IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The iscsi test broke when the new disks api was introduced making the
test pass always, now filter other only `iscsi` disk types using the new
disks API.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Add a new resource, `SiderolinkStatus`, which combines the following info:
- The Siderolink API endpoint without the query parameters or fragments (potentially sensitive info due to the join token)
- The status of the Siderolink connection
This resource is not set as sensitive, so it can be retrieved by the users with `os:operator` role (e.g., using `talosctl dashboard` through Omni).
Make use of this resource in the dashboard to display the status of the Siderolink connection.
Additionally, rework the status columns in the dashboard to:
- Display a Linux terminal compatible "tick" or a "cross" prefix for statuses in addition to the red/green color coding.
- Move and combine some statuses to save rows and make them more even.
Closessiderolabs/talos#8643.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
The v1 version is no longer supported.
The major change is the decoding of link data, but we're not using it,
as we have our own decoders/encoders for a long time.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When META has never been written (e.g. booted from a disk image), it
won't be detected as `talosmeta`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR does those things:
* No longer shuffles dns servers for each request.
* Sets a context timeout of 4.5 seconds.
* Correctly returns a proper error from the root layer.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
(This is not user-facing, but rather internal use of the kubeconfig in
the tests/inside the machine).
This was added 4 years ago as a workaround, but instead of a global
timeout we should rather use contexts with timeouts/deadlines (and we
do!).
Setting a global timeout breaks streaming Kubernetes pod logs.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Detect CD devices, and set size to 0 for CD without media.
In user disk wipe tests, skip device mapper devices and CD-ROM.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
* Replace logging.Wrap(log.Writer()) with zaptest.NewLogger(suite.T()) where possible.
* Replace reflect.DeepEqual with =|slices.Equal|bytes.Equal where possible.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
The assignment of private networks happens in the hetzner cloud after
starting the server and therefore often after querying the network
information when assigning VIPs.
If an alias IP is to be set but no private network is yet available, an
error message is now thrown, until the private network is assigned.
Previously, no error message was thrown and the
network ID was set to 0, which means that the VIP
is regarded as a public floating IP in the further
code and not as a private alias IP.
Signed-off-by: Marcel Richter <mail@mrclrchtr.de>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Uses go-siderolabs/go-blockdevice/v2 for all the hard parts,
provides new resource `Disk` which describes all disks in the system.
Additional resource `SystemDisk` always point to the system disk (based
on the location of `META` partition).
The `Disks` API (and `talosctl disks`) provides a view now into the
`talosctl get disks` to keep backwards compatibility.
QEMU provisioner can now create extra disks of various types: IDE, AHCI,
SCSI, NVME, this allows to test detection properly.
The new resource will be the foundation for volume provisioning (to pick
up the disk to provision the volume on).
Example:
```
talosctl -n 172.20.0.5 get disks
NODE NAMESPACE TYPE ID VERSION SIZE READ ONLY TRANSPORT ROTATIONAL WWID MODEL SERIAL
172.20.0.5 runtime Disk loop0 1 65568768 true
172.20.0.5 runtime Disk nvme0n1 1 10485760000 false nvme nvme.1b36-6465616462656566-51454d55204e564d65204374726c-00000001 QEMU NVMe Ctrl deadbeef
172.20.0.5 runtime Disk sda 1 10485760000 false virtio true QEMU HARDDISK
172.20.0.5 runtime Disk sdb 1 10485760000 false sata true t10.ATA QEMU HARDDISK QM00013 QEMU HARDDISK
172.20.0.5 runtime Disk sdc 1 10485760000 false sata true t10.ATA QEMU HARDDISK QM00001 QEMU HARDDISK
172.20.0.5 runtime Disk vda 1 12884901888 false virtio true
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use shared locks, discover more partitions, some other small changes.
Re-enable the flaky test.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
There was a bit of a mess here which worked fine until we bumped
runc/containerd, and the problem shows up in Talos-in-Kubernetes tests.
Use consistently `runner.WithCgroupPath`, as it handles cgroup nesting
for cases when Talos runs in a container.
Assign each service its own unique cgroup.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Talos diagnostics analyzes current system state and comes up with detailed
warnings on the system misconfiguration which might be tricky to figure
out other way.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop BurntSushi one, and use /v2 of pelletier package.
There is indirect use of v1 which should hopefully go away once we move
away from sonobouy.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Try to activate/deactivate watchdogs, change timeout, run only on QEMU.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
- By default, github.com/miekg/dns uses `dns.MinMsgSize` for UDP messages, which is 512 bytes. This is too small for some
DNS request/responses, and can cause truncation and errors. This change sets the buffer size to `dns.DefaultMsgSize`
4096 bytes, which is the maximum size of a dns packet payload per RFC 6891.
- We also retry the request if the response is truncated or previous connection was closed.
- And finally we properly handle the case where the response is larger than the client buffer size,
and we return a truncated correct response.
Closes#8763
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
When `udevd` rescans block device partitions while Talos is doing
partitions, it might be that Talos can hit the following error
while trying to open/mount a partition:
```
no such device or address
```
Previous attempts to fix that were using `ENODEV`, while the proper code
is `ENXIO`.
Also take exclusive lock while working with user disks to prevent
concurrent udevd rescan.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Talos doesn't support MLAG aggregation yet, but having the initial
testcase is a good step forward.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Note: this issue never happens with default Talos worker configuration
(generated by Omni, `talosctl gen config` or CABPT).
Before change https://github.com/siderolabs/talos/pull/4294 3 years ago,
worker nodes connected to trustd in "insecure" mode (without validating
the trustd server certificate). The change kept backwards compatibility,
so it still allowed insecure mode on upgrades.
Now it's time to break this compatibility promise, and require
accepted CAs to be always present. Adds validation for machine
configuration, so if upgrade is attempeted, it would not validate the
machine config without accepted CAs.
Now lack of accepted CAs would lead to failure to connect to trustd.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The maximum negative ttl (ttl for non-existent domain responses) was set to 1 hour, which is
too long. This PR decreases the maximum negative ttl to 10 seconds.
Also update CoreDNS module while we are at it.
Closes#8631
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Moving the loading and validation to the machinery package, so that we
can import and use that from other projects.
Co-authored-by: Noel Georgi <git@frezbo.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8753
There seems to be a problem in the machine config anyways, as
`machine.ca.crt` is missing for the worker (this should break `apid`
connectivity), but still Talos controller shouldn't enter a panic loop.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
In containerd 2.0 source tree, this constant is under `internal`, so we
can't import it directly.
So instead re-declare it as a Talos constant.
Doing this multi-staged, as `go-talos-support` is using it as well, and
to update it to stop importing old containerd library I need first to
declare the constant in Talos source tree.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Nothing changes from functional point of view: Talos still keeps max of
1M of logs per buffer, but the chunks after first 64k are compressed on
the fly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR fixes incorrect packet TTL if `forwardKubeDNSToHost` is enabled.
Credits go to Julian Wiedmann.
Closes#8698.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Retrieve the DNS names of instances from the platform metadata.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows the kubelet to detect AppArmor.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Run a health check before the test, as the test depends on CoreDNS being
healthy, and previous tests might disturb the cluster.
Also refactor by using watch instead of retries, make pods terminate
fast.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The current form of OpenStack is not capitalized correctly. Stack should
be written with a large S, like OpenStack and not Openstack.
Signed-off-by: Birger J. Nordølum <contact@mindtooth.no>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Initramfs and kernel are compressed with zstd.
Extensions are compressed with zstd for Talos 1.8+.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
