diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 990c6bf47..549c4a20d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-24T14:29:42Z by kres 921213e.
+# Generated on 2025-04-01T10:44:44Z by kres d903dae.
name: default
concurrency:
@@ -441,7 +441,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -453,7 +453,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-aws-prepare
@@ -576,7 +576,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -588,7 +588,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions
@@ -731,7 +731,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -743,7 +743,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions
@@ -870,7 +870,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -998,7 +998,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -1080,7 +1080,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -1175,10 +1175,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -1191,9 +1189,9 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: conformance-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@@ -1201,7 +1199,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "6"
QEMU_MEMORY_WORKERS: "4096"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
TEST_MODE: fast-conformance
run: |
sudo -E make e2e-qemu
@@ -1287,7 +1285,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -1421,7 +1419,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -1433,7 +1431,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-gcp-prepare
@@ -1661,21 +1659,6 @@ jobs:
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- - name: iso
- if: github.event_name == 'schedule'
- env:
- IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- run: |
- make iso secureboot-iso
- - name: images-essential
- if: github.event_name == 'schedule'
- env:
- IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
- run: |
- make images-essential
- name: factory-1.7-iso
env:
FACTORY_BOOT_METHOD: iso
@@ -1835,7 +1818,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -1918,7 +1901,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -1930,7 +1913,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make image-metal-uki
- name: e2e-firewall
@@ -2045,7 +2028,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -2167,10 +2150,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -2183,16 +2164,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: e2e-no-cluster-discovery
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "false"
run: |
sudo -E make e2e-qemu
@@ -2202,7 +2183,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-kubespan
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "true"
WITH_KUBESPAN: "true"
run: |
@@ -2214,7 +2195,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-default-hostname
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
run: |
sudo -E make e2e-qemu
@@ -2227,7 +2208,7 @@ jobs:
QEMU_MEMORY_WORKERS: "1024"
QEMU_SYSTEM_DISK_SIZE: "10240"
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
run: |
sudo -E make e2e-qemu
- name: save artifacts
@@ -2314,7 +2295,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -2333,7 +2314,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-bios
@@ -2462,7 +2443,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -2572,10 +2553,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -2588,16 +2567,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: e2e-network-chaos
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_NETWORK_CHAOS: "yes"
run: |
sudo -E make e2e-qemu
@@ -2607,7 +2586,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_INJECTION_METHOD: metal-iso
run: |
sudo -E make e2e-qemu
@@ -2617,7 +2596,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_IOMMU: "yes"
run: |
sudo -E make e2e-qemu
@@ -2699,7 +2678,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -2828,10 +2807,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -2844,16 +2821,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: e2e-siderolink
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: "true"
run: |
@@ -2864,7 +2841,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tunnel
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: tunnel
run: |
@@ -2875,7 +2852,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tls
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: wireguard+tls
run: |
@@ -2894,7 +2871,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml'
run: |
sudo -E make e2e-qemu
@@ -2976,7 +2953,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3071,7 +3048,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3166,7 +3143,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3261,7 +3238,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3362,7 +3339,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3496,7 +3473,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3604,7 +3581,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3711,7 +3688,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -3809,25 +3786,23 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
+ - name: talosctl-cni-bundle
+ if: github.event_name == 'schedule'
+ run: |
+ make talosctl-cni-bundle
- name: images-essential-enforcing
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
make images-essential
- - name: talosctl-cni-bundle
- if: github.event_name == 'schedule'
- run: |
- make talosctl-cni-bundle
- name: e2e-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@@ -3835,7 +3810,7 @@ jobs:
QEMU_EXTRA_DISKS: "3"
QEMU_EXTRA_DISKS_DRIVERS: ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_USER_DISK: "true"
@@ -3919,7 +3894,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -4103,7 +4078,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -4116,7 +4091,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: secureboot-iso
@@ -4124,7 +4099,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
@@ -4220,7 +4195,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -4234,15 +4209,15 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: secureboot-iso
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
+ IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
+ PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
@@ -4250,7 +4225,7 @@ jobs:
EXTRA_TEST_ARGS: -talos.trustedboot -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot
IMAGE_REGISTRY: registry.dev.siderolabs.io
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_TRUSTED_BOOT_ISO: "true"
run: |
diff --git a/.github/workflows/integration-aws-cron.yaml b/.github/workflows/integration-aws-cron.yaml
index d5cb1c734..a2c2d698f 100644
--- a/.github/workflows/integration-aws-cron.yaml
+++ b/.github/workflows/integration-aws-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-aws-cron
concurrency:
@@ -82,7 +82,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -94,7 +94,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-aws-prepare
diff --git a/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml b/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml
index dd984ab60..f7cdb8f95 100644
--- a/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml
+++ b/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-aws-nvidia-nonfree-cron
concurrency:
@@ -86,7 +86,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -98,7 +98,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions
diff --git a/.github/workflows/integration-aws-nvidia-oss-cron.yaml b/.github/workflows/integration-aws-nvidia-oss-cron.yaml
index d21c744cf..0f90b4dfb 100644
--- a/.github/workflows/integration-aws-nvidia-oss-cron.yaml
+++ b/.github/workflows/integration-aws-nvidia-oss-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-aws-nvidia-oss-cron
concurrency:
@@ -86,7 +86,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -98,7 +98,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: checkout extensions
diff --git a/.github/workflows/integration-cilium-cron.yaml b/.github/workflows/integration-cilium-cron.yaml
index e47ee22c8..45ec7a0dc 100644
--- a/.github/workflows/integration-cilium-cron.yaml
+++ b/.github/workflows/integration-cilium-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-cilium-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-conformance-cron.yaml b/.github/workflows/integration-conformance-cron.yaml
index 7b264c6c1..ae0415fcb 100644
--- a/.github/workflows/integration-conformance-cron.yaml
+++ b/.github/workflows/integration-conformance-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-conformance-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-conformance-enforcing-cron.yaml b/.github/workflows/integration-conformance-enforcing-cron.yaml
index 26c4ba958..cfc35a0c2 100644
--- a/.github/workflows/integration-conformance-enforcing-cron.yaml
+++ b/.github/workflows/integration-conformance-enforcing-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-conformance-enforcing-cron
concurrency:
@@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -86,9 +84,9 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: conformance-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@@ -96,7 +94,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_CPUS_WORKERS: "6"
QEMU_MEMORY_WORKERS: "4096"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
TEST_MODE: fast-conformance
run: |
sudo -E make e2e-qemu
diff --git a/.github/workflows/integration-extensions-cron.yaml b/.github/workflows/integration-extensions-cron.yaml
index 785019e8f..0b7a24f36 100644
--- a/.github/workflows/integration-extensions-cron.yaml
+++ b/.github/workflows/integration-extensions-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-extensions-cron
concurrency:
@@ -74,7 +74,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-gcp-cron.yaml b/.github/workflows/integration-gcp-cron.yaml
index d61363c27..ffd32c0cc 100644
--- a/.github/workflows/integration-gcp-cron.yaml
+++ b/.github/workflows/integration-gcp-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-11T14:06:53Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-gcp-cron
concurrency:
@@ -82,7 +82,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -94,7 +94,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-gcp-prepare
diff --git a/.github/workflows/integration-image-factory-cron.yaml b/.github/workflows/integration-image-factory-cron.yaml
index 4dfd80f5e..c07220b8c 100644
--- a/.github/workflows/integration-image-factory-cron.yaml
+++ b/.github/workflows/integration-image-factory-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-image-factory-cron
concurrency:
@@ -84,21 +84,6 @@ jobs:
if: github.event_name == 'schedule'
run: |
make talosctl-cni-bundle
- - name: iso
- if: github.event_name == 'schedule'
- env:
- IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- run: |
- make iso secureboot-iso
- - name: images-essential
- if: github.event_name == 'schedule'
- env:
- IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
- run: |
- make images-essential
- name: factory-1.7-iso
env:
FACTORY_BOOT_METHOD: iso
diff --git a/.github/workflows/integration-images-cron.yaml b/.github/workflows/integration-images-cron.yaml
index b1dd61f87..2df25021f 100644
--- a/.github/workflows/integration-images-cron.yaml
+++ b/.github/workflows/integration-images-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-images-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-misc-0-cron.yaml b/.github/workflows/integration-misc-0-cron.yaml
index d3b8428df..162ff63e1 100644
--- a/.github/workflows/integration-misc-0-cron.yaml
+++ b/.github/workflows/integration-misc-0-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-0-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -82,7 +82,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make image-metal-uki
- name: e2e-firewall
diff --git a/.github/workflows/integration-misc-1-cron.yaml b/.github/workflows/integration-misc-1-cron.yaml
index 402c9e617..9187be8e0 100644
--- a/.github/workflows/integration-misc-1-cron.yaml
+++ b/.github/workflows/integration-misc-1-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-21T16:23:54Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-1-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-misc-1-enforcing-cron.yaml b/.github/workflows/integration-misc-1-enforcing-cron.yaml
index 1a5282d42..9c8bbee4f 100644
--- a/.github/workflows/integration-misc-1-enforcing-cron.yaml
+++ b/.github/workflows/integration-misc-1-enforcing-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
+# Generated on 2025-04-01T10:44:44Z by kres d903dae.
name: integration-misc-1-enforcing-cron
concurrency:
@@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -86,16 +84,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: e2e-no-cluster-discovery
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "false"
run: |
sudo -E make e2e-qemu
@@ -105,7 +103,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-kubespan
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "true"
WITH_KUBESPAN: "true"
run: |
@@ -117,7 +115,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-default-hostname
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
run: |
sudo -E make e2e-qemu
@@ -130,7 +128,7 @@ jobs:
QEMU_MEMORY_WORKERS: "1024"
QEMU_SYSTEM_DISK_SIZE: "10240"
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
run: |
sudo -E make e2e-qemu
- name: save artifacts
diff --git a/.github/workflows/integration-misc-2-cron.yaml b/.github/workflows/integration-misc-2-cron.yaml
index 379d27c5f..305b29b79 100644
--- a/.github/workflows/integration-misc-2-cron.yaml
+++ b/.github/workflows/integration-misc-2-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-14T10:24:50Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-2-cron
concurrency:
@@ -76,7 +76,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -95,7 +95,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: e2e-bios
diff --git a/.github/workflows/integration-misc-3-cron.yaml b/.github/workflows/integration-misc-3-cron.yaml
index 362bc7571..95a6d327c 100644
--- a/.github/workflows/integration-misc-3-cron.yaml
+++ b/.github/workflows/integration-misc-3-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-3-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-misc-3-enforcing-cron.yaml b/.github/workflows/integration-misc-3-enforcing-cron.yaml
index ac2b9d18d..e93e26584 100644
--- a/.github/workflows/integration-misc-3-enforcing-cron.yaml
+++ b/.github/workflows/integration-misc-3-enforcing-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-3-enforcing-cron
concurrency:
@@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -86,16 +84,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: e2e-network-chaos
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_NETWORK_CHAOS: "yes"
run: |
sudo -E make e2e-qemu
@@ -105,7 +103,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_INJECTION_METHOD: metal-iso
run: |
sudo -E make e2e-qemu
@@ -115,7 +113,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_IOMMU: "yes"
run: |
sudo -E make e2e-qemu
diff --git a/.github/workflows/integration-misc-4-cron.yaml b/.github/workflows/integration-misc-4-cron.yaml
index 0c3766be7..a7a29a2d5 100644
--- a/.github/workflows/integration-misc-4-cron.yaml
+++ b/.github/workflows/integration-misc-4-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-4-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-misc-4-enforcing-cron.yaml b/.github/workflows/integration-misc-4-enforcing-cron.yaml
index a5050d790..fe5b354b9 100644
--- a/.github/workflows/integration-misc-4-enforcing-cron.yaml
+++ b/.github/workflows/integration-misc-4-enforcing-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-misc-4-enforcing-cron
concurrency:
@@ -70,10 +70,8 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: talosctl-cni-bundle
@@ -86,16 +84,16 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: e2e-siderolink
env:
EXTRA_TEST_ARGS: -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: "true"
run: |
@@ -106,7 +104,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tunnel
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: tunnel
run: |
@@ -117,7 +115,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tls
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_SIDEROLINK_AGENT: wireguard+tls
run: |
@@ -136,7 +134,7 @@ jobs:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml'
run: |
sudo -E make e2e-qemu
diff --git a/.github/workflows/integration-provision-0-cron.yaml b/.github/workflows/integration-provision-0-cron.yaml
index c733601f7..f975f62d0 100644
--- a/.github/workflows/integration-provision-0-cron.yaml
+++ b/.github/workflows/integration-provision-0-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-provision-0-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-provision-1-cron.yaml b/.github/workflows/integration-provision-1-cron.yaml
index e6eca2d72..27ed5101b 100644
--- a/.github/workflows/integration-provision-1-cron.yaml
+++ b/.github/workflows/integration-provision-1-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-provision-1-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-provision-2-cron.yaml b/.github/workflows/integration-provision-2-cron.yaml
index 92b7c5b22..6f3645c05 100644
--- a/.github/workflows/integration-provision-2-cron.yaml
+++ b/.github/workflows/integration-provision-2-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-provision-2-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-qemu-cron.yaml b/.github/workflows/integration-qemu-cron.yaml
index 9cf96b0ee..e04a5d63e 100644
--- a/.github/workflows/integration-qemu-cron.yaml
+++ b/.github/workflows/integration-qemu-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-qemu-csi-longhorn-cron.yaml b/.github/workflows/integration-qemu-csi-longhorn-cron.yaml
index 2fa05de5e..e209da897 100644
--- a/.github/workflows/integration-qemu-csi-longhorn-cron.yaml
+++ b/.github/workflows/integration-qemu-csi-longhorn-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-04T16:42:28Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-csi-longhorn-cron
concurrency:
@@ -74,7 +74,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-qemu-csi-openebs-cron.yaml b/.github/workflows/integration-qemu-csi-openebs-cron.yaml
index 4d8e3bdf7..66434b1fd 100644
--- a/.github/workflows/integration-qemu-csi-openebs-cron.yaml
+++ b/.github/workflows/integration-qemu-csi-openebs-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-csi-openebs-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml b/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml
index cb9167758..d907fb753 100644
--- a/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml
+++ b/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-02-26T15:23:43Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-csi-rook-ceph-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-qemu-encrypted-vip-cron.yaml b/.github/workflows/integration-qemu-encrypted-vip-cron.yaml
index 0a77ad2ca..ba590f8e4 100644
--- a/.github/workflows/integration-qemu-encrypted-vip-cron.yaml
+++ b/.github/workflows/integration-qemu-encrypted-vip-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-encrypted-vip-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-qemu-enforcing-cron.yaml b/.github/workflows/integration-qemu-enforcing-cron.yaml
index 987912d32..c622efad4 100644
--- a/.github/workflows/integration-qemu-enforcing-cron.yaml
+++ b/.github/workflows/integration-qemu-enforcing-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-enforcing-cron
concurrency:
@@ -70,25 +70,23 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=enforcing=1
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
+ - name: talosctl-cni-bundle
+ if: github.event_name == 'schedule'
+ run: |
+ make talosctl-cni-bundle
- name: images-essential-enforcing
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
make images-essential
- - name: talosctl-cni-bundle
- if: github.event_name == 'schedule'
- run: |
- make talosctl-cni-bundle
- name: e2e-qemu
env:
EXTRA_TEST_ARGS: -talos.enforcing
@@ -96,7 +94,7 @@ jobs:
QEMU_EXTRA_DISKS: "3"
QEMU_EXTRA_DISKS_DRIVERS: ide,nvme
QEMU_EXTRA_DISKS_SIZE: "10240"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_USER_DISK: "true"
diff --git a/.github/workflows/integration-qemu-race-cron.yaml b/.github/workflows/integration-qemu-race-cron.yaml
index f4813599a..30c8f7a36 100644
--- a/.github/workflows/integration-qemu-race-cron.yaml
+++ b/.github/workflows/integration-qemu-race-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-04T13:59:07Z by kres 1281806.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-qemu-race-cron
concurrency:
@@ -70,7 +70,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
diff --git a/.github/workflows/integration-trusted-boot-cron.yaml b/.github/workflows/integration-trusted-boot-cron.yaml
index 5df0d4021..61a89212e 100644
--- a/.github/workflows/integration-trusted-boot-cron.yaml
+++ b/.github/workflows/integration-trusted-boot-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-21T15:51:32Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-trusted-boot-cron
concurrency:
@@ -76,7 +76,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -89,7 +89,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make images-essential
- name: secureboot-iso
@@ -97,7 +97,7 @@ jobs:
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
diff --git a/.github/workflows/integration-trusted-boot-enforcing-cron.yaml b/.github/workflows/integration-trusted-boot-enforcing-cron.yaml
index 6ede4f8fc..bd416ff4d 100644
--- a/.github/workflows/integration-trusted-boot-enforcing-cron.yaml
+++ b/.github/workflows/integration-trusted-boot-enforcing-cron.yaml
@@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
-# Generated on 2025-03-24T09:55:56Z by kres ec5ec04.
