IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
First of all, this interface is way more performant than `pcap`
interface. It is Linux-specific, but we don't care in Talos Linux :)
Second, this drop dependency of `machined` on `gopacket/layers` package,
which has huge issues with memory allocations and startup time.
This cuts around 20MiB of process RSS for all Talos processes.
(`talosctl` still requires this `gopacket/layers` library for decoding
packets).
Fixes#7880
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
As Talos doesn't consume `.machine.install` if already installed, there
is no point in validating it once already installed.
This fixes a problem users often run into: after a reboot/upgrade the
system disk blockdevice name changes, due to the kernel upgrade, or just
unpredictable behavior of device discovery. Talos fails to boot as it
can't validate the machine config, while it's already installed, so
actual blockdevice name doesn't matter.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See https://github.com/siderolabs/image-factory/issues/44
Instead of using constants, use proper Talos version and kernel version
discovered from the image.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Document Image Factory in general, and also provide specific examples
for boot assets.
Secure Boot section is not covered, as we don't have Secure Boot support
(yet) in the Image Factory.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This leads to lots of unnecessary improts, as the chain from network
controllers is pretty long.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use fixed partition name instead of trying to auto-discover by label.
Auto-discovery by label might hit completely wrong blockdevice.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
`Input` is initialized with fields populated and at the end of the
function the fields are updated again with the same value
Signed-off-by: budimanjojo <budimanjojo@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See https://github.com/siderolabs/image-factory/issues/43
Two fixes:
* pass path to the dtb, uboot and rpi-firmware explicitly
* include dtb, uboot and rpi-firmware into arm64 installer image when
generated via imager (regular arm64 installer was fine)
(The generation of SBC images was not broken for Talos itself, but only
when used via Image Factory).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Before we started a reboot/shutdown/reset/upgrade action with the action tracker (`--wait`), we were setting a flag to prevent cobra from printing the returned error from the command.
This was to prevent the error from being printed twice, as the reporter of the action tracker already prints any errors occurred during the action execution.
But if the error happens too early - i.e. before we even started the status printer goroutine, then that error wouldn't be printed at all, as we have suppressed the errors.
This PR moves the suppression flag to be set after the status printer is started - so we still do not double-print the errors, but neither do we suppress any early-stage error from being printed.
Closessiderolabs/talos#7900.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This allows to "recover" secrets if the machine config was generated
first without explicitly saving secrets bundle.
Fixes#7895
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This was done pre-1.5, so time to drop compatibility shims to make things
less confusing.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit integrates the GOMEMLIMIT environment variable into shipped K8S
manifests when resources.limits.memory is defined. It is set to 95% of the
memory limit to optimize the performance of the Go garbage collector,
mitigating the risk of OOMKills in containerized environments.
When configuring the controller-manager or scheduler custom resources in
machine config, they where accepted, but ignored.
This commit adds Resources to NewControlPlaneSchedulerController and
NewControlPlaneControllerManagerController so machine config resources
Fixes#7874
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also update VIP and other network docs.
Signed-off-by: Oscar Utbult <oscar.utbult@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use MAC address over network interface name.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Can possible to change boot image size.
Change the default image size for some cloud platform.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add a note about service token issues.
Signed-off-by: Thomas Lemarchand <tlemarchand@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
* Set static gateway IPv6 if it possible.
Some cni do not work properly with ipv6, so we will fix it.
* Disable talos dashboard.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
These tests ensure that config generation for older versions of Talos is
stable as we move forward and introduce new features in the machine
configuration.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
There were weird hacks put into the tests, while each test already runs
in a temporary directory as 'working directory', so no hacks are needed.
Moreover, using fixed `/tmp/...` paths leads to test failures, as CI
runs docker & QEMU tests in parallel conflicting with each other.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
* support for local-hostname parameter
* support for hostnames passed via user-data (for Proxmox VE)
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
First of all, it breaks our backwards compatibility promises and breaks
documentation generation. Upstream `specs.Mount` might change at any
time.
The issue was that containerd 1.7.x brings in new `specs.Mount` which
contains extra fields which don't have `omitempty` for YAML, so
machinery always generates them which confuses old Talos versions.
Use a copy of the upstream struct with proper YAML tags, and also
provide a special trick to make sure if the upstream struct changes, we
have a chance to update our copy of the struct.
Also this fixes docs and JSON schema.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This does not fix the underlying digest mismatch issue, but does handle the error and should provide
further insight into issues (if present).
Refs: #7828
Signed-off-by: Thomas Way <thomas@6f.io>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When user follow instructions in document v1.5 and v1.6, curl will make
a request with invalid image URL, this correct image suffixes.
Fixes siderolabs#7809
Signed-off-by: mikucat0309 <admin@mikuc.at>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Move the common GRPC interceptor code for siderov1 auth into go-api-signature.
Refactor go-api-signature to attempt to read the known environment variables for service accounts.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
The conversion from TPM 2 hash algorithm to Go crypto algorithm will fail for
uncommon algorithms like SM3256. This can be avoided by checking the constants
directly, rather than converting them. It should also be fine to allow some non
SHA-256 PCRs.
Fixes: #7810
Signed-off-by: Thomas Way <thomas@6f.io>
Signed-off-by: Noel Georgi <git@frezbo.dev>
drop `UpdateEndpointSuite` suite since KubePrism is enabled by default
starting Talos 1.6 and the test never passes since K8s node is always
ready since it can connect to api server over KubePrism.
Signed-off-by: Noel Georgi <git@frezbo.dev>
When STATE is reset, we need to make sure we wipe the META keys
containing encryption config as well.
Fixes#7819
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
These cards are still relevant today at 10gbps and are cheaply available
for homelab use.
Signed-off-by: Jacob McSwain <jacob.a.mcswain@gmail.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
Replacing virtualbox cluster name with proxmox.
Signed-off-by: Mans Matulewicz <mans.matulewicz@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
It should be `--endpoints`.
Signed-off-by: Zachary Milonas <25948390+zmilonas@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This was a fix some time ago, but it was incorrect (missing `continue`),
which was failing the unit-tests.
Also fix a data race in another unit-test (which is unit-test only, not
affecting production).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
