IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
As the build runs inside containers which are part of a single pod, we
need to clean up networking bits (bridge interface, etc.), so that it
doesn't cause problems for other steps.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes#2363#2364#2370#2371
Several changes packed together:
* use compressed `vmlinuz` everywhere, firecracker provisioner
uncompresses it before first use, drop `vmlinux`
* handle reboots in qemu launcher to support reset API case, update
empty disk check to handle reset behavior (erasing partition table)
* make bootloader support default in provisioners, and flag to disable
that
* early support for target architecture for qemu provisioner
This should allow us to use `qemu` in CI/CD (not included into this PR):
integration test passes with qemu.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Starts and stops qemu VMs, has some initial configuration subset.
Sets up networking through CNI tools, sets up DHCP server which gives IP
addresses to nodes.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Fixes#2330
CLI tests require node discovery as `--nodes` flag is enforced for most
of the `talosctl commands`.
For clusters created via `talosctl cluster create`, cluster provisioner
state provides all the necessary information, but clusters created via
CAPI don't have the state attached.
API tests rely on Talos and Kubernetes APIs to fetch kubeconfig and
access Nodes K8s API.
CLI tests should rely only on CLI tools, so we use `kubectl get nodes` +
`talosctl kubeconfig` to fetch list of master and worker nodes.
This discovery method relies on "bootstrap" node being set in
`talosconfig` (to fetch `kubeconfig`).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
We're not using load balancer for `apid` (always using client-side load
balancing), so we can remove this safely.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
With load-balancing enabled by default running `talosctl` without
`--nodes` is risky, as it might hit any control plane by default without
`--nodes`.
Only two commands do not enforce this check, as they do their own node
contexts: `crashdump` and `health` (client-side).
Integration tests were updated to always supply `--nodes` cli argument,
while doing that I refactored the storage for discovered nodes to use
existing `cluster.Info` interface.
The downside is that with e2e CAPI tests CLI tests will be mostly
skipped as we don't support discovery in CLI tests at the momemnt. This
can be fixed by using `talosctl kubeconfig` + `kubectl get nodes` for
node discovery.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR brings in the latest version of clusterctl that has built-in
support for the talos repos. I'll be chasing this with a move to using
the control-plane provider as well!
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
When cluster fails to be bootstrapped or it fails the health check, it's
hard to find the root cause without the logs.
This change adds optional crashdump (it dumps firecracker logs or docker
logs) after provisioning failure. It's not enabled by default.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR fixes the fix where we try to cleanup sonobuoy. We did that
successfully, but still got errors b/c we were immediately trying to
create service accounts in a namespace that was being deleted. This
should fix that. The sonobuoy default wait period is 1hr, should be
plenty.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will make sure that, if we're going to retry sonobuoy, we run
the delete command first to clean up any dangling resources.
Closes#2266.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Just a copy of `integration` pipeline with the same trigger as `nightly`
pipeline, so we can have two separate pipelines and two notifications
for better visibility.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
As many pipelines inherit steps from `default_steps`, take out
`e2e-firecracker-short` from `default_steps`.
`e2e` pipeline only relies on `e2e-docker`.
`integration` pipeline does full firecracker run with `e2e-firecracker`.
`release` pipeline manually pulls in `e2e-firecracker-short` to be on
the safe side.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This adds new flug to `cluster create` to launch cluster with custom
CNI, `integration` pipeline gets a new step to run short test with
Cilium 1.8.0 CNI.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves full integratation test and provision tests to
the `integration` pipeline.
Docker test wasn't affected much, as anyways docker can't run long
integration tests, so it mostly affects firecracker and provision tests.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
CAPI-based steps are using docker Talos cluster built at `e2e-docker`
stage as a bootstrap cluster. Share the config via volume which is
attached to specific steps.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
e2e tests are running in `/tmp/e2e` directory, so all the firecracker VM
virtual disk are going to `/tmp` directory. As `/tmp` was mounted as
`tmpfs`, this was putting high pressure on build host memory. Memory is
also used for docker containers, firecracker VMs, etc. Build host has
fast NVMe disks, so no good reason to keep `/tmp` in memory.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This moves our test scripts to using the bootstrap API. Some
automation around invoking the bootstrap API was also added
to give the same ease of use when creating clusters with the
CLI.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will update k8s to the latest 1.18 release and bump sonobuoy to
help resolve some e2e flakes. Also adds some retry logic around the
sonobuoy run.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
With Go 1.14.3 we can run race-enabled code on muslc, so this opens path
to run unit-tests-race under Talos environment with rootfs, enabling all
the tests to run under race detector.