+# Generated on 2025-04-01T08:14:24Z by kres d903dae.
name: integration-trusted-boot-enforcing-cron
concurrency:
@@ -76,7 +76,7 @@ jobs:
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
@@ -90,15 +90,15 @@ jobs:
IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
PLATFORM: linux/amd64,linux/arm64
PUSH: "true"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
run: |
- make imager installer-base installer images-essential
+ make images-essential
- name: secureboot-iso
if: github.event_name == 'schedule'
env:
IMAGE_REGISTRY: registry.dev.siderolabs.io
- IMAGER_ARGS: --extra-kernel-arg=console=ttyS0
- PLATFORM: linux/amd64
+ IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1
+ PLATFORM: linux/amd64,linux/arm64
run: |
make secureboot-iso
- name: integration-trusted-boot
@@ -106,7 +106,7 @@ jobs:
EXTRA_TEST_ARGS: -talos.trustedboot -talos.enforcing
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot
IMAGE_REGISTRY: registry.dev.siderolabs.io
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_TRUSTED_BOOT_ISO: "true"
run: |
diff --git a/.kres.yaml b/.kres.yaml
index 451f2ea39..dd7991059 100644
--- a/.kres.yaml
+++ b/.kres.yaml
@@ -331,7 +331,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -384,27 +384,25 @@ spec:
conditions:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- environment:
- PLATFORM: linux/amd64
- IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
- IMAGE_REGISTRY: registry.dev.siderolabs.io
- PUSH: true
- - name: images-essential-enforcing
- command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
- IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
+ - name: images-essential-enforcing
+ command: images-essential
+ environment:
+ PLATFORM: linux/amd64,linux/arm64
+ IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
+ TAG_SUFFIX_OUT: -enforcing
+ IMAGE_REGISTRY: registry.dev.siderolabs.io
+ PUSH: true
- name: e2e-qemu
withSudo: true
environment:
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
QEMU_EXTRA_DISKS: "3"
@@ -451,7 +449,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -504,20 +502,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
- IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
- command: imager installer-base installer images-essential
+ command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: conformance-qemu
@@ -528,7 +524,7 @@ spec:
QEMU_CPUS_WORKERS: 6
QEMU_MEMORY_WORKERS: 4096
TEST_MODE: fast-conformance
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@@ -574,7 +570,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -584,14 +580,14 @@ spec:
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: secureboot-iso
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: integration-trusted-boot
@@ -646,26 +642,26 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
- command: imager installer-base installer images-essential
+ command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: secureboot-iso
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
- IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
+ PLATFORM: linux/amd64,linux/arm64
+ IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: integration-trusted-boot
command: e2e-qemu
@@ -674,7 +670,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot
VIA_MAINTENANCE_MODE: true
WITH_TRUSTED_BOOT_ISO: true
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: "-talos.trustedboot -talos.enforcing"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@@ -716,7 +712,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -767,7 +763,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -818,7 +814,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -869,7 +865,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -879,7 +875,7 @@ spec:
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-firewall
command: e2e-qemu
@@ -954,7 +950,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1035,20 +1031,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
- IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
- command: imager installer-base installer images-essential
+ command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: e2e-no-cluster-discovery
@@ -1058,7 +1052,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery
SHORT_INTEGRATION_TEST: yes
WITH_CLUSTER_DISCOVERY: false
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-kubespan
@@ -1069,7 +1063,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_CLUSTER_DISCOVERY: true
WITH_KUBESPAN: true
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-default-hostname
@@ -1080,7 +1074,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
VIA_MAINTENANCE_MODE: true
DISABLE_DHCP_HOSTNAME: true
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-min-requirements
@@ -1092,7 +1086,7 @@ spec:
QEMU_MEMORY_WORKERS: 1024
QEMU_MEMORY_CONTROLPLANES: 2048
QEMU_SYSTEM_DISK_SIZE: 10240
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@@ -1139,7 +1133,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1156,7 +1150,7 @@ spec:
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-bios
command: e2e-qemu
@@ -1245,7 +1239,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1314,20 +1308,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
- IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
- command: imager installer-base installer images-essential
+ command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: e2e-network-chaos
@@ -1337,7 +1329,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos
SHORT_INTEGRATION_TEST: yes
WITH_NETWORK_CHAOS: yes
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-metal-iso
@@ -1347,7 +1339,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso
SHORT_INTEGRATION_TEST: yes
WITH_CONFIG_INJECTION_METHOD: "metal-iso"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-iommu-pcidriverrebind
@@ -1357,7 +1349,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind
SHORT_INTEGRATION_TEST: yes
WITH_IOMMU: yes
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@@ -1399,7 +1391,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1487,20 +1479,18 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
- IMAGER_ARGS: "--extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- name: images-essential-enforcing
- command: imager installer-base installer images-essential
+ command: images-essential
environment:
PLATFORM: linux/amd64,linux/arm64
IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_OUT: -enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: e2e-siderolink
@@ -1511,7 +1501,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_SIDEROLINK_AGENT: true
VIA_MAINTENANCE_MODE: true
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-siderolink-tunnel
@@ -1522,7 +1512,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_SIDEROLINK_AGENT: tunnel
VIA_MAINTENANCE_MODE: true
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-siderolink-tls
@@ -1533,7 +1523,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_SIDEROLINK_AGENT: wireguard+tls
VIA_MAINTENANCE_MODE: true
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-apparmor
@@ -1551,7 +1541,7 @@ spec:
GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace
SHORT_INTEGRATION_TEST: yes
WITH_CONFIG_PATCH: "@hack/test/patches/usernamespace.yaml"
- TAG_SUFFIX: -enforcing
+ TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@@ -1595,7 +1585,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1675,7 +1665,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1755,7 +1745,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1810,7 +1800,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1876,7 +1866,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -1946,7 +1936,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -2037,7 +2027,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -2103,7 +2093,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -2166,7 +2156,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: images
@@ -2279,20 +2269,6 @@ spec:
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
- - name: iso
- conditions:
- - only-on-schedule
- command: iso secureboot-iso
- environment:
- IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
- IMAGE_REGISTRY: registry.dev.siderolabs.io
- - name: images-essential
- conditions:
- - only-on-schedule
- environment:
- PLATFORM: linux/amd64
- IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0"
- IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: factory-1.7-iso
command: e2e-image-factory
withSudo: true
@@ -2418,7 +2394,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -2428,7 +2404,7 @@ spec:
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-aws-prepare
environment:
@@ -2494,7 +2470,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -2504,7 +2480,7 @@ spec:
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: checkout extensions
checkoutStep:
@@ -2592,7 +2568,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -2602,7 +2578,7 @@ spec:
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: checkout extensions
checkoutStep:
@@ -2687,7 +2663,7 @@ spec:
- only-on-schedule
command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: talosctl-cni-bundle
@@ -2697,7 +2673,7 @@ spec:
conditions:
- only-on-schedule
environment:
- PLATFORM: linux/amd64
+ PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-gcp-prepare
- name: checkout contrib
diff --git a/Makefile b/Makefile
index fdf57ce7a..785d8d5c8 100644
--- a/Makefile
+++ b/Makefile
@@ -4,9 +4,12 @@ SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
TAG ?= $(shell git describe --tag --always --dirty --match v[0-9]\*)
ABBREV_TAG ?= $(shell git describe --tag --always --match v[0-9]\* --abbrev=0 )
TAG_SUFFIX ?=
+TAG_SUFFIX_IN ?= $(TAG_SUFFIX)
+TAG_SUFFIX_OUT ?= $(TAG_SUFFIX)
SOURCE_DATE_EPOCH ?= $(shell git log -1 --pretty=%ct)
IMAGE_REGISTRY ?= $(REGISTRY)
-IMAGE_TAG ?= $(TAG)$(TAG_SUFFIX)
+IMAGE_TAG_IN ?= $(TAG)$(TAG_SUFFIX_IN)
+IMAGE_TAG_OUT ?= $(TAG)$(TAG_SUFFIX_OUT)
BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
REGISTRY_AND_USERNAME := $(IMAGE_REGISTRY)/$(USERNAME)
NAME = Talos
@@ -24,7 +27,7 @@ EMBED_TARGET ?= embed
TOOLS_PREFIX ?= ghcr.io/siderolabs/tools
TOOLS ?= v1.10.0-alpha.0-23-g6d456ca
PKGS_PREFIX ?= ghcr.io/siderolabs
-PKGS ?= v1.10.0-alpha.0-69-g665f782
+PKGS ?= v1.10.0-alpha.0-72-g7d7323b
EXTRAS ?= v1.10.0-alpha.0-4-gc201b87
KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
@@ -355,10 +358,10 @@ local-%: ## Builds the specified target defined in the Dockerfile using the loca
docker-%: ## Builds the specified target defined in the Dockerfile using the docker output type. The build result will be output to the specified local destination.
@mkdir -p $(DEST)
- @$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
+ @$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG_OUT) $(TARGET_ARGS)"
registry-%: ## Builds the specified target defined in the Dockerfile using the image/registry output type. The build result will be pushed to the registry if PUSH=true.
- @$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)"
+ @$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG_OUT) $(TARGET_ARGS)"
hack-test-%: ## Runs the specified script in ./hack/test with well known environment variables.
@./hack/test/$*.sh
@@ -450,10 +453,10 @@ talosctl:
@$(MAKE) local-talosctl-targetarch DEST=$(ARTIFACTS)
image-%: ## Builds the specified image. Valid options are aws, azure, digital-ocean, gcp, and vmware (e.g. image-aws)
- @docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG)
+ @docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG_IN)
@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
arch=$$(basename "$${platform}") && \
- docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out -e SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch $$arch $(IMAGER_ARGS) ; \
+ docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out -e SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG_IN) $* --arch $$arch $(IMAGER_ARGS) ; \
done
.PHONY: images-essential
@@ -472,23 +475,23 @@ IMAGES_LIST :=
.PHONY: installer
installer: ## Builds the installer and outputs it to the artifact directory.
- @$(MAKE) image-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(IMAGER_ARGS)"
+ @$(MAKE) image-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(IMAGER_ARGS)"
@crane_args=""
@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
arch=$$(basename "$${platform}") && \
- image=$$(crane push $(ARTIFACTS)/installer-$${arch}.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}) && \
+ image=$$(crane push $(ARTIFACTS)/installer-$${arch}.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-$${arch}) && \
crane_args="$${crane_args} -m $${image}" ; \
done; \
- crane index append -t "${REGISTRY_AND_USERNAME}/installer:${IMAGE_TAG}" $${crane_args}
+ crane index append -t "${REGISTRY_AND_USERNAME}/installer:${IMAGE_TAG_OUT}" $${crane_args}
.PHONY: secureboot-installer
secureboot-installer: ## Builds UEFI only installer which uses UKI and push it to the registry.
- @$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(IMAGER_ARGS)"
+ @$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(IMAGER_ARGS)"
@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
arch=$$(basename "$${platform}") && \
- crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}-secureboot ; \
+ crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-$${arch}-secureboot ; \
done
.PHONY: talosctl-cni-bundle
@@ -519,10 +522,10 @@ uki-certs: talosctl ## Generate test certificates for SecureBoot/PCR Signing
.PHONY: cache-create
cache-create: installer imager ## Generate image cache.
@docker run --entrypoint /usr/local/bin/e2e.test registry.k8s.io/conformance:$(KUBECTL_VERSION) --list-images | \
- $(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG) --registry-and-user=$(REGISTRY_AND_USERNAME) | \
+ $(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG_IN) --registry-and-user=$(REGISTRY_AND_USERNAME) | \
$(TALOSCTL_EXECUTABLE) images cache-create --image-cache-path=/tmp/cache.tar --images=- --force
- @crane push /tmp/cache.tar $(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG)
- @$(MAKE) image-iso IMAGER_ARGS="--image-cache=$(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG) --extra-kernel-arg='console=ttyS0'"
+ @crane push /tmp/cache.tar $(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG_OUT)
+ @$(MAKE) image-iso IMAGER_ARGS="--image-cache=$(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG_OUT) --extra-kernel-arg='console=ttyS0'"
# Code Quality
@@ -600,8 +603,8 @@ e2e-%: $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 external-artifacts
TAG=$(TAG) \
SHA=$(SHA) \
REGISTRY=$(IMAGE_REGISTRY) \
- IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG) \
- INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) \
+ IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG_IN) \
+ INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_IN) \
ARTIFACTS=$(ARTIFACTS) \
TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \
INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 \
@@ -633,9 +636,9 @@ provision-tests-track-%:
installer-with-extensions: $(ARTIFACTS)/extensions/_out/extensions-metadata
$(MAKE) image-installer \
- IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | $(EXTENSIONS_FILTER_COMMAND) | xargs -n 1 echo --system-extension-image)"
- crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions
- INSTALLER_IMAGE_EXTENSIONS="$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions" yq eval -n '.machine.install.image = strenv(INSTALLER_IMAGE_EXTENSIONS)' > $(ARTIFACTS)/installer-extensions-patch.yaml
+ IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | $(EXTENSIONS_FILTER_COMMAND) | xargs -n 1 echo --system-extension-image)"
+ crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-amd64-extensions
+ INSTALLER_IMAGE_EXTENSIONS="$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-amd64-extensions" yq eval -n '.machine.install.image = strenv(INSTALLER_IMAGE_EXTENSIONS)' > $(ARTIFACTS)/installer-extensions-patch.yaml
kubelet-fat-patch:
K8S_VERSION=$(KUBECTL_VERSION) yq eval -n '.machine.kubelet.image = "ghcr.io/siderolabs/kubelet:" + strenv(K8S_VERSION) + "-fat"' > $(ARTIFACTS)/kubelet-fat-patch.yaml
@@ -687,7 +690,7 @@ push: ## Pushes the installer, imager, talos and talosctl images to the configur
@$(MAKE) talosctl-image PUSH=true
push-%: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the specified tag (e.g. push-latest).
- @$(MAKE) push IMAGE_TAG=$*
+ @$(MAKE) push IMAGE_TAG_OUT=$*
.PHONY: clean
clean: ## Cleans up all artifacts.
@@ -695,11 +698,11 @@ clean: ## Cleans up all artifacts.
.PHONY: image-list
image-list: ## Prints a list of all images built by this Makefile with digests.
- @echo -n installer installer-base talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})'
+ @echo -n installer installer-base talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG_IN)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})'
.PHONY: sign-images
sign-images: ## Run cosign to sign all images built by this Makefile.
