IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Following the most recent livestream, I'm adding in a few small fixes, specifically:
* Using `metros` instead of `facilities` as the latter is deprecated (https://deploy.equinix.com/developers/docs/metal/locations/facilities/)
Signed-off-by: Steve Martinelli <4118756+stevemar@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Generating YAML using text templates is going to stop working because of
proper escaping.
Also fix unrelated issue with `cloud.google.com/go` module which got
split into submodules, and now this conflicts with each other.
Fixes#7180
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add a `runc-memfd-bind` service so that runc binary is not copied for
every `runc` invocation.
Fixes: #9007.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Add `"` to handle vmware network interfaces with non-characters name
Signed-off-by: Fredrik Lundhag <f@mekk.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add test for Gvisor extensions when kvm platform is used.
The test is marked as skipped until pod termination issue is resolved.
Signed-off-by: Noel Georgi <git@frezbo.dev>
when kernel not support ethtool-netlink,we will use ethtool-ioctl to get link status
Signed-off-by: EricMa <307748790@qq.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This patch adds a flag to `secureboot.database.Generate` to append the
Microsoft UEFI secure boot DB and KEK certificates to the appropriate
ESLs, in addition to complimentary command line flags.
This patch also includes a copy of said Microsoft certificates. The
certificates are downloaded from an official Microsoft repo.
Signed-off-by: Jean-Francois Roy <jf@devklog.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8690
Consider the following scenario (e.g. OpenStack): platform issues a
correct list of DNS servers, which includes both IPv4 and IPv6
resolvers, and configures DHCPv4 on the interface.
DHCPv4 returns a set of IPv4 resolvers (as it can't return IPv6 ones),
and this list completely overrides the list from the platform, wiping
out the IPv6 resolvers completely.
With this change, the merge process is more smart, as it tries to
preserve IPv6 resolvers for example if the next layer provides no
resolvers for IPv6.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We missed passing the log formatting options while printing logs in a couple places, causing the logs to be in inconsistent format.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Fixes#9009
When building a port interval set, sort the ports and merge adjacent
ranges to prevent mismatch on the nftables side.
With address sets, this was already the case due to the way IPRange
builder works, but ports need a manual implementation.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8995
There is no security impact, as the actual SecureBoot
state/configuration is measured into the PCR 7 and the disk encryption
key unsealing is tied to this value.
This is more to provide a way to avoid accidentally encrypting to the
TPM while SecureBoot is not enabled.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Ensure that SecureBoot enabled images come before regular ones.
With Ubuntu 24.04 `ovmf` package, due to the ordering of the search
paths `talosctl` might pick up a wrong image and disable SecureBoot.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Compute command missing backslashes for new lines
Seq in for loop used incorrect numbering
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
Not sure why this mount was needed, but it was added long time ago, and
I believe it's no longer needed.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Simple change:
1. `FilterMessages` became `filterMessages`.
2. `FilterMessages` is now typed generic function which calls `filterMessages` internally.
3. Adjusted callsites of `FilterMessages`.
Most of the reflection can be avoided in `filterMessages` body (aside from setting `Messages` field
which can be done using proto reflection mechanisms). But for now, lets stick to the simple change.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Bump github.com/siderolabs/grpc-proxy to v0.4.1 and replace deprecated calls to `grpc.CustomCodec`.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
The Mayastor helm chart ships with an init container that won't mount /sys and runs lsmod.
Add a note in the guide as this is not obvious.
Signed-off-by: Syoc <Syoc@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
- replace `interface{}` with `any` using `gofmt -r 'interface{} -> any -w'`
- replace `a = []T{}` with `var a []T` where possible.
- replace `a = []T{}` with `a = make([]T, 0, len(b))` where possible.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Remove the need for additional allocation in case we use `EncodeString` and overall looks nicer.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
For `get mc -o json|yaml` we pretend that `spec` field is string and not an actual yaml map. That way you
can see the full spec in unformatted view using `talosctl -n <node> get mc -o yaml` or formatted using
`talosctl -n <node> get mc -o yaml | yq .spec`.
`edit mc` command is unaffected.
Fixes#8687
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
`SortBonds` function bothered me since the last time I refactored this part.
We always know that it only accepts `network.LinkSpec`s, but we accepted the slice of untyped Resources because
this is what `List` method returns. Now we can do better, since `safe.List` now supports `Swap` method.
We can utilize `sort.Interface` and pass `safe.List` directly to `SortBonds`.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
As the controllers might fail with transient errors on machine startup,
but errors are always retried, persisten errors will anyway show up in
the console.
The full `talosctl logs controller-runtime` are not suppressed.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Previously it was generating same name for the state file causing
parallel runs to delete resources created by another running test.
Fix names to be unique by reading `cluster_name`.
Signed-off-by: Noel Georgi <git@frezbo.dev>
