IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Implement `Install` for imager overlays.
Also add support for generating installers.
Depends on: #8377Fixes: #8350Fixes: #8351Fixes: #8350
Signed-off-by: Noel Georgi <git@frezbo.dev>
Allow to override each package reference.
Signed-off-by: Louis SCHNEIDER <louis.schneider@bedrockstreaming.com>
Signed-off-by: Louis SCHNEIDER <louis@schne.id>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Don't ask me why this weird syntax for flags.
Don't ask me why it fails with exit code zero (success) on invalid
flags.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also:
* Linux 6.6.14 + XDP enablement
* etcd 3.5.12
Various other bumps for the tools, utilities, and Go modules.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
After the JSON schema is generated in a build container, copy it over to the host, so it becomes a part of the codebase.
This is required as the location of the schema changed recently from being under `pkg/machinery/config/types/` to be under `pkg/machinery/config/schemas/`.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Use custom pkgs repository by setting PKGS_PREFIX as argument.
Signed-off-by: Anthony ARNAUD <github@anthony-arnaud.fr>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rework docgen to scan a whole directory for multidoc config types recursively and generate a single schema for all of them.
Annotate the files which need to be scanned by docgen while generating a schema by `//docgen:jsonschema`.
Move and rename the schema.
Bring back schema tests.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This embeds a tiny TFTP server which serves UEFI iPXE which embeds a
script that chainloads a given iPXE script.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Generate a structured table of contents following the structure of the
config.
Make high-level examples follow the full structure of the config.
Document new multi-doc machine config.
Fixes#8023
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#4421
See documentation for details on how to use the feature.
With `talosctl cluster create`, firewall can be easily test with
`--with-firewall=accept|block` (default mode).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop firmware from initramfs. Extra firmware can be added as system
extensions enabled through imager service.
Before:
```bash
❯ du -sh _out/initramfs-amd64.xz
58M _out/initramfs-amd64.xz
```
After:
```bash
❯ du -sh _out/initramfs-amd64.xz
56M _out/initramfs-amd64.xz
```
Signed-off-by: Noel Georgi <git@frezbo.dev>
This fixes a problem in the `RouteSpecController` which is due to a
subtle (but correct) change in the behavior in the `stdlib`.
Also some small (but should be safe) bumps.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
There are two changes here:
* build `machined` binary with `tcell_minimal` tag (which disables
loading some parts of the terminfo database), which also affects
`apid`, `trustd` and `dashboard` processes, as they run from the same
executable; in `dashboard` explicitly import `linux` terminal we're
using when the `dashboard` runs on the machine
* pass `TCELL_MINIMIZE=1` environment variable to each Talos process
which removes 0.5MiB of runewdith allocation for a lookup table
See #7578
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Support full configuration for image generation, including image
outputs, support most features (where applicable) for all image output
types, unify image generation process.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Linux: 6.1.42
containerd: 1.6.22
Flannel: 0.22.1
And some other Go module bumps, new pkgs/tools/extras.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This is intemediate step to move parts of the `ukify` down to the main
Talos source tree, and call it from `talosctl` binary.
The next step will be to integrate it into the imager and move `.uki`
build out of the Dockerfile.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
We do not need a tpm simulator for ukify measure. We can pre-calculate
the values. This also means we can build ukify as a static binary.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Use shell here-doc to unify multiple commands into a single layer to
have less layers created.
Use `--link` to pull in pkgs.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Some tools like qemu-guest-agent when ran as a extension service calls
`/sbin/shutdown` instead of `/sbin/poweroff`. This adds handling for the
same.
Ref: https://github.com/siderolabs/extensions/pull/173
Signed-off-by: Noel Georgi <git@frezbo.dev>
Uses the auto-enrollment feature of sd-boot to enroll required UEFI Secure
Boot keys.
Fixes: #7373
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
This includes sd-boot handling, EFI variables, etc.
There are some TODOs which need to be addressed to make things smooth.
Install to disk, upgrades work.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This fixes usage of custom kernel images to copy over the modules info
list and the default set of modules shipped with Talos.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Copy missing `modules.order`, `modules.builtin` and
`modules.builtin.modinfo` files so tools can read them.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Use a fixed list of modules to copy into Talos initramfs.
This makes sure we can still enable thing in Talos kernel as modules but
not ship it as default in Talos (extra modules could be extensions).
Also fixes: #7341
Signed-off-by: Noel Georgi <git@frezbo.dev>
This PR adds support for creating a list of API endpoints (each is pair of host and port).
It gets them from
- Machine config cluster endpoint.
- Localhost with LocalAPIServerPort if machine is control panel.
- netip.Addr[0] and port from affiliates if they are control panels.
For #7191
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Use `udevd` rules to create stable interface names.
Link controllers should wait for `udevd` to settle down, otherwise link
rename will fail (interface should not be UP).
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use `pigz` and `--sparse` to handle more efficiently compression of the
assets.
Also move tasks out of `setup-ci` step, as it runs always, including for
the promoted pipelines.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