- @for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG=$(IMAGE_TAG)); do \
+ @for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG_IN=$(IMAGE_TAG_IN)); do \
echo '==>' $$image; \
cosign verify $$image --certificate-identity-regexp '@siderolabs\.com$$' --certificate-oidc-issuer https://accounts.google.com || \
cosign sign --yes $$image; \
diff --git a/api/resource/definitions/block/block.proto b/api/resource/definitions/block/block.proto
index 07a28dfdd..26ca5c56f 100755
--- a/api/resource/definitions/block/block.proto
+++ b/api/resource/definitions/block/block.proto
@@ -126,6 +126,10 @@ message MountSpec {
string selinux_label = 2;
bool project_quota_support = 3;
string parent_id = 4;
+ uint32 file_mode = 5;
+ int64 uid = 6;
+ int64 gid = 7;
+ bool recursive_relabel = 8;
}
// MountStatusSpec is the spec for MountStatus.
@@ -156,6 +160,12 @@ message ProvisioningSpec {
FilesystemSpec filesystem_spec = 4;
}
+// SymlinkProvisioningSpec is the spec for volume symlink.
+message SymlinkProvisioningSpec {
+ string symlink_target_path = 1;
+ bool force = 2;
+}
+
// SymlinkSpec is the spec for Symlinks resource.
message SymlinkSpec {
repeated string paths = 1;
@@ -181,6 +191,7 @@ message VolumeConfigSpec {
LocatorSpec locator = 4;
MountSpec mount = 5;
EncryptionSpec encryption = 6;
+ SymlinkProvisioningSpec symlink = 7;
}
// VolumeMountRequestSpec is the spec for VolumeMountRequest.
@@ -217,5 +228,7 @@ message VolumeStatusSpec {
MountSpec mount_spec = 15;
talos.resource.definitions.enums.BlockVolumeType type = 16;
repeated string configured_encryption_keys = 17;
+ SymlinkProvisioningSpec symlink_spec = 18;
+ string parent_id = 19;
}
diff --git a/api/resource/definitions/enums/enums.proto b/api/resource/definitions/enums/enums.proto
index d1df81d77..051d97ffc 100755
--- a/api/resource/definitions/enums/enums.proto
+++ b/api/resource/definitions/enums/enums.proto
@@ -401,6 +401,8 @@ enum BlockVolumeType {
VOLUME_TYPE_DISK = 1;
VOLUME_TYPE_TMPFS = 2;
VOLUME_TYPE_DIRECTORY = 3;
+ VOLUME_TYPE_SYMLINK = 4;
+ VOLUME_TYPE_OVERLAY = 5;
}
// CriImageCacheStatus describes image cache status type.
diff --git a/internal/app/machined/pkg/controllers/block/internal/volumes/close.go b/internal/app/machined/pkg/controllers/block/internal/volumes/close.go
index 57c9df744..d6bf77787 100644
--- a/internal/app/machined/pkg/controllers/block/internal/volumes/close.go
+++ b/internal/app/machined/pkg/controllers/block/internal/volumes/close.go
@@ -19,8 +19,8 @@ import (
// Close the encrypted volumes.
func Close(ctx context.Context, logger *zap.Logger, volumeContext ManagerContext) error {
switch volumeContext.Cfg.TypedSpec().Type {
- case block.VolumeTypeTmpfs, block.VolumeTypeDirectory:
- // tmpfs & directory volumes can be always closed
+ case block.VolumeTypeTmpfs, block.VolumeTypeDirectory, block.VolumeTypeSymlink, block.VolumeTypeOverlay:
+ // tmpfs, directory, symlink and overlay volumes can be always closed
volumeContext.Status.Phase = block.VolumePhaseClosed
return nil
diff --git a/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go b/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go
index 4daf703c0..040bec0cc 100644
--- a/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go
+++ b/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go
@@ -25,11 +25,12 @@ import (
//nolint:gocyclo,cyclop
func LocateAndProvision(ctx context.Context, logger *zap.Logger, volumeContext ManagerContext) error {
volumeContext.Status.MountSpec = volumeContext.Cfg.TypedSpec().Mount
+ volumeContext.Status.SymlinkSpec = volumeContext.Cfg.TypedSpec().Symlink
volumeType := volumeContext.Cfg.TypedSpec().Type
switch volumeType {
- case block.VolumeTypeTmpfs, block.VolumeTypeDirectory:
- // tmpfs & directory volumes are always ready
+ case block.VolumeTypeTmpfs, block.VolumeTypeDirectory, block.VolumeTypeSymlink, block.VolumeTypeOverlay:
+ // tmpfs, directory, symlink and overlays volumes are always ready
volumeContext.Status.Phase = block.VolumePhaseReady
return nil
diff --git a/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go b/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go
index dffc27583..175e9049c 100644
--- a/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go
+++ b/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go
@@ -82,6 +82,8 @@ func (d *DiskContext) ToCELContext() map[string]any {
type ManagerContext struct {
Cfg *block.VolumeConfig
Status *block.VolumeStatusSpec
+ ParentStatus *block.VolumeStatus
+ ParentFinalizer string
DiscoveredVolumes []*blockpb.DiscoveredVolumeSpec
Disks []DiskContext
diff --git a/internal/app/machined/pkg/controllers/block/mount.go b/internal/app/machined/pkg/controllers/block/mount.go
index d66050497..71b9fd3bf 100644
--- a/internal/app/machined/pkg/controllers/block/mount.go
+++ b/internal/app/machined/pkg/controllers/block/mount.go
@@ -7,7 +7,9 @@ package block
import (
"context"
"fmt"
+ "os"
"path/filepath"
+ "syscall"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/resource"
@@ -15,8 +17,12 @@ import (
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/gen/xslices"
"go.uber.org/zap"
+ "golang.org/x/sys/unix"
"github.com/siderolabs/talos/internal/pkg/mount/v2"
+ "github.com/siderolabs/talos/internal/pkg/selinux"
+ "github.com/siderolabs/talos/pkg/filetree"
+ "github.com/siderolabs/talos/pkg/machinery/constants"
"github.com/siderolabs/talos/pkg/machinery/resources/block"
)
@@ -203,12 +209,13 @@ func (ctrl *MountController) Run(ctx context.Context, r controller.Runtime, logg
mountTarget := volumeStatus.TypedSpec().MountSpec.TargetPath
mountFilesystem := volumeStatus.TypedSpec().Filesystem
+ rootPath := "/"
+
if mountHasParent {
- // mount target is a path within the parent mount
- mountTarget = filepath.Join(mountParentStatus.TypedSpec().Target, mountTarget)
+ rootPath = mountParentStatus.TypedSpec().Target
}
- if err = ctrl.handleMountOperation(logger, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus); err != nil {
+ if err = ctrl.handleMountOperation(logger, rootPath, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus); err != nil {
return err
}
@@ -217,7 +224,7 @@ func (ctrl *MountController) Run(ctx context.Context, r controller.Runtime, logg
func(mountStatus *block.MountStatus) error {
mountStatus.TypedSpec().Spec = *mountRequest.TypedSpec()
mountStatus.TypedSpec().Source = mountSource
- mountStatus.TypedSpec().Target = mountTarget
+ mountStatus.TypedSpec().Target = filepath.Join(rootPath, mountTarget)
mountStatus.TypedSpec().Filesystem = mountFilesystem
mountStatus.TypedSpec().EncryptionProvider = volumeStatus.TypedSpec().EncryptionProvider
mountStatus.TypedSpec().ReadOnly = mountRequest.TypedSpec().ReadOnly
@@ -264,6 +271,7 @@ func (ctrl *MountController) tearDownMountStatus(ctx context.Context, r controll
func (ctrl *MountController) handleMountOperation(
logger *zap.Logger,
+ rootPath string,
mountSource, mountTarget string,
mountFilesystem block.FilesystemType,
mountRequest *block.MountRequest,
@@ -271,24 +279,173 @@ func (ctrl *MountController) handleMountOperation(
) error {
switch volumeStatus.TypedSpec().Type {
case block.VolumeTypeDirectory:
- return ctrl.handleDirectoryMountOperation(mountTarget, volumeStatus)
+ return ctrl.handleDirectoryMountOperation(rootPath, mountTarget, volumeStatus)
+ case block.VolumeTypeOverlay:
+ return ctrl.handleOverlayMountOperation(logger, filepath.Join(rootPath, mountTarget), mountRequest, volumeStatus)
+ case block.VolumeTypeSymlink:
+ return ctrl.handleSymlinkMountOperation(logger, rootPath, mountTarget, mountRequest, volumeStatus)
case block.VolumeTypeTmpfs:
return fmt.Errorf("not implemented yet")
case block.VolumeTypeDisk, block.VolumeTypePartition:
- return ctrl.handleDiskMountOperation(logger, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus)
+ return ctrl.handleDiskMountOperation(logger, mountSource, filepath.Join(rootPath, mountTarget), mountFilesystem, mountRequest, volumeStatus)
default:
return fmt.Errorf("unsupported volume type %q", volumeStatus.TypedSpec().Type)
}
}
func (ctrl *MountController) handleDirectoryMountOperation(
- _ string,
- _ *block.VolumeStatus,
+ rootPath string,
+ target string,
+ volumeStatus *block.VolumeStatus,
) error {
- // [TODO]: implement me
- // - create directory if missing
- // - set SELinux label if needed
- // - set uid:gid if needed
+ targetPath := filepath.Join(rootPath, target)
+
+ if err := os.Mkdir(targetPath, volumeStatus.TypedSpec().MountSpec.FileMode); err != nil {
+ if !os.IsExist(err) {
+ return fmt.Errorf("failed to create target path: %w", err)
+ }
+
+ st, err := os.Stat(targetPath)
+ if err != nil {
+ return fmt.Errorf("failed to stat target path: %w", err)
+ }
+
+ if !st.IsDir() {
+ return fmt.Errorf("target path %q is not a directory", targetPath)
+ }
+ }
+
+ return ctrl.updateTargetSettings(targetPath, volumeStatus.TypedSpec().MountSpec)
+}
+
+//nolint:gocyclo
+func (ctrl *MountController) handleSymlinkMountOperation(
+ logger *zap.Logger,
+ rootPath string,
+ target string,
+ mountRequest *block.MountRequest,
+ volumeStatus *block.VolumeStatus,
+) error {
+ _, ok := ctrl.activeMounts[mountRequest.Metadata().ID()]
+ if ok {
+ return nil
+ }
+
+ targetPath := filepath.Join(rootPath, target)
+
+ st, err := os.Lstat(targetPath)
+ if err != nil && !os.IsNotExist(err) {
+ return fmt.Errorf("failed to stat target path: %w", err)
+ }
+
+ if st == nil {
+ // create the symlink
+ if err := os.Symlink(volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath, targetPath); err != nil {
+ return fmt.Errorf("failed to create symlink %q: %w", targetPath, err)
+ }
+
+ ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{}
+
+ return nil
+ }
+
+ if st.Mode()&os.ModeSymlink != 0 {
+ // if it's already a symlink, check if it points to the right target
+ symlinkTarget, err := os.Readlink(targetPath)
+ if err != nil {
+ return fmt.Errorf("failed to read symlink target: %w", err)
+ }
+
+ if symlinkTarget == volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath {
+ return nil
+ }
+ }
+
+ if !volumeStatus.TypedSpec().SymlinkSpec.Force {
+ return fmt.Errorf("target path %q is not a symlink to %q", targetPath, volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath)
+ }
+
+ // try to remove forcefully
+ if err := os.RemoveAll(targetPath); err != nil {
+ if !st.Mode().IsDir() {
+ return fmt.Errorf("failed to remove target path, and target is not a directory %s: %w", st.Mode(), err)
+ }
+
+ // try to remove all entries if it's a directory
+ entries, err := os.ReadDir(targetPath)
+ if err != nil {
+ return fmt.Errorf("failed to read target path: %w", err)
+ }
+
+ for _, entry := range entries {
+ if err := os.RemoveAll(filepath.Join(targetPath, entry.Name())); err != nil {
+ logger.Warn("failed to remove target path entry", zap.String("entry", entry.Name()), zap.Error(err))
+ }
+ }
+
+ ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{}
+
+ // return early, i.e. keep this as a directory
+ return nil
+ }
+
+ if err := os.Symlink(volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath, targetPath); err != nil {
+ return fmt.Errorf("failed to create symlink %q: %w", targetPath, err)
+ }
+
+ ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{}
+
+ return nil
+}
+
+//nolint:gocyclo
+func (ctrl *MountController) updateTargetSettings(
+ targetPath string,
+ mountSpec block.MountSpec,
+) error {
+ if err := os.Chmod(targetPath, mountSpec.FileMode); err != nil {
+ return fmt.Errorf("failed to chmod %q: %w", targetPath, err)
+ }
+
+ st, err := os.Stat(targetPath)
+ if err != nil {
+ return fmt.Errorf("failed to stat %q: %w", targetPath, err)
+ }
+
+ sysStat := st.Sys().(*syscall.Stat_t)
+
+ if sysStat.Uid != uint32(mountSpec.UID) || sysStat.Gid != uint32(mountSpec.GID) {
+ if mountSpec.RecursiveRelabel {
+ err = filetree.ChownRecursive(targetPath, uint32(mountSpec.UID), uint32(mountSpec.GID))
+ } else {
+ err = os.Chown(targetPath, mountSpec.UID, mountSpec.GID)
+ }
+
+ if err != nil {
+ return fmt.Errorf("failed to chown %q: %w", targetPath, err)
+ }
+ }
+
+ currentLabel, err := selinux.GetLabel(targetPath)
+ if err != nil {
+ return fmt.Errorf("failed to get current label %q: %w", targetPath, err)
+ }
+
+ if currentLabel == mountSpec.SelinuxLabel {
+ // nothing to do
+ return nil
+ }
+
+ if mountSpec.RecursiveRelabel {
+ err = selinux.SetLabelRecursive(targetPath, mountSpec.SelinuxLabel)
+ } else {
+ err = selinux.SetLabel(targetPath, mountSpec.SelinuxLabel)
+ }
+
+ if err != nil {
+ return fmt.Errorf("error setting label %q: %w", targetPath, err)
+ }
+
return nil
}
@@ -326,6 +483,14 @@ func (ctrl *MountController) handleDiskMountOperation(
return fmt.Errorf("failed to mount %q: %w", mountRequest.Metadata().ID(), err)
}
+ if !mountRequest.TypedSpec().ReadOnly {
+ if err = ctrl.updateTargetSettings(mountTarget, volumeStatus.TypedSpec().MountSpec); err != nil {
+ unmounter() //nolint:errcheck
+
+ return fmt.Errorf("failed to update target settings %q: %w", mountRequest.Metadata().ID(), err)
+ }
+ }
+
logger.Info("volume mount",
zap.String("volume", volumeStatus.Metadata().ID()),
zap.String("source", mountSource),
@@ -364,6 +529,52 @@ func (ctrl *MountController) handleDiskMountOperation(
return nil
}
+func (ctrl *MountController) handleOverlayMountOperation(
+ logger *zap.Logger,
+ mountTarget string,
+ mountRequest *block.MountRequest,
+ volumeStatus *block.VolumeStatus,
+) error {
+ if _, ok := ctrl.activeMounts[mountRequest.Metadata().ID()]; ok {
+ return nil
+ }
+
+ if volumeStatus.TypedSpec().ParentID != constants.EphemeralPartitionLabel {
+ return fmt.Errorf("overlay mount is not supported for %q", volumeStatus.TypedSpec().ParentID)
+ }
+
+ mountpoint := mount.NewVarOverlay(
+ []string{mountTarget},
+ mountTarget,
+ mount.WithFlags(unix.MS_I_VERSION),
+ mount.WithSelinuxLabel(volumeStatus.TypedSpec().MountSpec.SelinuxLabel),
+ )
