IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This provides binary compatibility for really old binaries using 32-bit
time.
See also: talos-systems/pkgs#259
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This provides a variable to build core Talos components with race
detector enabled: `make initramfs WITH_RACE=yes`.
Also refactored and DRYed up the build code exposing common build/link
flags via the Makefile.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Tests for ApplyConfig API were relying on not really supported behavior
of modifying config via the `Provider` interface (and it was "fixed" in
another PR which cleans up such access to the configuration).
Cluster version bumped to try to workaround strange CAPI bootstrap
failures in e2e-capi.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
- Table row selection was 1 element off, so disk selector wasn't quite
working.
- Reduce amount of interfaces on the last screen: show only ones that
have physical addresses (changing some settings for lo0 for example was
making TUI generate incorrect configs)
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
This avoids data race on config access: config object might be accessed
concurrently and it should be read-only on access.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes: https://github.com/talos-systems/talos/issues/3384
Instead of doing simple `--no-comments` flag, decided to use more
granular approach which allows to either disable examples, or docstring,
or both.
Thus the command looks like this:
```bash
talosctl gen config --with-docs=false --with-examples=false <...>
```
Both are enabled by default to provide better UX for users learning
Talos.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Containerd API to pass stdin to the container is far from being perfect,
but it seems to contain a race condition we can't avoid: if `NewTask()`
fails, it starts the I/O loop in a goroutine, but never stops it. We
can't stop it as well, as `NewTask()` failed, so to workaround this
failure, copy the stdin into new reader on each access.
This copying shouldn't be a big deal for us, as it's just machine
configuration and it's tiny.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This is a complete rewrite of time sync process.
Now the time sync process starts early at boot time, and it adapts to
configuration changes:
* before config is available, `pool.ntp.org` is used
* once config is available, configured time servers are used
Controller updates same time sync resource as other controllers had
dependency on, so they have a chance to wait for the time sync event.
Talos services which depend on time now wait on same resource instead of
waiting on timed health.
New features:
* time sync now sticks to the particular time server unless there's an
error from that server, and server is changed in that case, this
improves time sync accuracy
* time sync acts on config changes immediately, so it's possible to
reconfigure time sync at any time
* there's a new 'epoch' field in time sync resources which allows
time-dependent controllers to regenerate certs when there's a big enough
jump in time
Features to implement later:
* apid shouldn't depend on timed, it should be started early and it
should regenerate certs on time jump
* trustd should be updated in same way
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Follow-up for #3383
I added couple of first tests, we should add more as we go through this
code. Even with those tests, I found and fixed two more panics.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes: https://github.com/talos-systems/talos/issues/3377, https://github.com/talos-systems/talos/issues/3380
Fixed the data race in the encoder documentation examples by using `sync.Once`.
We only need to generate them once anyways and then it's not a big deal
that we are using the same pointers everywhere as they're pretty much
constant.
As of `system.go`, looks like we actually have concurrent operations for
partitions unmount so I just added a mutex there.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
The command `--remove-initialized-key` is the last resort to convert
control plane when control plane is down for whatever reason, so it
should work when control plane is not available.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR updates our AWS docs so that we specify a tag when creating
instances. This makes it easier to know which VMs were created as part
of this process, as well as quickly spot the init node.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR just fixes a teeny usability problem I saw yesterday with Steve,
where it's not immediately clear that you don't have to type the entire
word when you encounter an existing context when pulling kubeconfig.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This does proper caching for Go modules so that when go.mod/go.sum are
changed, only updated modules are downloaded vs. all of them.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Very easily reproduced when you start a node with a Dynamic IP.
Normally it should renew lease after TTL/2, but that doesn't happen, so
the node starts to get next IP one after another.
After looking at packets sent by other clients, found out that they
have `Client IP address` equal to the IP given by the DHCP server.
Additionally, changed DHCP client to send Request packets directly to the DHCP server after getting an offer.
It looks like DHCP spec states that you should use unicast request directly to DHCP server, not broadcast.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
This PR fixes a bug where, only when init nodes were used, we were
throwing an error during validation if there were no URLs in the list
for custom CNIs. We actually allow this empty list now so folks can
BYO-CNI.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR fixes a docs bug where the name of the kernel and init to
download were incorrect for qemu.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This moves implementation of the user-facing APIs to the machined, and
as now all the APIs are implemented by machined, remove routerd and
adjust apid to proxy to machined.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes: https://github.com/talos-systems/talos/issues/3323
Not exactly matching with udevd generated `by-<id>` symlinks, but should
provide sufficient amount of property selectors to be able to pick
specific disks for any kind of disk: sd card, hdd, ssd, nvme.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
This removes container images for the aforementioned services, they are
now built into `machined` executable which launches one or another
service based on `argv[0]`.
Containers are started with rootfs directory which contains only a
single executable file for the service.
This creates rootfs on squashfs for each container in
`/opt/<container>`.
Service `networkd` is not touched as it's handled in #3350.
This removes all the image imports, snapshots and other things which
were associated with the existing way to run containers.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This removes networkd as a separate container and image.
Reasons:
* `machined` becomes more and more bound into the core flow - now it
interacts with `etcd` for VIPs, so container has more and more
mounts/permissions
* it should be easier to COSIfy machined piece by piece if we have it
running in the same process
* initramfs size
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
There are two APIs and `talosctl` commands:
* `etcd leave` removes the member from the cluster and removes etcd
data directory for the called node
* `etcd remove-member <node>` removes some other node from the etcd
cluster, but it doesn't affect called node state
This fixes confusing naming of the methods vs. what they're doing.
Fixes#3340
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Cobra does not hook the ZSH completion rules, as it appears. Tools with
working ZSH cobra completion (helm, kubectl) do so by printing the hook
(`compdef _<completion> <tool>`) themselves.
Fixes#3318
Signed-off-by: Jorik Jonker <jorik@kippendief.biz>
First, if the config for some component image (e.g. `apiServer`) is empty,
Talos pushes default image which is unknown to the script, so verify
that change is not no-op, as otherwise script will hang forvever waiting
for k8s control plane config update.
Second, with bootkube bootstrap it was fine to omit explicit kubernetes
version in upgrade test, but with Talos-managed that means that after
Talos upgrade Kubernetes gets upgraded as well (as Talos config doesn't
contain K8s version, and defaults are used). This is not what we want to
test actually.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
