IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes#7080
The real bug was off-by-one in `log2i` implementation, other changes are
cleanups as `x/sys/unix` package now contains all the constants we need.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This PR updates the ProviderID format for aws resources. There seems to
be a bug when using Talos CCM (which consumes this value from Talos)
because the format is `aws://x/y` (two slashes) vs. the expected
`aws:///x/y` (three slashes) that is set with the AWS CCM code
[here](d055109367/pkg/providers/v1/instances.go (L47-L53)).
Setting only two slashes causes important software in the workload
cluster to fail, specifically cluster-autoscaler. The regex they use for
pulling providerID is [here](702e9685d6/cluster-autoscaler/cloudprovider/aws/aws_cloud_provider.go (L195)).
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Correctly propagate errors back. Drop ARM templates and use native APIs.
Correctly handle restarted runs for creating image versions. fixes#7512.
Signed-off-by: Christian Rolland <christian.rolland@siderolabs.com>
Fixes#7558
I see no reason to keep old behavior (removing all partitions on the
disk), as it's only compatible with Talos itself.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Support full configuration for image generation, including image
outputs, support most features (where applicable) for all image output
types, unify image generation process.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
* support for bonding
* added interface selection by MAC address
* added routes management
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
After we closed `kubelet`, remove `/var/lib/kubelet/cpu_manager_state` if there are any changes in `cpuManagerPolicy`.
We do not add any other safeguards, so it's user responsibility to cordon/drain the node in advance.
Also minor fixes in other files.
Closes#7504
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Linux: 6.1.42
containerd: 1.6.22
Flannel: 0.22.1
And some other Go module bumps, new pkgs/tools/extras.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Add security state resource that describes the state of Talos SecureBoot
and PCR signing key fingerprints.
The UKI fingerprint is currently not populated.
Fixes: #7514
Signed-off-by: Noel Georgi <git@frezbo.dev>
The code picks up firmware files in the order it's defined. The
secureboot QEMU firmware files are defined first, so this flag is a
no-op. This was leftover from when `ovmfctl` was used.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Same note for Kubernetes API.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The step was disabled for the latest alpha release to workaround AWS
issues which have been resolved.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
There are no functional changes, but SDK got updated to handle int ->
int64 changes. v1 version is only supported to Sep 2023.
See https://github.com/hetznercloud/hcloud-go#support
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This new fork seems to be more active. The change itself doesn't fix any
memory allocation, but I submitted a PR for gopacket/gopacket:
https://github.com/gopacket/gopacket/pull/24
Also fix crazy alloc in `tui/components` (this is only relevant for
`talosctl`).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This module was imported just for a single Go struct (for XML
unmarshalling), and it could be easily internalized.
The module causes significant allocation on startup:
```
init github.com/vmware/govmomi/vim25/types @23 ms, 1.4 ms clock, 1269864 bytes, 196 allocs
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Both are much modular and pull in much less dependendencies in to the
Talos tree.
This solves the problem with allocations in AWS endpoints on import, and
removes a bunch of dependencies.
Raw binary size: -10 MiB.
Memory usage (not scientific): around -5 MiB for all Talos services.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
See https://github.com/siderolabs/go-pcidb/pull/2
This shows minus 2-3 MiB of resident memory usage for each of `apid`,
`dashboard`, `machined` and `trustd`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As part of bootloader refactoring `go-blockdevice` was used for wiping
partitions in #7329, but used standard wipe which could be fast/slow
depending on the blockdevice support. Switch to using fast-wipe for
partitions. This should not affect `wipe` option in machineconfig.
Fixes: #7531
Signed-off-by: Noel Georgi <git@frezbo.dev>
- Make dashboard SIGTERM-aware
- Handle panics on dashboard and terminate it gracefully, so it resets the terminal properly
- Switch to TTY2 when it starts and back to TTY1 when it stops.
Closessiderolabs/talos#7516.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This refactors code to handle partial machine config - only multi-doc
without v1alpha1 config.
This uses improvements from
https://github.com/cosi-project/runtime/pull/300:
* where possible, use `TransformController`
* use integrated tracker to reduce boilerplate
Sometimes fix/rewrite tests where applicable.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#7513
AWS image uploads recently consistently fail in some regions, which
blocks the release process. Allow to skip some AMIs if they fail to
upload.
Disable Azure until #7512 is resolved.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Disable cloud-images step due to the issue with AWS & Azure atm.
Pull in https://github.com/siderolabs/pkgs/pull/761
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#7453
The goal is to make it possible to load some multi-doc configuration
from the platform source (or persisted in STATE) before machine acquires
full configuration.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
UKI is meant to be for UEFI Secure Boot, so it's expected to enforce
kernel lockdown. We might reconsider in the future to use a kernel patch
instead: b1a0314b08
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#7487
When `.kubelet.nodeIP` filters yield no match, Talos should not start
the kubelet, as using empty address list results in `--node-ip=` empty
kubelet arg, which makes kubelet pick up "the first" address.
Instead, skip updating (creating) the nodeIP and log an explicit
warning.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This adds basic support for shutdown/poweroff flags.
it can distringuish between halt/shutdown/reboot.
In the case of Talos halt/shutdown is same op.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Use the `machined` socket for `shutdown` and `poweroff` aliases. This
ensures that worker nodes does not have to wait on apid to start.
Signed-off-by: Noel Georgi <git@frezbo.dev>
We can safely do it on `io.Writer` level, since `log.Logger.Output` (called by `Print|Printf`) pretty much promises
that every call to `Write` ends with `\n`.
Closes#7439
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
For rng seed and pcr extend, let's ignore if the device is not TPM2.0
based. Seal/Unseal operations would still error out since it's
explicitly user enabled feature.
Signed-off-by: Noel Georgi <git@frezbo.dev>