+
+ unmounter, err := mountpoint.Mount(mount.WithMountPrinter(logger.Sugar().Infof))
+ if err != nil {
+ return fmt.Errorf("failed to mount %q: %w", mountRequest.Metadata().ID(), err)
+ }
+
+ if err = ctrl.updateTargetSettings(mountTarget, volumeStatus.TypedSpec().MountSpec); err != nil {
+ unmounter() //nolint:errcheck
+
+ return fmt.Errorf("failed to update target settings %q: %w", mountRequest.Metadata().ID(), err)
+ }
+
+ logger.Info("overlay mount",
+ zap.String("volume", volumeStatus.Metadata().ID()),
+ zap.String("target", mountTarget),
+ zap.String("parent", volumeStatus.TypedSpec().ParentID),
+ )
+
+ ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{
+ point: mountpoint,
+ unmounter: unmounter,
+ }
+
+ return nil
+}
+
func (ctrl *MountController) handleUnmountOperation(
logger *zap.Logger,
mountRequest *block.MountRequest,
@@ -371,23 +582,18 @@ func (ctrl *MountController) handleUnmountOperation(
) error {
switch volumeStatus.TypedSpec().Type {
case block.VolumeTypeDirectory:
- return ctrl.handleDirectoryUnmountOperation(mountRequest, volumeStatus)
+ return nil
case block.VolumeTypeTmpfs:
return fmt.Errorf("not implemented yet")
- case block.VolumeTypeDisk, block.VolumeTypePartition:
+ case block.VolumeTypeDisk, block.VolumeTypePartition, block.VolumeTypeOverlay:
return ctrl.handleDiskUnmountOperation(logger, mountRequest, volumeStatus)
+ case block.VolumeTypeSymlink:
+ return ctrl.handleSymlinkUmountOperation(mountRequest)
default:
return fmt.Errorf("unsupported volume type %q", volumeStatus.TypedSpec().Type)
}
}
-func (ctrl *MountController) handleDirectoryUnmountOperation(
- _ *block.MountRequest,
- _ *block.VolumeStatus,
-) error {
- return nil
-}
-
func (ctrl *MountController) handleDiskUnmountOperation(
logger *zap.Logger,
mountRequest *block.MountRequest,
@@ -413,3 +619,11 @@ func (ctrl *MountController) handleDiskUnmountOperation(
return nil
}
+
+func (ctrl *MountController) handleSymlinkUmountOperation(
+ mountRequest *block.MountRequest,
+) error {
+ delete(ctrl.activeMounts, mountRequest.Metadata().ID())
+
+ return nil
+}
diff --git a/internal/app/machined/pkg/controllers/block/mount_status_test.go b/internal/app/machined/pkg/controllers/block/mount_status_test.go
new file mode 100644
index 000000000..05c293f96
--- /dev/null
+++ b/internal/app/machined/pkg/controllers/block/mount_status_test.go
@@ -0,0 +1,90 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package block_test
+
+import (
+ "testing"
+ "time"
+
+ "github.com/cosi-project/runtime/pkg/resource"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/suite"
+
+ blockctrls "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/block"
+ "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
+ "github.com/siderolabs/talos/pkg/machinery/resources/block"
+)
+
+type MountStatusSuite struct {
+ ctest.DefaultSuite
+}
+
+func TestMountStatusSuite(t *testing.T) {
+ t.Parallel()
+
+ suite.Run(t, &MountStatusSuite{
+ DefaultSuite: ctest.DefaultSuite{
+ Timeout: 3 * time.Second,
+ AfterSetup: func(suite *ctest.DefaultSuite) {
+ suite.Require().NoError(suite.Runtime().RegisterController(&blockctrls.MountStatusController{}))
+ },
+ },
+ })
+}
+
+func (suite *MountStatusSuite) TestReconcile() {
+ mountStatus1 := block.NewMountStatus(block.NamespaceName, "volume1")
+ mountStatus1.TypedSpec().Spec = block.MountRequestSpec{
+ VolumeID: "volume1",
+ Requesters: []string{"requester1", "requester2"},
+ RequesterIDs: []string{"requester1/volume1", "requester2/volume1"},
+ }
+ mountStatus1.TypedSpec().Target = "/target"
+ suite.Create(mountStatus1)
+
+ // mount status is exploded into volume mount statuses
+ ctest.AssertResources(suite,
+ []resource.ID{"requester1/volume1", "requester2/volume1"},
+ func(vms *block.VolumeMountStatus, asrt *assert.Assertions) {
+ asrt.Equal("volume1", vms.Metadata().Labels().Raw()["mount-status-id"])
+ asrt.Equal("volume1", vms.TypedSpec().VolumeID)
+ asrt.Equal("/target", vms.TypedSpec().Target)
+ },
+ )
+
+ // mount status should now have a finalizer
+ ctest.AssertResource(suite, "volume1", func(ms *block.MountStatus, asrt *assert.Assertions) {
+ asrt.True(ms.Metadata().Finalizers().Has((&blockctrls.MountStatusController{}).Name()))
+ })
+
+ // add a finalizer for volume mount status
+ suite.AddFinalizer(block.NewVolumeMountStatus(block.NamespaceName, "requester1/volume1").Metadata(), "test-finalizer")
+
+ // now, teardown the mount status
+ ready, err := suite.State().Teardown(suite.Ctx(), mountStatus1.Metadata())
+ suite.Require().NoError(err)
+ suite.Assert().False(ready)
+
+ // volume mount status without finalizer should be removed
+ ctest.AssertNoResource[*block.VolumeMountStatus](suite, "requester2/volume1")
+
+ // volume mount status with finalizer should be tearing down
+ ctest.AssertResource(suite, "requester1/volume1", func(vms *block.VolumeMountStatus, asrt *assert.Assertions) {
+ asrt.Equal(resource.PhaseTearingDown, vms.Metadata().Phase())
+ })
+
+ // remove finalizer from volume mount status
+ suite.RemoveFinalizer(block.NewVolumeMountStatus(block.NamespaceName, "requester1/volume1").Metadata(), "test-finalizer")
+
+ // volume mount status should be destroyed
+ ctest.AssertNoResource[*block.VolumeMountStatus](suite, "requester1/volume1")
+
+ // now the mount status finalizers should be empty as well
+ ctest.AssertResource(suite, "volume1", func(ms *block.MountStatus, asrt *assert.Assertions) {
+ asrt.True(ms.Metadata().Finalizers().Empty())
+ })
+
+ suite.Destroy(mountStatus1)
+}
diff --git a/internal/app/machined/pkg/controllers/block/mount_test.go b/internal/app/machined/pkg/controllers/block/mount_test.go
new file mode 100644
index 000000000..38ca30af2
--- /dev/null
+++ b/internal/app/machined/pkg/controllers/block/mount_test.go
@@ -0,0 +1,152 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package block_test
+
+import (
+ "os"
+ "path/filepath"
+ "testing"
+ "time"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/suite"
+
+ blockctrls "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/block"
+ "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
+ "github.com/siderolabs/talos/pkg/machinery/resources/block"
+)
+
+type MountSuite struct {
+ ctest.DefaultSuite
+}
+
+func TestMountSuite(t *testing.T) {
+ t.Parallel()
+
+ suite.Run(t, &MountSuite{
+ DefaultSuite: ctest.DefaultSuite{
+ Timeout: 3 * time.Second,
+ AfterSetup: func(suite *ctest.DefaultSuite) {
+ suite.Require().NoError(suite.Runtime().RegisterController(&blockctrls.MountController{}))
+ },
+ },
+ })
+}
+
+func (suite *MountSuite) mountVolume(volumeID string) { //nolint:unparam
+ mountRequest := block.NewMountRequest(block.NamespaceName, volumeID)
+ mountRequest.TypedSpec().RequesterIDs = []string{"requester1/" + volumeID}
+ mountRequest.TypedSpec().Requesters = []string{"requester1"}
+ mountRequest.TypedSpec().VolumeID = volumeID
+ suite.Create(mountRequest)
+
+ // wait for the mount status to be created
+ ctest.AssertResource(suite, volumeID, func(*block.MountStatus, *assert.Assertions) {})
+}
+
+func (suite *MountSuite) TestSymlinkNew() {
+ dir := suite.T().TempDir()
+ targetPath := filepath.Join(dir, "target")
+
+ volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
+ volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
+ volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
+ SymlinkTargetPath: "/run",
+ Force: true,
+ }
+ volumeStatus.TypedSpec().MountSpec = block.MountSpec{
+ TargetPath: targetPath,
+ }
+ volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
+ suite.Create(volumeStatus)
+
+ suite.mountVolume("volume1")
+
+ // verify symlink
+ path, err := os.Readlink(targetPath)
+ suite.Require().NoError(err)
+ suite.Assert().Equal("/run", path)
+}
+
+func (suite *MountSuite) TestSymlinkExists() {
+ dir := suite.T().TempDir()
+ targetPath := filepath.Join(dir, "target")
+
+ // symlink already exists
+ suite.Require().NoError(os.Symlink("/run", targetPath))
+
+ volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
+ volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
+ volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
+ SymlinkTargetPath: "/run",
+ }
+ volumeStatus.TypedSpec().MountSpec = block.MountSpec{
+ TargetPath: targetPath,
+ }
+ volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
+ suite.Create(volumeStatus)
+
+ suite.mountVolume("volume1")
+
+ // verify symlink
+ path, err := os.Readlink(targetPath)
+ suite.Require().NoError(err)
+ suite.Assert().Equal("/run", path)
+}
+
+func (suite *MountSuite) TestSymlinkWrong() {
+ dir := suite.T().TempDir()
+ targetPath := filepath.Join(dir, "target")
+
+ // wrong symlink target
+ suite.Require().NoError(os.Symlink("/foo", targetPath))
+
+ volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
+ volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
+ volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
+ SymlinkTargetPath: "/run",
+ Force: true,
+ }
+ volumeStatus.TypedSpec().MountSpec = block.MountSpec{
+ TargetPath: targetPath,
+ }
+ volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
+ suite.Create(volumeStatus)
+
+ suite.mountVolume("volume1")
+
+ // verify symlink
+ path, err := os.Readlink(targetPath)
+ suite.Require().NoError(err)
+ suite.Assert().Equal("/run", path)
+}
+
+func (suite *MountSuite) TestSymlinkDirectory() {
+ dir := suite.T().TempDir()
+ targetPath := filepath.Join(dir, "target")
+
+ // non-empty directory structure
+ suite.Require().NoError(os.Mkdir(targetPath, 0o755))
+ suite.Require().NoError(os.Mkdir(filepath.Join(targetPath, "foo"), 0o755))
+
+ volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1")
+ volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink
+ volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{
+ SymlinkTargetPath: "/run",
+ Force: true,
+ }
+ volumeStatus.TypedSpec().MountSpec = block.MountSpec{
+ TargetPath: targetPath,
+ }
+ volumeStatus.TypedSpec().Phase = block.VolumePhaseReady
+ suite.Create(volumeStatus)
+
+ suite.mountVolume("volume1")
+
+ // verify symlink
+ path, err := os.Readlink(targetPath)
+ suite.Require().NoError(err)
+ suite.Assert().Equal("/run", path)
+}
diff --git a/internal/app/machined/pkg/controllers/block/user_disk_config.go b/internal/app/machined/pkg/controllers/block/user_disk_config.go
index ca625b5bf..f7726f7aa 100644
--- a/internal/app/machined/pkg/controllers/block/user_disk_config.go
+++ b/internal/app/machined/pkg/controllers/block/user_disk_config.go
@@ -216,10 +216,13 @@ func (ctrl *UserDiskConfigController) processUserDiskPartition(
targetPath = strings.TrimPrefix(targetPath, "/var/")
}
- // TODO: label user disks
vc.TypedSpec().Mount = block.MountSpec{
- TargetPath: targetPath,
- ParentID: parentID,
+ TargetPath: targetPath,
+ ParentID: parentID,
+ SelinuxLabel: constants.EphemeralSelinuxLabel,
+ FileMode: 0o755,
+ UID: 0,
+ GID: 0,
}
return nil
diff --git a/internal/app/machined/pkg/controllers/block/volume_config.go b/internal/app/machined/pkg/controllers/block/volume_config.go
index 9dd8dd486..c6026d508 100644
--- a/internal/app/machined/pkg/controllers/block/volume_config.go
+++ b/internal/app/machined/pkg/controllers/block/volume_config.go
@@ -8,6 +8,8 @@ import (
"context"
"encoding/json"
"fmt"
+ "os"
+ "path/filepath"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/safe"
@@ -198,6 +200,14 @@ func (ctrl *VolumeConfigController) Run(ctx context.Context, r controller.Runtim
); err != nil {
return fmt.Errorf("error creating ephemeral volume configuration: %w", err)
}
+
+ if err = ctrl.manageStandardVolumes(ctx, r); err != nil {
+ return fmt.Errorf("error creating standard volume configuration: %w", err)
+ }
+
+ if err = ctrl.manageOverlayVolumes(ctx, r); err != nil {
+ return fmt.Errorf("error creating overlay volume configuration: %w", err)
+ }
}
// [TODO]: this would fail as it doesn't handle finalizers properly
@@ -210,7 +220,11 @@ func (ctrl *VolumeConfigController) Run(ctx context.Context, r controller.Runtim
func (ctrl *VolumeConfigController) manageEphemeralInContainer(vc *block.VolumeConfig) error {
vc.TypedSpec().Type = block.VolumeTypeDirectory
vc.TypedSpec().Mount = block.MountSpec{
- TargetPath: constants.EphemeralMountPoint,
+ TargetPath: constants.EphemeralMountPoint,
+ SelinuxLabel: constants.EphemeralSelinuxLabel,
+ FileMode: 0o755,
+ UID: 0,
+ GID: 0,
}
return nil
@@ -247,6 +261,9 @@ func (ctrl *VolumeConfigController) manageEphemeral(config cfg.Config) func(vc *
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.EphemeralMountPoint,
SelinuxLabel: constants.EphemeralSelinuxLabel,
+ FileMode: 0o755,
+ UID: 0,
+ GID: 0,
ProjectQuotaSupport: config.Machine().Features().DiskQuotaSupportEnabled(),
}
@@ -268,7 +285,11 @@ func (ctrl *VolumeConfigController) manageEphemeral(config cfg.Config) func(vc *
func (ctrl *VolumeConfigController) manageStateInContainer(vc *block.VolumeConfig) error {
vc.TypedSpec().Type = block.VolumeTypeDirectory
vc.TypedSpec().Mount = block.MountSpec{
- TargetPath: constants.StateMountPoint,
+ TargetPath: constants.StateMountPoint,
+ SelinuxLabel: constants.StateSelinuxLabel,
+ FileMode: 0o700,
+ UID: 0,
+ GID: 0,
}
return nil
@@ -284,6 +305,9 @@ func (ctrl *VolumeConfigController) manageStateConfigPresent(config cfg.Config)
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.StateMountPoint,
SelinuxLabel: constants.StateSelinuxLabel,
+ FileMode: 0o700,
+ UID: 0,
+ GID: 0,
}
vc.TypedSpec().Provisioning = block.ProvisioningSpec{
@@ -328,6 +352,9 @@ func (ctrl *VolumeConfigController) manageStateNoConfig(encryptionMeta *runtime.
vc.TypedSpec().Mount = block.MountSpec{
TargetPath: constants.StateMountPoint,
SelinuxLabel: constants.StateSelinuxLabel,
+ FileMode: 0o700,
+ UID: 0,
+ GID: 0,
}
match := labelVolumeMatchAndNonEmpty(constants.StatePartitionLabel)
@@ -360,3 +387,184 @@ func (ctrl *VolumeConfigController) manageStateNoConfig(encryptionMeta *runtime.
