IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Without running the install task first, /var is read-only. This causes
the overlay phase to fail as it tries to create /var/system.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Phases should run sequentially, while tasks concurrently in a phase.
There are two potential issues fixed:
1. `result` multierror was updated inside goroutine without any
synchronization, so this is a data race
2. panic inside task/phase runner might happen and as unhandled panic in a
goroutine aborts whole process, this might lead to a system halt as
as the 'machined' exits
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will fix a bug we encountered in GCE, where the interface was
already up and the MTU value wasn't getting set.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This allows to run tiny Talos clusters (which is sometimes nice for
local testing), e.g. with just a single master and zero workers.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This removes the `--output` flag from the rootfs target. With the output
specified it was outputting the file directory structure to the build
directory.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
They are outdated, `osctl cluster` implements cluster up/down in a
better way. K8s manifests are left intact, they are used in integration
tests.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This change aims to standardize the boot process. It introduces the
concept of a phase, which is comprised of tasks. Phases are ran in serial and
the tasks that make up a phase are ran concurrently.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
It runs containers via CRI interface in a pod sandbox. This is the very
first version: I tried not to introduce any changes to common runner
interface.
There should be some CRI-speficic options for the runner (like polling
interval, as it doesn't have nice `Wait()` API), plus my plan so far is
to use OCI as the common layer for container options, so that we can
analyze OCI and translate to CRI (when possible, return errors when
option is not implemented).
CRI interface doesn't have a concept of 'unpacking' an image, so we
probably need to unpack via containerd API (or any other
runtime-specific API) by targeting CRI namespace.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Remove `-a` flag to `go build` which caused cache to be missed all the
time. Add cache mount where missing, update path to match Go build cache
exactly.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
The responsibility of init should only be to mount the rootfs. This
change moves Talos specific logic into machined. This will allow us to
define a version of Talos in a single binary instead of split across
two. This will enable cleaner upgrades and helps make the codebase
easier to reason about.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change fixes a bug that caused the API server to fail due to a
missing directory at /usr/share/ca-certificates.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
These were disabled in previous versions of Talos since BPF was
completely disabled. With this change, we now implement all recommended
sysctls.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This change allows for more accurate mount reporting as /proc/mounts is
a symlink to /proc/self/mounts and contains mounts that are relative to
the running process. In our case this was osd. This caused inaccurate
reporting of mounts since they were relative to osd when we really
wanted mounts relative to machined.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR fixes a small bug where we weren't properly checking the value
of a net.ParseIP() call and setting the hostname to the first octet of
an IP.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This allows to do `make test TESTPKGS=./internal/app/machined`.
Also update Dockerfile slug as
https://github.com/moby/buildkit/pull/1081 was merged into master.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will connect to each trustd endpoint specified, returning once
successful. Closes#891.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will provide a basis for running e2e tests on GCE several times
a day. We'll need to add a cron event to the drone repo once merged.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
We need /etc/resolv.conf to be writable so that networkd can update it.
This change achieves this by creating a symlink at /etc/resolv.conf that
points to /var/resolv.conf.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This relies on two PRs to the buildkit:
* https://github.com/moby/buildkit/pull/1081
* https://github.com/moby/buildkit/pull/1085
Sysfs fix was merged to upstream, so updated tag, while using
`Dockerfile` slug I can switch to dockerfile2llb with support for
`--security=insecure`.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will fix a bug where the non-init nodes were not generating
their certs locally and relying on trustd instead. This broke down
because we aren't saving the CA key when we're generating with the
trustd identity function (because we don't need it for workers).
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR is needed so that the eth0 device will have the proper mtu when
coming online in google cloud
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
We should only set the hostname to the actual host name instead of FQDN.
This hasnt been much of an issue, but GCE does return the FQDN for the
hostname field in dhcp.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This PR adds the ability to set mtu for the cluster create networks.
Default is 1440, which seems to be the default for calico.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
Without this, the check for the existence of the symlinks created in the
rootfs preparation step will always fail. On a reboot init will fail
because it tries to create a symlink that already exists.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
In order to accomodate the various ways that SSL certs are managed by
the different Linux distros, kubeadm creates control plane compoents
with volume mounts of the type DirectoryOrCreate to all well known SSL
cert locations. This change creates symlinks to /etc/ss/certs at all the
well known paths to account for the fact that the rootfs is read-only.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Switch from `StringSliceVar` to `StringArrayVar` to maintain commas
in kernel args.
Update entrypoint script to allow specifying extra kernel args.
Remove default console settings in kernel config.
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
Now that we manage dependencies manually, we need to explicitly build
the kernel target so that vmlinuz and vmlinux are placed into the build
directory.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
