Change disk size to match 10GB cloud image size
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
Azure skips the file permissions when upload/downloaded from the object
store. Make sure all binaries under `_out` have executable permissions.
Signed-off-by: Noel Georgi <git@frezbo.dev>
This PR updates CI to remove the immutability policy and tags the azure
"containers" (aka buckets) with a ci=true tag. This will allow us to
handle the deletion of buckets with the cloud-cleaner app.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Add cilium e2e tests. The existing cilium check was very old, update to
latest cilium version and also add a test for KPR strict mode.
Signed-off-by: Noel Georgi <git@frezbo.dev>
If we don't pre-build, it's getting built each time the `e2e-*` step
runs, and we have some running in parallel.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use boot kernel arg `talos.unified_cgroup_hierarchy=0` to force Talos to
use cgroups v1. Talos still defaults to cgroupsv2.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There's a cyclic dependency on siderolink library which imports talos
machinery back. We will fix that after we get talos pushed under a new
name.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This commit adds support for building Talos for the
Compute Module 4 and other generic Raspberry Pi
hardware.
Fixes: #6273
Signed-off-by: Kris Reeves <kris@pressbuttonllc.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Don't skip pods which are not ready, try still to stop containers inside
not ready pod sandboxes.
Re-enable the test with Canal CNI (upstream Calico got fixed).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This commit adds initial support for the Nano Pi
R4S from Friendlyelec. This device is a networking focused
rk3399 based SBC with two 1G ethernet interfaces,
making it perfect for edge or SOHO deployments.
Signed-off-by: Marvin Drees <marvin.drees@9elements.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#6119
With new stable default hostname feature, any default hostname is
disabled until the machine config is available.
Talos enters maintenance mode when the default config source is empty,
so it doesn't have any machine config available at the moment
maintenance service is started.
Hostname might be set via different sources, e.g. kernel args or via
DHCP before the machine config is available, but if all these sources
are not available, hostname won't be set at all.
This stops waiting for the hostname, and skips setting any DNS names in
the maintenance mode certificate SANs if the hostname is not available.
Also adds a regression test via new `--disable-dhcp-hostname` flag to
`talosctl cluster create`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR adds support for building talosctl for FreeBSD on
amd64 and arm64 architectures.
It also pulls in the latest go-blockdevice library to ensure the FreeBSD
stubs are there for proper build.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
This change replaces the gzipped tar with a gzipped image, which
DigitalOcean natively supports uploading, and means that it can be
linked directly to the image when using, for example, Terraform.
Signed-off-by: Ryan Heywood <me@ryansquared.pub>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
It wasn't used when building an endpoint to the local API server, so
Talos couldn't talk to the local API server when port was changed from
the default one.
Fixes#5706
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Uses Sidero Labs d2ctl to install a small sample of
common cluster services to ensure the Talos cluster
is capable.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
This is needed to make sure that those steps don't run in parallel on
release builds, as they write same output files.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4947
It turns out there's something related to boot process in BIOS mode
which leads to initramfs corruption on later `kexec`.
Booting via GRUB is always successful.
Problem with kexec was confirmed with:
* direct boot via QEMU
* QEMU boot via iPXE (bundled with QEMU)
The root cause is not known, but the only visible difference is the
placement of RAMDISK with UEFI and BIOS boots:
```
[ 0.005508] RAMDISK: [mem 0x312dd000-0x34965fff]
```
or:
```
[ 0.003821] RAMDISK: [mem 0x711aa000-0x747a7fff]
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4694
User services run alongside with Talos system services.
Every user service container root filesystem should be already present
in the Talos root filesystem.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As `_out` is a shared volume across Drone steps, we should prefetch CLI
dependencies early, as fetching them concurrently from multiple steps
might lead to surpising results.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#4816
This changes the way system extensions are packaged into the squashfs
images: `/lib/firmware` is now moved out of the future squashfs images
and becomes part of `initramfs` to make firmware available in the early
boot.
Talos will bind-mount `/lib/firmware` into rootfs as well, so it will be
available in the rootfs as well.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