return nil
}
}
+
+func (ctrl *VolumeConfigController) manageStandardVolumes(ctx context.Context, r controller.Runtime) error {
+ if err := safe.WriterModify(ctx, r,
+ block.NewVolumeConfig(block.NamespaceName, "/var/run"),
+ func(vc *block.VolumeConfig) error {
+ vc.TypedSpec().Type = block.VolumeTypeSymlink
+ vc.TypedSpec().Symlink = block.SymlinkProvisioningSpec{
+ SymlinkTargetPath: "/run",
+ Force: true,
+ }
+ vc.TypedSpec().Mount = block.MountSpec{
+ TargetPath: "/var/run",
+ }
+
+ return nil
+ },
+ ); err != nil {
+ return fmt.Errorf("error creating symlink volume configuration for /var/run: %w", err)
+ }
+
+ parentIDs := map[string]string{
+ "/var": constants.EphemeralPartitionLabel,
+ "/var/run": "/var/run",
+ }
+
+ for _, volume := range []struct {
+ ID string
+ Path string
+ Mode os.FileMode
+ UID int
+ GID int
+ Recursive bool
+ SELinuxLabel string
+ }{
+ // /var/log
+ {
+ Path: "/var/log",
+ Mode: 0o755,
+ SELinuxLabel: "system_u:object_r:var_log_t:s0",
+ },
+ {
+ Path: "/var/log/audit",
+ Mode: 0o700,
+ SELinuxLabel: "system_u:object_r:audit_log_t:s0",
+ },
+ {
+ Path: constants.KubernetesAuditLogDir,
+ Mode: 0o700,
+ UID: constants.KubernetesAPIServerRunUser,
+ GID: constants.KubernetesAPIServerRunGroup,
+ Recursive: true,
+ SELinuxLabel: "system_u:object_r:kube_log_t:s0",
+ },
+ {
+ Path: "/var/log/containers",
+ Mode: 0o755,
+ SELinuxLabel: "system_u:object_r:containers_log_t:s0",
+ },
+ {
+ Path: "/var/log/pods",
+ Mode: 0o755,
+ SELinuxLabel: "system_u:object_r:pods_log_t:s0",
+ },
+ // /var/lib
+ {
+ Path: "/var/lib",
+ Mode: 0o700,
+ SELinuxLabel: constants.EphemeralSelinuxLabel,
+ },
+ {
+ ID: constants.EtcdDataVolumeID,
+ Path: constants.EtcdDataPath,
+ SELinuxLabel: constants.EtcdDataSELinuxLabel,
+ Mode: 0o700,
+ UID: constants.EtcdUserID,
+ GID: constants.EtcdUserID,
+ Recursive: true,
+ },
+ {
+ Path: "/var/lib/containerd",
+ Mode: 0o000,
+ SELinuxLabel: "system_u:object_r:containerd_state_t:s0",
+ },
+ {
+ Path: "/var/lib/kubelet",
+ Mode: 0o700,
+ SELinuxLabel: "system_u:object_r:kubelet_state_t:s0",
+ },
+ {
+ Path: "/var/lib/cni",
+ Mode: 0o700,
+ Recursive: true,
+ SELinuxLabel: "system_u:object_r:cni_state_t:s0",
+ },
+ {
+ Path: "/var/lib/kubelet/seccomp",
+ Mode: 0o700,
+ SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0",
+ },
+ {
+ Path: constants.SeccompProfilesDirectory,
+ Mode: 0o700,
+ Recursive: true,
+ SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0",
+ },
+ // /var/run
+ {
+ Path: "/var/run/lock",
+ Mode: 0o755,
+ SELinuxLabel: "system_u:object_r:var_lock_t:s0",
+ },
+ } {
+ parentDir := filepath.Dir(volume.Path)
+ targetDir := filepath.Base(volume.Path)
+
+ parentID, ok := parentIDs[parentDir]
+ if !ok {
+ return fmt.Errorf("unknown parent directory volume %q for %q", parentDir, volume.Path)
+ }
+
+ volumeID := volume.Path
+
+ if volume.ID != "" {
+ volumeID = volume.ID
+ }
+
+ if err := safe.WriterModify(ctx, r,
+ block.NewVolumeConfig(block.NamespaceName, volumeID),
+ func(vc *block.VolumeConfig) error {
+ vc.TypedSpec().Type = block.VolumeTypeDirectory
+
+ vc.TypedSpec().Mount = block.MountSpec{
+ TargetPath: targetDir,
+ ParentID: parentID,
+ SelinuxLabel: volume.SELinuxLabel,
+ FileMode: volume.Mode,
+ UID: volume.UID,
+ GID: volume.GID,
+ RecursiveRelabel: volume.Recursive,
+ }
+
+ return nil
+ },
+ ); err != nil {
+ return fmt.Errorf("error creating volume configuration for %q: %w", volume.Path, err)
+ }
+
+ parentIDs[volume.Path] = volumeID
+ }
+
+ return nil
+}
+
+func (ctrl *VolumeConfigController) manageOverlayVolumes(ctx context.Context, r controller.Runtime) error {
+ if ctrl.V1Alpha1Mode.InContainer() {
+ return nil
+ }
+
+ for _, overlay := range constants.Overlays {
+ if err := safe.WriterModify(ctx, r,
+ block.NewVolumeConfig(block.NamespaceName, overlay.Path),
+ func(vc *block.VolumeConfig) error {
+ vc.TypedSpec().Type = block.VolumeTypeOverlay
+ vc.TypedSpec().ParentID = constants.EphemeralPartitionLabel
+ vc.TypedSpec().Mount = block.MountSpec{
+ TargetPath: overlay.Path,
+ SelinuxLabel: overlay.Label,
+ FileMode: 0o755,
+ UID: 0,
+ GID: 0,
+ }
+
+ return nil
+ },
+ ); err != nil {
+ return fmt.Errorf("error creating volume configuration for %q: %w", overlay.Path, err)
+ }
+ }
+
+ return nil
+}
diff --git a/internal/app/machined/pkg/controllers/block/volume_config_test.go b/internal/app/machined/pkg/controllers/block/volume_config_test.go
index f08cd78fe..797068101 100644
--- a/internal/app/machined/pkg/controllers/block/volume_config_test.go
+++ b/internal/app/machined/pkg/controllers/block/volume_config_test.go
@@ -10,6 +10,8 @@ import (
"testing"
"time"
+ "github.com/cosi-project/runtime/pkg/resource"
+ "github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-pointer"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
@@ -120,6 +122,30 @@ func (suite *VolumeConfigSuite) TestReconcileDefaults() {
asrt.Equal(constants.EphemeralMountPoint, r.TypedSpec().Mount.TargetPath)
})
+
+ ctest.AssertResources(suite, []resource.ID{
+ "/var/log",
+ "/var/log/audit",
+ "/var/log/containers",
+ "/var/log/pods",
+ constants.EtcdDataVolumeID,
+ "/var/lib/containerd",
+ "/var/lib/kubelet",
+ "/var/lib/cni",
+ constants.SeccompProfilesDirectory,
+ constants.KubernetesAuditLogDir,
+ "/var/run/lock",
+ }, func(r *block.VolumeConfig, asrt *assert.Assertions) {
+ asrt.Equal(block.VolumeTypeDirectory, r.TypedSpec().Type)
+ })
+
+ ctest.AssertResources(suite,
+ xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) resource.ID {
+ return target.Path
+ }),
+ func(r *block.VolumeConfig, asrt *assert.Assertions) {
+ asrt.Equal(block.VolumeTypeOverlay, r.TypedSpec().Type)
+ })
}
func (suite *VolumeConfigSuite) TestReconcileEncryptedSTATE() {
diff --git a/internal/app/machined/pkg/controllers/block/volume_manager.go b/internal/app/machined/pkg/controllers/block/volume_manager.go
index 879feb3a9..caf628c33 100644
--- a/internal/app/machined/pkg/controllers/block/volume_manager.go
+++ b/internal/app/machined/pkg/controllers/block/volume_manager.go
@@ -49,7 +49,7 @@ func (ctrl *VolumeManagerController) Inputs() []controller.Input {
{
Namespace: block.NamespaceName,
Type: block.VolumeStatusType,
- Kind: controller.InputDestroyReady,
+ Kind: controller.InputStrong,
},
{
Namespace: block.NamespaceName,
@@ -294,14 +294,31 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
volumeStatus := volumeStatuses[vc.Metadata().ID()]
volumeLogger := logger.With(zap.String("volume", vc.Metadata().ID()))
+ var volumeParentStatus *block.VolumeStatus
+
+ if vc.TypedSpec().ParentID != "" {
+ volumeParentStatus = volumeStatuses[vc.TypedSpec().ParentID]
+ }
+
+ parentFinalizer := ctrl.Name() + "-" + vc.Metadata().ID()
+
// figure out if we are tearing down this volume or building it
tearingDown := (volumeStatus != nil && volumeStatus.Metadata().Phase() == resource.PhaseTearingDown) || // we started tearing down the volume, so finish doing so
vc.Metadata().Phase() == resource.PhaseTearingDown || // volume config is being torn down
+ volumeParentStatus != nil && volumeParentStatus.Metadata().Phase() == resource.PhaseTearingDown || // parent volume is being torn down
volumeLifecycleTearingDown // global volume lifecycle requires all volumes to be torn down
// volume status doesn't exist yet, figure out what to do
if volumeStatus == nil {
if tearingDown {
+ if volumeParentStatus != nil {
+ if volumeParentStatus.Metadata().Finalizers().Has(parentFinalizer) {
+ if err = r.RemoveFinalizer(ctx, volumeParentStatus.Metadata(), parentFinalizer); err != nil {
+ return fmt.Errorf("error removing finalizer from parent volume configuration: %w", err)
+ }
+ }
+ }
+
// happy case, we don't need to progress this volume
if vc.Metadata().Finalizers().Has(ctrl.Name()) {
if err = r.RemoveFinalizer(ctx, vc.Metadata(), ctrl.Name()); err != nil {
@@ -316,6 +333,7 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
volumeStatus = block.NewVolumeStatus(block.NamespaceName, vc.Metadata().ID())
volumeStatus.TypedSpec().Phase = block.VolumePhaseWaiting
volumeStatus.TypedSpec().Type = vc.TypedSpec().Type
+ volumeStatus.TypedSpec().ParentID = vc.TypedSpec().ParentID
volumeStatuses[vc.Metadata().ID()] = volumeStatus
}
@@ -331,12 +349,15 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
prevPhase := volumeStatus.TypedSpec().Phase
- if err = ctrl.processVolumeConfig(
+ if err = ctrl.progressVolumeConfig(
ctx,
volumeLogger,
+ r,
volumes.ManagerContext{
Cfg: vc,
Status: volumeStatus.TypedSpec(),
+ ParentStatus: volumeParentStatus,
+ ParentFinalizer: parentFinalizer,
DiscoveredVolumes: discoveredVolumesSpecs,
Disks: diskSpecs,
DevicesReady: devicesReady,
@@ -373,34 +394,53 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
}
if prevPhase != volumeStatus.TypedSpec().Phase || err != nil {
- fields := []zap.Field{
- zap.String("phase", fmt.Sprintf("%s -> %s", prevPhase, volumeStatus.TypedSpec().Phase)),
- zap.Error(err),
- }
+ suppressVolumeLogs := slices.Contains(
+ []block.VolumeType{
+ block.VolumeTypeDirectory,
+ block.VolumeTypeOverlay,
+ block.VolumeTypeSymlink,
+ },
+ volumeStatus.TypedSpec().Type,
+ )
- if volumeStatus.TypedSpec().Location != "" {
- fields = append(fields, zap.String("location", volumeStatus.TypedSpec().Location))
- }
+ if !suppressVolumeLogs {
+ fields := []zap.Field{
+ zap.String("phase", fmt.Sprintf("%s -> %s", prevPhase, volumeStatus.TypedSpec().Phase)),
+ zap.Error(err),
+ }
- if volumeStatus.TypedSpec().MountLocation != "" && volumeStatus.TypedSpec().MountLocation != volumeStatus.TypedSpec().Location {
- fields = append(fields, zap.String("mountLocation", volumeStatus.TypedSpec().MountLocation))
- }
+ if volumeStatus.TypedSpec().Location != "" {
+ fields = append(fields, zap.String("location", volumeStatus.TypedSpec().Location))
+ }
- if volumeStatus.TypedSpec().ParentLocation != "" {
- fields = append(fields, zap.String("parentLocation", volumeStatus.TypedSpec().ParentLocation))
- }
+ if volumeStatus.TypedSpec().MountLocation != "" && volumeStatus.TypedSpec().MountLocation != volumeStatus.TypedSpec().Location {
+ fields = append(fields, zap.String("mountLocation", volumeStatus.TypedSpec().MountLocation))
+ }
- if len(volumeStatus.TypedSpec().EncryptionFailedSyncs) > 0 {
- fields = append(fields, zap.Strings("encryptionFailedSyncs", volumeStatus.TypedSpec().EncryptionFailedSyncs))
- }
+ if volumeStatus.TypedSpec().ParentLocation != "" {
+ fields = append(fields, zap.String("parentLocation", volumeStatus.TypedSpec().ParentLocation))
+ }
- volumeLogger.Info("volume status", fields...)
+ if len(volumeStatus.TypedSpec().EncryptionFailedSyncs) > 0 {
+ fields = append(fields, zap.Strings("encryptionFailedSyncs", volumeStatus.TypedSpec().EncryptionFailedSyncs))
+ }
+
+ volumeLogger.Info("volume status", fields...)
+ }
}
// when closing, ignore META volume, we want it to stay longer, so no problem if is not closed yet
allClosed = allClosed && (volumeStatus.TypedSpec().Phase == block.VolumePhaseClosed || vc.Metadata().ID() == constants.MetaPartitionLabel)
if shouldCloseVolume && volumeStatus.TypedSpec().Phase == block.VolumePhaseClosed {
+ if volumeParentStatus != nil {
+ if volumeParentStatus.Metadata().Finalizers().Has(parentFinalizer) {
+ if err = r.RemoveFinalizer(ctx, volumeParentStatus.Metadata(), parentFinalizer); err != nil {
+ return fmt.Errorf("error removing finalizer from parent volume configuration: %w", err)
+ }
+ }
+ }
+
// we can destroy the volume status now
if err = r.Destroy(ctx, volumeStatus.Metadata()); err != nil {
return fmt.Errorf("error destroying volume status: %w", err)
@@ -430,6 +470,25 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
}
}
+func (ctrl *VolumeManagerController) progressVolumeConfig(ctx context.Context, logger *zap.Logger, r controller.Runtime, volumeContext volumes.ManagerContext) error {
+ if !volumeContext.ShouldCloseVolume {
+ if volumeContext.Cfg.TypedSpec().ParentID != "" {
+ if volumeContext.ParentStatus == nil {
+ // not ready yet
+ return nil
+ }
+
+ if !volumeContext.ParentStatus.Metadata().Finalizers().Has(volumeContext.ParentFinalizer) {
+ if err := r.AddFinalizer(ctx, volumeContext.ParentStatus.Metadata(), volumeContext.ParentFinalizer); err != nil {
+ return fmt.Errorf("error adding finalizer to parent volume configuration: %w", err)
+ }
+ }
+ }
+ }
+
+ return ctrl.processVolumeConfig(ctx, logger, volumeContext)
+}
+
// processVolumeConfig implements the volume configuration automata.
