IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes#9466
There are two fixes:
* fix the actual panic via https://github.com/siderolabs/go-circular/pull/5
* prevent similar issues in the future by installing a panic handler
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 5853bb0ea4d6a65635086bdef617d6d0800cabd0)
Fix the flow when a failing key slot leads to repeated attempts to open
the volume, while it's already open, but the failure was to sync other
keys.
Refactor the code to get rid of variable assignment in the outer block
from closures.
Fixes#9415
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 0a2b4556c55eda27536ee563f60bcf5d69379479)
See https://github.com/grpc/grpc-go/releases/tag/v1.66.3
Specifically stream failures, I wonder if that is causing flaky
support script.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 6affbd3182ebe0209ed5433c534062b7ad672b6a)
See #9412
I'll keep the issue open to track upstream PR status and remove replace
directives.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit a341bdb0640294a07939670919c56cbfa7a861c4)
Fixes: #7081
Review all reservations and limits set, test under stress load (using
both memory and CPU).
The goal: system components (Talos itself) and runtime (kubelet, CRI)
should survive under extreme resource starvation (workloads consuming
all CPU/memory).
Uses #9337 to visualize changes, but doesn't depend on it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 6b15ca19cd1291b8a245d72d5153827945cad037)
Run SideroLink API server via TLS with self-signed certificate, inject
that certificate into Talos via `talos.config.inline=`.
Fix a couple of place where our special TLS root CA provider supporting
reloading on the fly was not used.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 8d6884a8e28e1bfa29f9a479e0f7179819cf70cd)
This implements the first round of changes, replacing the volume backend
with the new implementation, while keeping most of the external
interfaces intact.
See #8367
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update tools, pkgs, extras, Go dependencies, Go tools, etc.
Linux 6.6.47 and containerd 2.0.0-rc.4.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This will be useful for debugging SELinux implementation. Make API report other xattrs for further development like IMA/EVM
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Generating YAML using text templates is going to stop working because of
proper escaping.
Also fix unrelated issue with `cloud.google.com/go` module which got
split into submodules, and now this conflicts with each other.
Fixes#7180
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add a `runc-memfd-bind` service so that runc binary is not copied for
every `runc` invocation.
Fixes: #9007.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#8690
Consider the following scenario (e.g. OpenStack): platform issues a
correct list of DNS servers, which includes both IPv4 and IPv6
resolvers, and configures DHCPv4 on the interface.
DHCPv4 returns a set of IPv4 resolvers (as it can't return IPv6 ones),
and this list completely overrides the list from the platform, wiping
out the IPv6 resolvers completely.
With this change, the merge process is more smart, as it tries to
preserve IPv6 resolvers for example if the next layer provides no
resolvers for IPv6.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Bump github.com/siderolabs/grpc-proxy to v0.4.1 and replace deprecated calls to `grpc.CustomCodec`.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
`SortBonds` function bothered me since the last time I refactored this part.
We always know that it only accepts `network.LinkSpec`s, but we accepted the slice of untyped Resources because
this is what `List` method returns. Now we can do better, since `safe.List` now supports `Swap` method.
We can utilize `sort.Interface` and pass `safe.List` directly to `SortBonds`.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
The v1 version is no longer supported.
The major change is the decoding of link data, but we're not using it,
as we have our own decoders/encoders for a long time.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Azure SDK has a CVE, bump other modules.
Update `hydrophone` with my fixes which got merged upstream.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Detect CD devices, and set size to 0 for CD without media.
In user disk wipe tests, skip device mapper devices and CD-ROM.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update from github.com/coredns/coredns v1.11.2 to v1.11.3 and apply our changes.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Uses go-siderolabs/go-blockdevice/v2 for all the hard parts,
provides new resource `Disk` which describes all disks in the system.
Additional resource `SystemDisk` always point to the system disk (based
on the location of `META` partition).
The `Disks` API (and `talosctl disks`) provides a view now into the
`talosctl get disks` to keep backwards compatibility.
QEMU provisioner can now create extra disks of various types: IDE, AHCI,
SCSI, NVME, this allows to test detection properly.
The new resource will be the foundation for volume provisioning (to pick
up the disk to provision the volume on).
Example:
```
talosctl -n 172.20.0.5 get disks
NODE NAMESPACE TYPE ID VERSION SIZE READ ONLY TRANSPORT ROTATIONAL WWID MODEL SERIAL
172.20.0.5 runtime Disk loop0 1 65568768 true
172.20.0.5 runtime Disk nvme0n1 1 10485760000 false nvme nvme.1b36-6465616462656566-51454d55204e564d65204374726c-00000001 QEMU NVMe Ctrl deadbeef
172.20.0.5 runtime Disk sda 1 10485760000 false virtio true QEMU HARDDISK
172.20.0.5 runtime Disk sdb 1 10485760000 false sata true t10.ATA QEMU HARDDISK QM00013 QEMU HARDDISK
172.20.0.5 runtime Disk sdc 1 10485760000 false sata true t10.ATA QEMU HARDDISK QM00001 QEMU HARDDISK
172.20.0.5 runtime Disk vda 1 12884901888 false virtio true
```
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use shared locks, discover more partitions, some other small changes.
Re-enable the flaky test.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop BurntSushi one, and use /v2 of pelletier package.
There is indirect use of v1 which should hopefully go away once we move
away from sonobouy.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The maximum negative ttl (ttl for non-existent domain responses) was set to 1 hour, which is
too long. This PR decreases the maximum negative ttl to 10 seconds.
Also update CoreDNS module while we are at it.
Closes#8631
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
See https://github.com/siderolabs/go-tail/pull/2
It seems to pop up more with compressed logs, but overall makes sense to
be fixed.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