Also fixed the tests run by specifying platform in the test environment.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will ensure that the firecracker provision tests will only run
after a successful e2e_firecracker run. This is being added in hopes of
freeing up some resources during CI testing and making things more
stable.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Bump timeouts for reset API test as K8s control plane teardown might
take 3 minutes on its own.
Bump Go Firecracker SDK timeout when talking to firecracker process.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will update our testing ocde to make use of the clusterctl tool,
as well as use the newer versions of various providers and updated
manifests.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Instead of keeping a CHANGELOG for each release in the master branch, a
single CHANGELOG should be used since it will move into release branches
anyways. This prevents us from having to keep the files in sync across
master and the release branch. This also adds better tooling for
generating the CHANGELOG.md.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This sets the size of the ephemeral partition to the maximum
allowed size at installation time. We have reports of `xfs_growfs` causing
extremely slow boot times when the disk is 1TB or more. In our research
we found evidence that `xfs_growfs` is an expensive operation when
growing to a size of 10 times or more of the base. Instead, users should
create the disk close to the max disk size at install time. The
difference being that `mkfs.xfs` will handle larger disks better.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR removes the references to adding in the random CPU trust to the
kernel for all v0.4 docs, as well as in the iso command in the
installer. This is no longer needed with the newer linux kernel.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR does the following:
- updates the conform config
- cleans up conform scopes
- moves slash commands to the talos-bot
- adds a check list to the pull request template
- disables codecov comments
- uses `BOT_TOKEN` so all actions are performed as the talos-bot user
- adds a `make conformance` target to make it easy for contributors to
check their commit before creating a PR
- bumps golangci-lint to v1.24.0
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
`make docs` removes and then regenerates contents of some docs, so it
might cause random `-dirty` issue when running concurrently with build
steps.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will pull in the latest release of k8s 1.18 so we can start
validating it through our test suite.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
It seems to be useful enough to be the default one and it prevents
simple mistakes while trying to access the cluster which is not ready
yet.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This updates upgrade tests to run two flows with 3+1 clusters:
1. 0.3 -> current (testing upgrade with partition wiping)
2. 0.4-alpha.7 -> current (testing upgrade without partition wiping,
boot-a/boot-b)
And small upgrade with preserve enabled for single-node cluster.
Provision tests are now split into two parallel tracks in Drone.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This is a rename of the osctl binary. We decided that talosctl is a
better name for the Talos CLI. This does not break any APIs, but does
make older documentation only accurate for previous versions of Talos.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Try more attempts, wait for the response. Treat empty response as no
error (as this is what to expect when key is not set yet).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
With the fix#1904, it's now possible to upgrade 0.4.x with
`machine.File` extra files (caused by registry mirror for
registry.ci.svc).
Bump resources for upgrade tests in attempt to speed it up.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This class of tests is included/excluded by build tags, but as it is
pretty different from other integration tests, we build it as separate
executable. Provision tests provision cluster for the test run, perform
some actions and verify results (could be upgrade, reset, scale up/down,
etc.)
There's now framework to implement upgrade tests, first of the tests
tests upgrade from latest 0.3 (0.3.2 at the moment) to current version
of Talos (being built in CI). Tests starts by booting with 0.3
kernel/initramfs, runs 0.3 installer to install 0.3.2 cluster, wait for
bootstrap, followed by upgrade to 0.4 in rolling fashion. As Firecracker
supports bootloader, this boots 0.4 system from boot disk (as installed
by installer).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This enables a way to run the matching installer image in firecracker
tests. New image is used in firecracker tests and bootloader support to
use installed kernel/initramfs, which opens path for upgrade tests.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Container images for `apid`, `networkd`, etc. are now built inside the
buildkit using the `img` tool. This means that all the dependencies are
now controlled in `buildkit` and many more stages can run in parallel
without problems (overwriting content in `_out/images`).
This also simplifies Drone configuration, as we can let buildkit handle
the dependencies. I also enabled more stages to run in parallel.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR fixes a quick bug in CI where the ok-to-test step in drone was
running after a merge to master.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR adds the necessary drone step to check for the `ok-to-test`
label before running any testing against a PR.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