//
// Initial -> { Waiting } ----> { Missing } // volume is not found (by locator)
diff --git a/internal/app/machined/pkg/controllers/cri/image_cache_config.go b/internal/app/machined/pkg/controllers/cri/image_cache_config.go
index 86ed26be7..154652728 100644
--- a/internal/app/machined/pkg/controllers/cri/image_cache_config.go
+++ b/internal/app/machined/pkg/controllers/cri/image_cache_config.go
@@ -82,6 +82,11 @@ func (ctrl *ImageCacheConfigController) Inputs() []controller.Input {
Type: block.VolumeMountStatusType,
Kind: controller.InputStrong,
},
+ {
+ Namespace: block.NamespaceName,
+ Type: block.VolumeMountRequestType,
+ Kind: controller.InputDestroyReady,
+ },
}
}
@@ -252,7 +257,12 @@ func (ctrl *ImageCacheConfigController) createVolumeConfigISO(ctx context.Contex
volumeCfg.TypedSpec().Locator = block.LocatorSpec{
Match: *boolExpr,
}
- volumeCfg.TypedSpec().Mount.TargetPath = constants.ImageCacheISOMountPoint
+ volumeCfg.TypedSpec().Mount = block.MountSpec{
+ TargetPath: constants.ImageCacheISOMountPoint,
+ FileMode: 0o700,
+ UID: 0,
+ GID: 0,
+ }
return nil
})
@@ -305,7 +315,12 @@ func (ctrl *ImageCacheConfigController) createVolumeConfigDisk(ctx context.Conte
volumeCfg.TypedSpec().Provisioning.FilesystemSpec.Type = block.FilesystemTypeEXT4
}
- volumeCfg.TypedSpec().Mount.TargetPath = constants.ImageCacheDiskMountPoint
+ volumeCfg.TypedSpec().Mount = block.MountSpec{
+ TargetPath: constants.ImageCacheDiskMountPoint,
+ FileMode: 0o700,
+ UID: 0,
+ GID: 0,
+ }
return nil
})
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go
index cf5388fe7..71255f9fd 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go
@@ -217,17 +217,9 @@ func (*Sequencer) Boot(r runtime.Runtime) []runtime.Phase {
r.State().Platform().Mode() == runtime.ModeContainer,
"sharedFilesystems",
SetupSharedFilesystems,
- ).AppendWhen(
- r.State().Platform().Mode() != runtime.ModeContainer,
+ ).Append(
"ephemeral",
MountEphemeralPartition,
- ).Append(
- "var",
- SetupVarDirectory,
- ).AppendWhen(
- r.State().Platform().Mode() != runtime.ModeContainer,
- "overlay",
- MountOverlayFilesystems,
).AppendWhen(
r.State().Platform().Mode() != runtime.ModeContainer,
"udevSetup",
@@ -455,7 +447,6 @@ func (*Sequencer) Upgrade(r runtime.Runtime, in *machineapi.UpgradeRequest) []ru
StopServicesEphemeral,
).Append(
"unmount",
- UnmountOverlayFilesystems,
UnmountPodMounts,
).Append(
"unmountBind",
@@ -503,7 +494,6 @@ func stopAllPhaselist(r runtime.Runtime, enableKexec bool) PhaseList {
StopServicesEphemeral,
).Append(
"umount",
- UnmountOverlayFilesystems,
UnmountPodMounts,
).Append(
"unmountBind",
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
index f575b543e..6785183aa 100644
--- a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
+++ b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
@@ -509,15 +509,6 @@ func StopAllServices(runtime.Sequence, any) (runtime.TaskExecutionFunc, string)
}, "stopAllServices"
}
-// MountOverlayFilesystems represents the MountOverlayFilesystems task.
-func MountOverlayFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
- return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
- _, err = mountv2.OverlayMountPoints().Mount()
-
- return err
- }, "mountOverlayFilesystems"
-}
-
// SetupSharedFilesystems represents the SetupSharedFilesystems task.
func SetupSharedFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
@@ -532,132 +523,6 @@ func SetupSharedFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, s
}, "setupSharedFilesystems"
}
-// CreateDirectory is a structure describing properties of a directory to be initialized.
-type CreateDirectory struct {
- Path string
- Mode os.FileMode
- UID, GID int
- SELinuxLabel string
- ExcludeLabels []string
-}
-
-// InitializeDirectoryStructure creates directories and sets security options on them.
-func InitializeDirectoryStructure(directories []CreateDirectory) error {
- for _, dir := range directories {
- if err := os.MkdirAll(dir.Path, dir.Mode); err != nil {
- return err
- }
-
- if err := os.Chmod(dir.Path, dir.Mode); err != nil {
- return err
- }
-
- if err := selinux.SetLabelRecursive(dir.Path, dir.SELinuxLabel, dir.ExcludeLabels...); err != nil {
- return err
- }
-
- if dir.UID != 0 || dir.GID != 0 {
- if err := os.Chown(dir.Path, dir.UID, dir.GID); err != nil {
- return err
- }
- }
- }
-
- return nil
-}
-
-// SetupVarDirectory represents the SetupVarDirectory task.
-func SetupVarDirectory(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
- return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error {
- if err := setupVarRun(logger); err != nil {
- return err
- }
-
- directoryConfigurations := []CreateDirectory{
- {
- Path: "/var/log",
- Mode: 0o755,
- SELinuxLabel: "system_u:object_r:var_log_t:s0",
- },
- {
- Path: "/var/log/audit",
- Mode: 0o700,
- SELinuxLabel: "system_u:object_r:audit_log_t:s0",
- },
- {
- Path: "/var/log/containers",
- Mode: 0o755,
- SELinuxLabel: "system_u:object_r:containers_log_t:s0",
- },
- {
- Path: "/var/log/pods",
- Mode: 0o755,
- SELinuxLabel: "system_u:object_r:pods_log_t:s0",
- },
- {
- Path: "/var/lib/containerd",
- Mode: 0o000,
- SELinuxLabel: "system_u:object_r:containerd_state_t:s0",
- },
- {
- Path: "/var/lib/kubelet",
- Mode: 0o700,
- SELinuxLabel: "system_u:object_r:kubelet_state_t:s0",
- },
- {
- Path: "/var/lib/cni",
- Mode: 0o700,
- SELinuxLabel: "system_u:object_r:cni_state_t:s0",
- },
- {
- Path: "/var/run/lock",
- Mode: 0o755,
- SELinuxLabel: "system_u:object_r:var_lock_t:s0",
- },
- {
- Path: constants.SeccompProfilesDirectory,
- Mode: 0o700,
- SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0",
- },
- {
- Path: constants.KubernetesAuditLogDir,
- Mode: 0o700,
- UID: constants.KubernetesAPIServerRunUser,
- GID: constants.KubernetesAPIServerRunGroup,
- SELinuxLabel: "system_u:object_r:kube_log_t:s0",
- },
- }
-
- return InitializeDirectoryStructure(directoryConfigurations)
- }, "setupVarDirectory"
-}
-
-func setupVarRun(logger *log.Logger) error {
- // handle '/var/run' - if that exists after an upgrade, and is a directory, clean it up
- // if it doesn't exist, create as a symlink to '/run'
- runSt, err := os.Lstat("/var/run")
- if err == nil && runSt.IsDir() {
- // old Talos versions had '/var/run' as a directory, clean it up on boot
- entries, err := os.ReadDir("/var/run")
- if err != nil {
- return fmt.Errorf("failed to read /var/run: %w", err)
- }
-
- for _, e := range entries {
- if err = os.RemoveAll(filepath.Join("/var/run", e.Name())); err != nil {
- logger.Printf("failed to remove %s: %s", e.Name(), err)
- }
- }
- } else if err != nil && os.IsNotExist(err) {
- // '/var/run' doesn't exist, create as a symlink to '/run'
- if err = os.Symlink("/run", "/var/run"); err != nil {
- return fmt.Errorf("failed to create /var/run symlink: %w", err)
- }
- }
-
- return nil
-}
-
// MountUserDisks represents the MountUserDisks task.
func MountUserDisks(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error {
@@ -865,13 +730,6 @@ func existsAndIsFile(p string) (err error) {
return nil
}
-// UnmountOverlayFilesystems represents the UnmountOverlayFilesystems task.
-func UnmountOverlayFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
- return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
- return mountv2.OverlayMountPoints().Unmount()
- }, "unmountOverlayFilesystems"
-}
-
// UnmountPodMounts represents the UnmountPodMounts task.
func UnmountPodMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
@@ -910,18 +768,24 @@ func UnmountPodMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string)
}
// UnmountSystemDiskBindMounts represents the UnmountSystemDiskBindMounts task.
+//
+//nolint:gocyclo
func UnmountSystemDiskBindMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) {
- systemDisk, err := blockres.GetSystemDisk(ctx, r.State().V1Alpha2().Resources())
- if err != nil {
+ ephemeralStatus, err := safe.StateGetByID[*blockres.VolumeStatus](ctx, r.State().V1Alpha2().Resources(), constants.EphemeralPartitionLabel)
+ if err != nil && !state.IsNotFoundError(err) {
return err
}
- if systemDisk == nil {
+ if ephemeralStatus == nil {
return nil
}
- devname := systemDisk.DevPath
+ devname := ephemeralStatus.TypedSpec().MountLocation
+
+ if devname == "" {
+ return nil
+ }
f, err := os.Open("/proc/mounts")
if err != nil {
@@ -938,18 +802,19 @@ func UnmountSystemDiskBindMounts(runtime.Sequence, any) (runtime.TaskExecutionFu
continue
}
- device := strings.ReplaceAll(fields[0], "/dev/mapper", "/dev")
- mountpoint := fields[1]
+ device, mountpoint := fields[0], fields[1]
- if strings.HasPrefix(device, devname) && device != devname {
- logger.Printf("unmounting %s\n", mountpoint)
+ if device != devname || mountpoint == constants.EphemeralMountPoint {
+ continue
+ }
- if err = mountv2.SafeUnmount(ctx, logger.Printf, mountpoint); err != nil {
- if errors.Is(err, syscall.EINVAL) {
- log.Printf("ignoring unmount error %s: %v", mountpoint, err)
- } else {
- return fmt.Errorf("error unmounting %s: %w", mountpoint, err)
- }
+ logger.Printf("unmounting %s\n", mountpoint)
+
+ if err = mountv2.SafeUnmount(ctx, logger.Printf, mountpoint); err != nil {
+ if errors.Is(err, syscall.EINVAL) {
+ log.Printf("ignoring unmount error %s: %v", mountpoint, err)
+ } else {
+ return fmt.Errorf("error unmounting %s: %w", mountpoint, err)
}
}
}
@@ -1617,21 +1482,16 @@ func UnmountEphemeralPartition(runtime.Sequence, any) (runtime.TaskExecutionFunc
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error {
mountRequest := blockres.NewVolumeMountRequest(blockres.NamespaceName, constants.EphemeralPartitionLabel).Metadata()
- _, err := r.State().V1Alpha2().Resources().Teardown(ctx, mountRequest)
+ err := r.State().V1Alpha2().Resources().Destroy(ctx, mountRequest)
if err != nil {
if state.IsNotFoundError(err) {
return nil
}
- return fmt.Errorf("failed to teardown EPHEMERAL mount request: %w", err)
+ return fmt.Errorf("failed to destroy EPHEMERAL mount request: %w", err)
}
- _, err = r.State().V1Alpha2().Resources().WatchFor(ctx, mountRequest, state.WithFinalizerEmpty())
- if err != nil {
- return fmt.Errorf("failed to wait for EPHEMERAL teardown: %w", err)
- }
-
- return r.State().V1Alpha2().Resources().Destroy(ctx, mountRequest)
+ return nil
}, "unmountEphemeralPartition"
}
diff --git a/internal/app/machined/pkg/startup/startup.go b/internal/app/machined/pkg/startup/startup.go
index b93644b44..14b695f80 100644
--- a/internal/app/machined/pkg/startup/startup.go
+++ b/internal/app/machined/pkg/startup/startup.go
@@ -40,7 +40,6 @@ func DefaultTasks() []Task {
LogMode,
MountPseudoLate,
SetupSystemDirectories,
- SetupSystemSubdirectories,
InitVolumeLifecycle,
MountCgroups,
SetRLimit,
diff --git a/internal/app/machined/pkg/startup/tasks.go b/internal/app/machined/pkg/startup/tasks.go
index 09e7a94ee..42f51bd97 100644
--- a/internal/app/machined/pkg/startup/tasks.go
+++ b/internal/app/machined/pkg/startup/tasks.go
@@ -17,7 +17,6 @@ import (
"golang.org/x/sys/unix"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
- "github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1"
"github.com/siderolabs/talos/internal/pkg/environment"
"github.com/siderolabs/talos/internal/pkg/mount/v2"
"github.com/siderolabs/talos/internal/pkg/selinux"
@@ -34,61 +33,27 @@ func LogMode(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next Next
// SetupSystemDirectories creates system default directories.
func SetupSystemDirectories(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next NextTaskFunc) error {
- for _, path := range []string{constants.SystemEtcPath, constants.SystemVarPath, constants.StateMountPoint} {
- if err := os.MkdirAll(path, 0o700); err != nil {
+ for _, dir := range []struct {
+ path string
+ perm os.FileMode
+ label string
+ }{
+ {constants.SystemEtcPath, 0o700, constants.EtcSelinuxLabel},
+ {constants.SystemVarPath, 0o700, constants.SystemVarSelinuxLabel},
+ {constants.StateMountPoint, 0o700, ""},
+ {constants.SystemRunPath, 0o751, "system_u:object_r:system_run_t:s0"},
+ {"/system/run/containerd", 0o711, "system_u:object_r:sys_containerd_run_t:s0"},
+ {"/run/containerd", 0o711, "system_u:object_r:pod_containerd_run_t:s0"},
+ } {
+ if err := os.MkdirAll(dir.path, dir.perm); err != nil {
return fmt.Errorf("setupSystemDirectories: %w", err)
}
- var label string
-
- switch path {
- case constants.SystemEtcPath:
- label = constants.EtcSelinuxLabel
- case constants.SystemVarPath:
- label = constants.SystemVarSelinuxLabel
- default: // /system/state is another mount
- label = ""
+ if dir.label != "" {
+ if err := selinux.SetLabel(dir.path, dir.label); err != nil {
+ return fmt.Errorf("setupSystemDirectories: %w", err)
+ }
}
-
- if err := selinux.SetLabel(path, label); err != nil {
- return err
- }
- }
-
- for _, path := range []string{constants.SystemRunPath} {
- if err := os.MkdirAll(path, 0o751); err != nil {
- return fmt.Errorf("setupSystemDirectories: %w", err)
- }
- }
-
- return next()(ctx, log, rt, next)
-}
-
-// SetupSystemSubdirectories creates and configures subdirectories under /system.
-func SetupSystemSubdirectories(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next NextTaskFunc) error {
- directoryConfigurations := []v1alpha1.CreateDirectory{
- {
- Path: "/system/run",
- Mode: 0o751,
- SELinuxLabel: "system_u:object_r:system_run_t:s0",
- },
- {
- Path: "/system/run/containerd",
- Mode: 0o711,
- SELinuxLabel: "system_u:object_r:sys_containerd_run_t:s0",
- ExcludeLabels: []string{"system_u:object_r:sys_containerd_socket_t:s0"},
- },
- {
- Path: "/run/containerd",
- Mode: 0o711,
- SELinuxLabel: "system_u:object_r:pod_containerd_run_t:s0",
- ExcludeLabels: []string{"system_u:object_r:pod_containerd_socket_t:s0"},
- },
- }
-
- err := v1alpha1.InitializeDirectoryStructure(directoryConfigurations)
- if err != nil {
- return err
}
return next()(ctx, log, rt, next)
diff --git a/internal/app/machined/pkg/system/integration_test.go b/internal/app/machined/pkg/system/integration_test.go
index 6d32ed78a..c8d4ecc97 100644
--- a/internal/app/machined/pkg/system/integration_test.go
+++ b/internal/app/machined/pkg/system/integration_test.go
@@ -70,7 +70,7 @@ func (TestService) DependsOn(runtime.Runtime) []string {
return nil
}
-func (TestService) Volumes() []string {
+func (TestService) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/mocks_test.go b/internal/app/machined/pkg/system/mocks_test.go
index 7b8358d76..61f356c68 100644
--- a/internal/app/machined/pkg/system/mocks_test.go
+++ b/internal/app/machined/pkg/system/mocks_test.go
@@ -64,7 +64,7 @@ func (m *MockService) DependsOn(runtime.Runtime) []string {
return m.dependencies
}
-func (m *MockService) Volumes() []string {
+func (m *MockService) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/service.go b/internal/app/machined/pkg/system/service.go
index 9c65af683..086a76c2f 100644
--- a/internal/app/machined/pkg/system/service.go
+++ b/internal/app/machined/pkg/system/service.go
@@ -30,7 +30,7 @@ type Service interface {
// DependsOn returns list of service IDs this service depends on.
DependsOn(runtime.Runtime) []string
// Volumes returns a list of volume IDs the service needs.
