IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This PR adds a new controller - `DNSServerController` that starts tcp and udp dns servers locally. Just like `EtcFileController` it monitors `ResolverStatusType` and updates the list of destinations from there.
Most of the caching logic is in our "lobotomized" "`CoreDNS` fork. We need this fork because default `CoreDNS` carries
full Caddy server and various other modules that we don't need in Talos. On our side we implement
random selection of the actual dns and request forwarding.
Closes#7693
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixed the set of same links in 1.4, 1.5, 1.6, and 1.7, with an exception
of a link in 1.4 where the it links to boot assets and boot assets, if
we were to place a copy in that version, is missing a bunch of
supporting links. Opted to skip that update, as that documentation is
unsupported.
Signed-off-by: edwinavalos <edwin.a.avalos@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR sets proper defaults based on the series of talos. Defaults to last release in each series.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Add support for using the GOVC_NETWORK environment variable to determine which vSphere vSwitch PortGroup to use.
This checks if the GOVC_NETWORK environment variable is set, if that's the case, use that value. If not, continue with the default PortGroup (VM Network) as before.
Checks added for both control plane and worker nodes.
Signed-off-by: Christian Mohn <christian@drible.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
After the JSON schema is generated in a build container, copy it over to the host, so it becomes a part of the codebase.
This is required as the location of the schema changed recently from being under `pkg/machinery/config/types/` to be under `pkg/machinery/config/schemas/`.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Fixes#8186
This is planned to be backported to Talos 1.6.3.
This allows to pass large META values (YAML for platform network
configuration) which might otherwise exceed the limit for kernel
command line params.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add missing `--talosconfig` flag to setting up vmtoolds secret step.
Signed-off-by: ExtraClock <35864862+ExtraClock@users.noreply.github.com>
Signed-off-by: Noel Georgi <git@frezbo.dev>
This is currently no-op, just noticed that while looking into another
bug. This should make the intention more clean.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use custom pkgs repository by setting PKGS_PREFIX as argument.
Signed-off-by: Anthony ARNAUD <github@anthony-arnaud.fr>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The audit policy is marked as `merge: replace`, but there's no check for
zero value. So the problem is that any patch which has `cluster:`
section zeroes out previously set `cluster.apiServer.auditPolicy`.
Add regression tests.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8157
This PR contains two fixes, both related to the same problem.
Several routes for different links but same IPv6 destination might exist
at the same time, so route resource ID should handle that. The problem
was that these routes were mis-reported causing internally updates for
the same resources multiple times (equal to the number of the links).
Don't trigger controllers more often than 10 times/seconds (with burst of
5) for kernel notifications. This ensures Talos doesn't try to reflect
current state of the network subsystem too often as resources, which
causes excessive CPU usage and might potentially lead to the buffer
overrun under high rate of changes.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
PEM was converted to DER incorrectly when the output was a X509 certificate and not a public key.
Skip unnecessary parsing of it to an RSA public key before writing it in DER format as output.
Simplify the code as we do not generate `*-signing-public-key.pem` anymore.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Rework docgen to scan a whole directory for multidoc config types recursively and generate a single schema for all of them.
Annotate the files which need to be scanned by docgen while generating a schema by `//docgen:jsonschema`.
Move and rename the schema.
Bring back schema tests.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Before this change KubePrism used hardcoded "localhost" as destination which Go could resolve to IPv6 destination and
then fail to connect to. This change forces KubePrism to connect using IPv4 and uses hardcoded "127.0.0.1" destination so
it will always use IPv4.
For #8112
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
When the dashboard is used via the CLI through a proxy, e.g., through Omni, node names or IDs can be used in the `--nodes` flag instead of the IPs.
This caused rendering inconsistencies in the dashboard, as some parts of it used the IPs and some used the names passed in the context.
Fix this by collecting all node IPs on dashboard start, and map these IPs to the respective nodes passed as the `--nodes` flag.
On the dashboard footer, we always display the node names as they are passed in the `--nodes` flag.
As part of it, remove the node list change reactivity from the dashboard, so it will always take the passed nodes as the truth.
The IP to node mapping collection at dashboard startup also solves another issue where the first API call by the dashboard triggered the interactive API authentication (e.g., the OIDC flow). Previously, because the terminal was already switched to the raw mode, it was not possible to authenticate properly.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Use `replace` patch merging strategy for `portSelector.ports` and `ingress`es in `NetworkRuleConfig` document, so that they do not have duplicate entries and/or fail on port range validation.
Closessiderolabs/talos#8136.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Add missing attributes to conversion of go-blockdevice disk
to protobuf disk.
Signed-off-by: Jonomir <68125495+Jonomir@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We will use the default IPv6 gateway priority as 2048.
The RA default is 1024, which leads to verbose messages such as 'error adding route: netlink receive: file exists.'
Azure uses DHCPv6 and RA for configuring IPv6 on the node.
The platform sets the default gateway as a fallback in case 'accept_ra' is not set to 2.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This allows to pass direct URLs to Image Factory assets for disk
image/ISO/vmlinuz/initramfs, so that we can test Image Factory with
Talos.
Also add an integration test for Image Factory.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This filemap is used to generate installer image layer with artifacts.
Previous dumb implementation buffered in memory which leads to extensive
memory usage.
See https://github.com/siderolabs/image-factory/issues/77
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Only Talos 1.5+ provides proper optimized image,
Talos 1.4 provided a single-layer image (which worked in this case),
while Talos 1.2-1.3 have multi-layered images which can't be replaced
easily.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add some quirks to make images generated with newer Talos compatible
with images generated by older Talos.
Specifically, reset options were adding in Talos 1.4, so we shouldn't
add them for older versions.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Without truncate the file was not overwritten properly if the file with
the same name already exists and has smaller size.
Fixes#8097
Also add a 10 second timeout on UEFI ISO boot, so that boot menu can be
seen without pressing `Esc` many times.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add note to try spamming Esc to bring up the sd-boot menu option if keys
don't automatically enroll in UEFI firmware.
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
This embeds a tiny TFTP server which serves UEFI iPXE which embeds a
script that chainloads a given iPXE script.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The previous code was a mistake, the public part of the certificate is
more easily available.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is going to be multipart effort to finally use safe.* wrappers in the production code.
Quick regexp search shows that there are around 150 direct type assertions on resources (excluding the ones in this commit).
Also - migrate from `interface{}` to `any` and use `slices.Sort*` instead of `sort.*` where possible.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
When creating an image under non-default mount prefix, it should be
used explicitly when copying SBC files.
See https://github.com/siderolabs/image-factory/issues/65
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Updated lots of documentation with new/updated flows.
Provide What's New for Talos 1.6.0.
Update Troubleshooting guide to cover more steps.
Make Talos 1.6 docs the default.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
