default / e2e-forced-removal (push) Has been cancelled
default / e2e-scaling (push) Has been cancelled
default / e2e-short (push) Has been cancelled
default / e2e-short-secureboot (push) Has been cancelled
default / e2e-templates (push) Has been cancelled
default / e2e-upgrades (push) Has been cancelled
default / e2e-workload-proxy (push) Has been cancelled
The unique token flow was reworked to support machines running from PXE
and ISO.
As they do not support META persistence, Omni doesn't enforce secure
tokens for them.
But to distinguish machines and make the UUID conflict resolution to work,
Omni now calculates the node fingerprints out of the mac addresses of
all physical interfaces on the node.
So now each unique token consists of two parts:
- fingerprint.
- a random string.
Omni detects Talos installation on the machine in the following way:
- check if the pending machine status exists and it detected the system
disk.
- overwrite the previous check if the existing link was labeled with the
Talos being installed.
- lastly if the `MachineStatus` exists, overwrite all checks with the
installed label from it (ensures bare-metal provider workflow which
goes to installed to not installed and PXE booted).
Then when a machine joins Omni with some token, Omni checks if the
random part is equal. If it is equal, the machine is immediately
accepted.
If the random part is different and the fingerprint matches:
- if Talos is installed - reject the machine and log the warning in the
logs.
- if Talos is not installed - replace the existing link with the new one
(only if the request has a valid join token).
Then if nothing matches, the UUID conflict resolution kicks in.
Provisioner creates a `PendingMachine` which is marked with UUID
conflict label and `PendingMachineStatus` controller generates a random
UUID for the node.
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
New virtual resource `LabelsCompletion` can now be used to query all
labels.
And it works for any resources in the default namespace.
To get the completions for any resource it is enough to pass the full
resource type as the completions ID.
Labels input is reusable and can be enable for any views we need.
Both mouse and keyboard control works for the completion selection.
Labels now appear as the same boxes as they are displayed in the
machines and cluster lists.
Label completion search looks both in keys and values until you add `:`
to the line. Then it looks for keys that contain whatever is before `:`
with values that contain whatever is after `:`.
Fixes: https://github.com/siderolabs/omni/issues/24
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Omni is source-available under BUSL.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Co-Authored-By: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Co-Authored-By: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Co-Authored-By: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Co-Authored-By: Philipp Sauter <philipp.sauter@siderolabs.com>
Co-Authored-By: Noel Georgi <git@frezbo.dev>
Co-Authored-By: evgeniybryzh <evgeniybryzh@gmail.com>
Co-Authored-By: Tim Jones <tim.jones@siderolabs.com>
Co-Authored-By: Andrew Rynhard <andrew@rynhard.io>
Co-Authored-By: Spencer Smith <spencer.smith@talos-systems.com>
Co-Authored-By: Christian Rolland <christian.rolland@siderolabs.com>
Co-Authored-By: Gerard de Leeuw <gdeleeuw@leeuwit.nl>
Co-Authored-By: Steve Francis <67986293+steverfrancis@users.noreply.github.com>
Co-Authored-By: Volodymyr Mazurets <volodymyrmazureets@gmail.com>