- Volumes() []string
+ Volumes(runtime.Runtime) []string
}
// HealthcheckedService is a service which provides health check.
diff --git a/internal/app/machined/pkg/system/service_runner.go b/internal/app/machined/pkg/system/service_runner.go
index dc6c101f4..56805d92c 100644
--- a/internal/app/machined/pkg/system/service_runner.go
+++ b/internal/app/machined/pkg/system/service_runner.go
@@ -219,7 +219,7 @@ func (svcrunner *ServiceRunner) Run(notifyChannels ...chan<- struct{}) error {
condition = conditions.WaitForAll(serviceDependencies, condition)
}
- if volumeIDs := svcrunner.service.Volumes(); len(volumeIDs) > 0 && !svcrunner.runtime.State().Platform().Mode().InContainer() {
+ if volumeIDs := svcrunner.service.Volumes(svcrunner.runtime); len(volumeIDs) > 0 {
// create volume mount request for each volume requested
volumeRequestIDs := make([]string, 0, len(volumeIDs))
@@ -241,8 +241,11 @@ func (svcrunner *ServiceRunner) Run(notifyChannels ...chan<- struct{}) error {
// cleanup volume mounts
defer func() {
- if err := svcrunner.deleteVolumeMountRequest(ctx, volumeRequestIDs); err != nil {
- svcrunner.UpdateState(ctx, events.StateFailed, "Failed to clean up volumes: %v", err)
+ cleanupCtx, cleanupCancel := context.WithTimeout(context.Background(), 10*time.Second)
+ defer cleanupCancel()
+
+ if err := svcrunner.deleteVolumeMountRequest(cleanupCtx, volumeRequestIDs); err != nil {
+ svcrunner.UpdateState(cleanupCtx, events.StateFailed, "Failed to clean up volumes: %v", err)
}
}()
}
diff --git a/internal/app/machined/pkg/system/services/apid.go b/internal/app/machined/pkg/system/services/apid.go
index 6ea579fde..c0f899d08 100644
--- a/internal/app/machined/pkg/system/services/apid.go
+++ b/internal/app/machined/pkg/system/services/apid.go
@@ -135,7 +135,7 @@ func (o *APID) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (o *APID) Volumes() []string {
+func (o *APID) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/auditd.go b/internal/app/machined/pkg/system/services/auditd.go
index a856b6006..4dafe181b 100644
--- a/internal/app/machined/pkg/system/services/auditd.go
+++ b/internal/app/machined/pkg/system/services/auditd.go
@@ -51,7 +51,7 @@ func (s *Auditd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (s *Auditd) Volumes() []string {
+func (s *Auditd) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/containerd.go b/internal/app/machined/pkg/system/services/containerd.go
index 5fc0df09e..b393d1254 100644
--- a/internal/app/machined/pkg/system/services/containerd.go
+++ b/internal/app/machined/pkg/system/services/containerd.go
@@ -79,7 +79,7 @@ func (c *Containerd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (c *Containerd) Volumes() []string {
+func (c *Containerd) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/cri.go b/internal/app/machined/pkg/system/services/cri.go
index 6791488e0..736dcb86f 100644
--- a/internal/app/machined/pkg/system/services/cri.go
+++ b/internal/app/machined/pkg/system/services/cri.go
@@ -11,6 +11,7 @@ import (
containerd "github.com/containerd/containerd/v2/client"
"github.com/containerd/containerd/v2/defaults"
+ "github.com/siderolabs/gen/xslices"
"google.golang.org/grpc/health/grpc_health_v1"
"github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
@@ -81,8 +82,24 @@ func (c *CRI) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (c *CRI) Volumes() []string {
- return []string{constants.EphemeralPartitionLabel}
+func (c *CRI) Volumes(r runtime.Runtime) []string {
+ volumes := []string{
+ "/var/lib",
+ "/var/lib/cni",
+ "/var/lib/containerd",
+ "/var/run",
+ "/var/run/lock",
+ }
+
+ if !r.State().Platform().Mode().InContainer() {
+ volumes = append(volumes,
+ xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) string {
+ return target.Path
+ })...,
+ )
+ }
+
+ return volumes
}
// Runner implements the Service interface.
diff --git a/internal/app/machined/pkg/system/services/dashboard.go b/internal/app/machined/pkg/system/services/dashboard.go
index 8642ded0f..2c33ac7dc 100644
--- a/internal/app/machined/pkg/system/services/dashboard.go
+++ b/internal/app/machined/pkg/system/services/dashboard.go
@@ -51,7 +51,7 @@ func (d *Dashboard) DependsOn(_ runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (d *Dashboard) Volumes() []string {
+func (d *Dashboard) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/etcd.go b/internal/app/machined/pkg/system/services/etcd.go
index 83be96e72..b85f02957 100644
--- a/internal/app/machined/pkg/system/services/etcd.go
+++ b/internal/app/machined/pkg/system/services/etcd.go
@@ -40,7 +40,6 @@ import (
"github.com/siderolabs/talos/internal/pkg/containers/image"
"github.com/siderolabs/talos/internal/pkg/environment"
"github.com/siderolabs/talos/internal/pkg/etcd"
- "github.com/siderolabs/talos/internal/pkg/selinux"
"github.com/siderolabs/talos/pkg/argsbuilder"
"github.com/siderolabs/talos/pkg/conditions"
"github.com/siderolabs/talos/pkg/filetree"
@@ -86,25 +85,6 @@ func (e *Etcd) ID(runtime.Runtime) string {
//
//nolint:gocyclo
func (e *Etcd) PreFunc(ctx context.Context, r runtime.Runtime) error {
- if err := os.MkdirAll(constants.EtcdDataPath, 0o700); err != nil {
- return err
- }
-
- // Data path might exist after upgrade from previous version of Talos.
- if err := os.Chmod(constants.EtcdDataPath, 0o700); err != nil {
- return err
- }
-
- // Relabel in case of upgrade from older version or SELinux being disabled and then enabled.
- if err := selinux.SetLabel(constants.EtcdDataPath, constants.EtcdDataSELinuxLabel); err != nil {
- return err
- }
-
- // Make sure etcd user can access files in the data directory.
- if err := filetree.ChownRecursive(constants.EtcdDataPath, constants.EtcdUserID, constants.EtcdUserID); err != nil {
- return err
- }
-
client, err := containerdapi.New(constants.CRIContainerdAddress)
if err != nil {
return err
@@ -185,8 +165,11 @@ func (e *Etcd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (e *Etcd) Volumes() []string {
- return nil
+func (e *Etcd) Volumes(runtime.Runtime) []string {
+ return []string{
+ "/var/lib",
+ constants.EtcdDataVolumeID,
+ }
}
// Runner implements the Service interface.
diff --git a/internal/app/machined/pkg/system/services/extension.go b/internal/app/machined/pkg/system/services/extension.go
index 79176818c..ed6e514ed 100644
--- a/internal/app/machined/pkg/system/services/extension.go
+++ b/internal/app/machined/pkg/system/services/extension.go
@@ -113,7 +113,7 @@ func (svc *Extension) DependsOn(r runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (svc *Extension) Volumes() []string {
+func (svc *Extension) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/kubelet.go b/internal/app/machined/pkg/system/services/kubelet.go
index 77f307beb..c94294025 100644
--- a/internal/app/machined/pkg/system/services/kubelet.go
+++ b/internal/app/machined/pkg/system/services/kubelet.go
@@ -106,8 +106,18 @@ func (k *Kubelet) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (k *Kubelet) Volumes() []string {
- return nil
+func (k *Kubelet) Volumes(runtime.Runtime) []string {
+ return []string{
+ "/var/lib",
+ "/var/lib/kubelet",
+ "/var/log",
+ "/var/log/audit",
+ "/var/log/containers",
+ "/var/log/pods",
+ "/var/lib/kubelet/seccomp",
+ constants.SeccompProfilesDirectory,
+ constants.KubernetesAuditLogDir,
+ }
}
// Runner implements the Service interface.
@@ -236,13 +246,11 @@ func kubeletSeccomp(seccomp *specs.LinuxSeccomp) {
}
func simpleHealthCheck(ctx context.Context, url string) error {
- req, err := http.NewRequest(http.MethodGet, url, nil)
+ req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
if err != nil {
return err
}
- req = req.WithContext(ctx)
-
resp, err := http.DefaultClient.Do(req) //nolint:bodyclose
if err != nil {
return err
diff --git a/internal/app/machined/pkg/system/services/machined.go b/internal/app/machined/pkg/system/services/machined.go
index fb91b83fa..1c7543bce 100644
--- a/internal/app/machined/pkg/system/services/machined.go
+++ b/internal/app/machined/pkg/system/services/machined.go
@@ -228,7 +228,7 @@ func (m *Machined) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (m *Machined) Volumes() []string {
+func (m *Machined) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/registryd.go b/internal/app/machined/pkg/system/services/registryd.go
index ad0cd9508..93527c08e 100644
--- a/internal/app/machined/pkg/system/services/registryd.go
+++ b/internal/app/machined/pkg/system/services/registryd.go
@@ -39,7 +39,7 @@ func (r *registryD) PreFunc(context.Context, runtime.Runtime) error { retur
func (r *registryD) PostFunc(runtime.Runtime, events.ServiceState) error { return nil }
func (r *registryD) Condition(runtime.Runtime) conditions.Condition { return nil }
func (r *registryD) DependsOn(runtime.Runtime) []string { return nil }
-func (r *registryD) Volumes() []string { return nil }
+func (r *registryD) Volumes(runtime.Runtime) []string { return nil }
func (r *registryD) HealthFunc(runtime.Runtime) health.Check {
return func(ctx context.Context) error {
diff --git a/internal/app/machined/pkg/system/services/syslogd.go b/internal/app/machined/pkg/system/services/syslogd.go
index 9c481e546..9195137cf 100644
--- a/internal/app/machined/pkg/system/services/syslogd.go
+++ b/internal/app/machined/pkg/system/services/syslogd.go
@@ -51,7 +51,7 @@ func (s *Syslogd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (s *Syslogd) Volumes() []string {
+func (s *Syslogd) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/trustd.go b/internal/app/machined/pkg/system/services/trustd.go
index e1c1e7424..63d349a8f 100644
--- a/internal/app/machined/pkg/system/services/trustd.go
+++ b/internal/app/machined/pkg/system/services/trustd.go
@@ -136,7 +136,7 @@ func (t *Trustd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (t *Trustd) Volumes() []string {
+func (t *Trustd) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/services/udevd.go b/internal/app/machined/pkg/system/services/udevd.go
index 49abcf1dd..5a454ff2e 100644
--- a/internal/app/machined/pkg/system/services/udevd.go
+++ b/internal/app/machined/pkg/system/services/udevd.go
@@ -67,7 +67,7 @@ func (c *Udevd) DependsOn(runtime.Runtime) []string {
}
// Volumes implements the Service interface.
-func (c *Udevd) Volumes() []string {
+func (c *Udevd) Volumes(runtime.Runtime) []string {
return nil
}
diff --git a/internal/app/machined/pkg/system/volumes.go b/internal/app/machined/pkg/system/volumes.go
index 2ec9221c5..3cf9ff441 100644
--- a/internal/app/machined/pkg/system/volumes.go
+++ b/internal/app/machined/pkg/system/volumes.go
@@ -44,20 +44,9 @@ func (svcrunner *ServiceRunner) deleteVolumeMountRequest(ctx context.Context, re
}
for _, requestID := range requestIDs {
- _, err := st.Teardown(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata())
+ err := st.Destroy(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata())
if err != nil {
- return fmt.Errorf("failed to teardown mount request %q: %w", requestID, err)
- }
- }
-
- for _, requestID := range requestIDs {
- _, err := st.WatchFor(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata(), state.WithFinalizerEmpty())
- if err != nil {
- return fmt.Errorf("failed to wait for teardown of mount request %q: %w", requestID, err)
- }
-
- if err = st.Destroy(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata()); err != nil {
- return fmt.Errorf("failed to destroy mount request %q: %w", requestID, err)
+ return fmt.Errorf("failed to destroy volume mount request %q: %w", requestID, err)
}
}
diff --git a/internal/integration/api/selinux.go b/internal/integration/api/selinux.go
index 89aafb07b..39fe8ccd2 100644
--- a/internal/integration/api/selinux.go
+++ b/internal/integration/api/selinux.go
@@ -18,6 +18,7 @@ import (
"time"
"github.com/cosi-project/runtime/pkg/resource/rtestutils"
+ "github.com/cosi-project/runtime/pkg/safe"
"github.com/siderolabs/go-pointer"
"github.com/siderolabs/go-procfs/procfs"
"github.com/stretchr/testify/assert"
@@ -76,8 +77,6 @@ func (suite *SELinuxSuite) getLabel(nodeCtx context.Context, pid int32) string {
// to ensure SELinux labels for files are set when they are created and FS's are mounted with correct labels.
// FIXME: cancel the test in case system was upgraded.
func (suite *SELinuxSuite) TestFileMountLabels() {
- suite.T().Skip("skipping this test until it becomes stable enough")
-
workers := suite.DiscoverNodeInternalIPsByType(suite.ctx, machine.TypeWorker)
controlplanes := suite.DiscoverNodeInternalIPsByType(suite.ctx, machine.TypeControlPlane)
@@ -85,9 +84,12 @@ func (suite *SELinuxSuite) TestFileMountLabels() {
// Mounts
constants.SystemPath: constants.SystemSelinuxLabel,
constants.EphemeralMountPoint: constants.EphemeralSelinuxLabel,
- constants.StateMountPoint: constants.StateSelinuxLabel,
+ constants.StateMountPoint: constants.SystemSelinuxLabel,
constants.SystemVarPath: constants.SystemVarSelinuxLabel,
constants.RunPath: constants.RunSelinuxLabel,
+ "/run/containerd": "system_u:object_r:pod_containerd_run_t:s0",
+ "/run/lock": "system_u:object_r:var_lock_t:s0",
+ constants.SystemRunPath: "system_u:object_r:system_run_t:s0",
"/var/run": constants.RunSelinuxLabel,
// Runtime files
constants.APIRuntimeSocketPath: constants.APIRuntimeSocketLabel,
@@ -104,8 +106,15 @@ func (suite *SELinuxSuite) TestFileMountLabels() {
"/opt/cni": "system_u:object_r:cni_plugin_t:s0",
"/opt/containerd": "system_u:object_r:containerd_plugin_t:s0",
// Directories
- "/var/lib/containerd": "system_u:object_r:containerd_state_t:s0",
- "/var/lib/kubelet": "system_u:object_r:kubelet_state_t:s0",
+ "/var/lib/containerd": "system_u:object_r:containerd_state_t:s0",
+ "/var/lib/cni": "system_u:object_r:cni_state_t:s0",
+ "/var/lib/kubelet": "system_u:object_r:kubelet_state_t:s0",
+ "/var/lib/kubelet/seccomp": "system_u:object_r:seccomp_profile_t:s0",
+ "/var/log": "system_u:object_r:var_log_t:s0",
+ "/var/log/audit": "system_u:object_r:audit_log_t:s0",
+ constants.KubernetesAuditLogDir: "system_u:object_r:kube_log_t:s0",
+ "/var/log/containers": "system_u:object_r:containers_log_t:s0",
+ "/var/log/pods": "system_u:object_r:pods_log_t:s0",
// Mounts and runtime-generated files
constants.SystemEtcPath: constants.EtcSelinuxLabel,
"/etc": constants.EtcSelinuxLabel,
@@ -157,55 +166,69 @@ func (suite *SELinuxSuite) checkFileLabels(nodes []string, expectedLabels map[st
suite.T().Skip("skipping SELinux test since SELinux is disabled")
}
- // We should check both folders and their contents for proper labels
- for _, dir := range []bool{true, false} {
- for path, label := range expectedLabels {
- req := &machineapi.ListRequest{
- Root: path,
- ReportXattrs: true,
- }
- if dir {
- req.Types = []machineapi.ListRequest_Type{machineapi.ListRequest_DIRECTORY}
- }
+ extensions, err := safe.StateListAll[*runtimeres.ExtensionStatus](nodeCtx, suite.Client.COSI)
+ suite.Require().NoError(err)
- stream, err := suite.Client.LS(nodeCtx, req)
+ if extensions.Len() > 0 {
+ suite.T().Skip("skipping SELinux test since extensions are running")
+ }
- suite.Require().NoError(err)
+ for path, label := range expectedLabels {
+ req := &machineapi.ListRequest{
+ Root: path,
+ ReportXattrs: true,
+ }
- err = helpers.ReadGRPCStream(stream, func(info *machineapi.FileInfo, node string, multipleNodes bool) error {
- // E.g. /var/lib should inherit /var label, while /var/run is a new mountpoint
- if slices.Contains(paths, info.Name) && info.Name != path {
- return nil
- }
+ stream, err := suite.Client.LS(nodeCtx, req)
- suite.Require().NotNil(info.Xattrs)
-
- found := false
-
- for _, l := range info.Xattrs {
- if l.Name == "security.selinux" {
- got := string(bytes.Trim(l.Data, "\x00\n"))
- suite.Require().Contains(got, label, "expected %s to have label %s, got %s", path, label, got)
-
- found = true
-
- break
- }
- }
-
- suite.Require().True(found)
+ suite.Require().NoError(err)
+ err = helpers.ReadGRPCStream(stream, func(info *machineapi.FileInfo, node string, multipleNodes bool) error {
+ // E.g. /var/lib should inherit /var label, while /var/run is a new mountpoint
+ if slices.Contains(paths, info.Name) && info.Name != path {
return nil
- })
-
- if allowMissing {
- if err != nil {
- suite.Require().Contains(err.Error(), "lstat")
- suite.Require().Contains(err.Error(), "no such file or directory")
- }
- } else {
- suite.Require().NoError(err)
}
+
+ if slices.Contains(
+ []string{
+ constants.RunPath,
+ constants.SystemRunPath,
+ "/run/containerd",
+ "/var/run",
+ "/var/log/containers",
+ },
+ path,
+ ) && info.Name != path {
+ return nil
+ }
+
+ suite.Require().NotNil(info.Xattrs)
+
+ found := false
+
+ for _, l := range info.Xattrs {
+ if l.Name == "security.selinux" {
+ got := string(bytes.Trim(l.Data, "\x00\n"))
+ suite.Require().Contains(got, label, "expected %s to have label %s, got %s (checking %s)", info.Name, label, got, path)
+
+ found = true
+
+ break
+ }
+ }
+
+ suite.Require().True(found)
+
+ return nil
+ })
+
+ if allowMissing {
+ if err != nil {
+ suite.Require().Contains(err.Error(), "lstat")
+ suite.Require().Contains(err.Error(), "no such file or directory")
+ }
+ } else {
+ suite.Require().NoError(err)
}
}
}
diff --git a/internal/integration/k8s/tink.go b/internal/integration/k8s/tink.go
index 968312f3b..8563f6074 100644
--- a/internal/integration/k8s/tink.go
+++ b/internal/integration/k8s/tink.go
@@ -22,6 +22,7 @@ import (
"github.com/siderolabs/gen/xslices"
"github.com/siderolabs/go-pointer"
"github.com/siderolabs/go-retry/retry"
+ "github.com/stretchr/testify/assert"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
@@ -203,7 +204,11 @@ func (suite *TinkSuite) TestDeploy() {
suite.T().Log("bootstrapping")
- suite.Require().NoError(talosClient.Bootstrap(ctx, &machineapi.BootstrapRequest{}))
+ suite.Require().EventuallyWithT(func(collect *assert.CollectT) {
+ asrt := assert.New(collect)
+
+ asrt.NoError(talosClient.Bootstrap(ctx, &machineapi.BootstrapRequest{}))
+ }, time.Minute, 100*time.Millisecond)
clusterAccess := &tinkClusterAccess{
KubernetesClient: cluster.KubernetesClient{
diff --git a/internal/pkg/mount/v2/overlay.go b/internal/pkg/mount/v2/overlay.go
deleted file mode 100644
index b4fc871d8..000000000
--- a/internal/pkg/mount/v2/overlay.go
+++ /dev/null
@@ -1,20 +0,0 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-package mount
-
-import (
- "github.com/siderolabs/gen/xslices"
- "golang.org/x/sys/unix"
-
- "github.com/siderolabs/talos/pkg/machinery/constants"
-)
-
-// OverlayMountPoints returns the mountpoints required to boot the system.
-// These mountpoints are used as overlays on top of the read only rootfs.
-func OverlayMountPoints() Points {
- return xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) *Point {
- return NewVarOverlay([]string{target.Path}, target.Path, WithFlags(unix.MS_I_VERSION), WithSelinuxLabel(target.Label))
- })
-}
diff --git a/internal/pkg/selinux/selinux.go b/internal/pkg/selinux/selinux.go
index 61e68e082..de6a1be45 100644
--- a/internal/pkg/selinux/selinux.go
+++ b/internal/pkg/selinux/selinux.go
@@ -49,6 +49,25 @@ var IsEnforcing = sync.OnceValue(func() bool {
return val != nil && *val == "1"
})
+// GetLabel gets label for file, directory or symlink (not following symlinks)
+// It does not perform the operation in case SELinux is disabled.
+func GetLabel(filename string) (string, error) {
+ if !IsEnabled() {
+ return "", nil
+ }
+
+ label, err := xattr.LGet(filename, "security.selinux")
+ if err != nil {
+ return "", err
+ }
+
+ if label == nil {
+ return "", nil
+ }
+
+ return string(bytes.Trim(label, "\x00\n")), nil
+}
+
// SetLabel sets label for file, directory or symlink (not following symlinks)
// It does not perform the operation in case SELinux is disabled, provided label is empty or already set.
func SetLabel(filename string, label string, excludeLabels ...string) error {
@@ -56,22 +75,22 @@ func SetLabel(filename string, label string, excludeLabels ...string) error {
return nil
}
- // We use LGet/LSet so that we manipulate label on the exact path, not the symlink target.
- currentLabel, err := xattr.LGet(filename, "security.selinux")
+ currentLabel, err := GetLabel(filename)
if err != nil {
return err
}
// Skip extra FS transactions when labels are okay.
- if string(bytes.Trim(currentLabel, "\x00\n")) == label {
+ if currentLabel == label {
return nil
}
// Skip setting label if it's in excludeLabels.
- if currentLabel != nil && slices.Contains(excludeLabels, string(bytes.Trim(currentLabel, "\x00\n"))) {
+ if currentLabel != "" && slices.Contains(excludeLabels, currentLabel) {
return nil
}
+ // We use LGet/LSet so that we manipulate label on the exact path, not the symlink target.
if err := xattr.LSet(filename, "security.selinux", []byte(label)); err != nil {
return err
}
diff --git a/pkg/machinery/api/resource/definitions/block/block.pb.go b/pkg/machinery/api/resource/definitions/block/block.pb.go
index 4effc2e4e..1af32cdb5 100644
--- a/pkg/machinery/api/resource/definitions/block/block.pb.go
+++ b/pkg/machinery/api/resource/definitions/block/block.pb.go
@@ -983,6 +983,10 @@ type MountSpec struct {
SelinuxLabel string `protobuf:"bytes,2,opt,name=selinux_label,json=selinuxLabel,proto3" json:"selinux_label,omitempty"`
ProjectQuotaSupport bool `protobuf:"varint,3,opt,name=project_quota_support,json=projectQuotaSupport,proto3" json:"project_quota_support,omitempty"`
ParentId string `protobuf:"bytes,4,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
+ FileMode uint32 `protobuf:"varint,5,opt,name=file_mode,json=fileMode,proto3" json:"file_mode,omitempty"`
+ Uid int64 `protobuf:"varint,6,opt,name=uid,proto3" json:"uid,omitempty"`
+ Gid int64 `protobuf:"varint,7,opt,name=gid,proto3" json:"gid,omitempty"`
+ RecursiveRelabel bool `protobuf:"varint,8,opt,name=recursive_relabel,json=recursiveRelabel,proto3" json:"recursive_relabel,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
@@ -1045,6 +1049,34 @@ func (x *MountSpec) GetParentId() string {
return ""
}
+func (x *MountSpec) GetFileMode() uint32 {
+ if x != nil {
+ return x.FileMode
+ }
+ return 0
+}
+
+func (x *MountSpec) GetUid() int64 {
+ if x != nil {
+ return x.Uid
+ }
+ return 0
+}
+
+func (x *MountSpec) GetGid() int64 {
+ if x != nil {
+ return x.Gid
+ }
+ return 0
+}
+
+func (x *MountSpec) GetRecursiveRelabel() bool {
+ if x != nil {
+ return x.RecursiveRelabel
+ }
+ return false
+}
+
// MountStatusSpec is the spec for MountStatus.
type MountStatusSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
@@ -1284,6 +1316,59 @@ func (x *ProvisioningSpec) GetFilesystemSpec() *FilesystemSpec {
return nil
}
+// SymlinkProvisioningSpec is the spec for volume symlink.
+type SymlinkProvisioningSpec struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ SymlinkTargetPath string `protobuf:"bytes,1,opt,name=symlink_target_path,json=symlinkTargetPath,proto3" json:"symlink_target_path,omitempty"`
+ Force bool `protobuf:"varint,2,opt,name=force,proto3" json:"force,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *SymlinkProvisioningSpec) Reset() {
+ *x = SymlinkProvisioningSpec{}
+ mi := &file_resource_definitions_block_block_proto_msgTypes[15]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *SymlinkProvisioningSpec) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SymlinkProvisioningSpec) ProtoMessage() {}
+
+func (x *SymlinkProvisioningSpec) ProtoReflect() protoreflect.Message {
+ mi := &file_resource_definitions_block_block_proto_msgTypes[15]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use SymlinkProvisioningSpec.ProtoReflect.Descriptor instead.
+func (*SymlinkProvisioningSpec) Descriptor() ([]byte, []int) {
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *SymlinkProvisioningSpec) GetSymlinkTargetPath() string {
+ if x != nil {
+ return x.SymlinkTargetPath
+ }
+ return ""
+}
+
+func (x *SymlinkProvisioningSpec) GetForce() bool {
+ if x != nil {
+ return x.Force
+ }
+ return false
+}
+
// SymlinkSpec is the spec for Symlinks resource.
type SymlinkSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
@@ -1294,7 +1379,7 @@ type SymlinkSpec struct {
func (x *SymlinkSpec) Reset() {
*x = SymlinkSpec{}
- mi := &file_resource_definitions_block_block_proto_msgTypes[15]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[16]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1306,7 +1391,7 @@ func (x *SymlinkSpec) String() string {
func (*SymlinkSpec) ProtoMessage() {}
func (x *SymlinkSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_block_block_proto_msgTypes[15]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[16]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1319,7 +1404,7 @@ func (x *SymlinkSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use SymlinkSpec.ProtoReflect.Descriptor instead.
func (*SymlinkSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{15}
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{16}
}
func (x *SymlinkSpec) GetPaths() []string {
@@ -1340,7 +1425,7 @@ type SystemDiskSpec struct {
func (x *SystemDiskSpec) Reset() {
*x = SystemDiskSpec{}
- mi := &file_resource_definitions_block_block_proto_msgTypes[16]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[17]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1352,7 +1437,7 @@ func (x *SystemDiskSpec) String() string {
func (*SystemDiskSpec) ProtoMessage() {}
func (x *SystemDiskSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_block_block_proto_msgTypes[16]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[17]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1365,7 +1450,7 @@ func (x *SystemDiskSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use SystemDiskSpec.ProtoReflect.Descriptor instead.
func (*SystemDiskSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{16}
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{17}
}
func (x *SystemDiskSpec) GetDiskId() string {
@@ -1393,7 +1478,7 @@ type UserDiskConfigStatusSpec struct {
func (x *UserDiskConfigStatusSpec) Reset() {
*x = UserDiskConfigStatusSpec{}
- mi := &file_resource_definitions_block_block_proto_msgTypes[17]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[18]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1405,7 +1490,7 @@ func (x *UserDiskConfigStatusSpec) String() string {
func (*UserDiskConfigStatusSpec) ProtoMessage() {}
func (x *UserDiskConfigStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_block_block_proto_msgTypes[17]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[18]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1418,7 +1503,7 @@ func (x *UserDiskConfigStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use UserDiskConfigStatusSpec.ProtoReflect.Descriptor instead.
func (*UserDiskConfigStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{17}
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{18}
}
func (x *UserDiskConfigStatusSpec) GetReady() bool {
@@ -1437,20 +1522,21 @@ func (x *UserDiskConfigStatusSpec) GetTornDown() bool {
// VolumeConfigSpec is the spec for VolumeConfig resource.
type VolumeConfigSpec struct {
- state protoimpl.MessageState `protogen:"open.v1"`
- ParentId string `protobuf:"bytes,1,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
- Type enums.BlockVolumeType `protobuf:"varint,2,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"`
- Provisioning *ProvisioningSpec `protobuf:"bytes,3,opt,name=provisioning,proto3" json:"provisioning,omitempty"`
- Locator *LocatorSpec `protobuf:"bytes,4,opt,name=locator,proto3" json:"locator,omitempty"`
- Mount *MountSpec `protobuf:"bytes,5,opt,name=mount,proto3" json:"mount,omitempty"`
- Encryption *EncryptionSpec `protobuf:"bytes,6,opt,name=encryption,proto3" json:"encryption,omitempty"`
+ state protoimpl.MessageState `protogen:"open.v1"`
+ ParentId string `protobuf:"bytes,1,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
+ Type enums.BlockVolumeType `protobuf:"varint,2,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"`
+ Provisioning *ProvisioningSpec `protobuf:"bytes,3,opt,name=provisioning,proto3" json:"provisioning,omitempty"`
+ Locator *LocatorSpec `protobuf:"bytes,4,opt,name=locator,proto3" json:"locator,omitempty"`
+ Mount *MountSpec `protobuf:"bytes,5,opt,name=mount,proto3" json:"mount,omitempty"`
+ Encryption *EncryptionSpec `protobuf:"bytes,6,opt,name=encryption,proto3" json:"encryption,omitempty"`
+ Symlink *SymlinkProvisioningSpec `protobuf:"bytes,7,opt,name=symlink,proto3" json:"symlink,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VolumeConfigSpec) Reset() {
*x = VolumeConfigSpec{}
- mi := &file_resource_definitions_block_block_proto_msgTypes[18]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[19]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1462,7 +1548,7 @@ func (x *VolumeConfigSpec) String() string {
func (*VolumeConfigSpec) ProtoMessage() {}
func (x *VolumeConfigSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_block_block_proto_msgTypes[18]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[19]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1475,7 +1561,7 @@ func (x *VolumeConfigSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeConfigSpec.ProtoReflect.Descriptor instead.
func (*VolumeConfigSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{18}
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{19}
}
func (x *VolumeConfigSpec) GetParentId() string {
@@ -1520,6 +1606,13 @@ func (x *VolumeConfigSpec) GetEncryption() *EncryptionSpec {
return nil
}
+func (x *VolumeConfigSpec) GetSymlink() *SymlinkProvisioningSpec {
+ if x != nil {
+ return x.Symlink
+ }
+ return nil
+}
+
// VolumeMountRequestSpec is the spec for VolumeMountRequest.
type VolumeMountRequestSpec struct {
state protoimpl.MessageState `protogen:"open.v1"`
@@ -1532,7 +1625,7 @@ type VolumeMountRequestSpec struct {
func (x *VolumeMountRequestSpec) Reset() {
*x = VolumeMountRequestSpec{}
- mi := &file_resource_definitions_block_block_proto_msgTypes[19]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[20]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1544,7 +1637,7 @@ func (x *VolumeMountRequestSpec) String() string {
func (*VolumeMountRequestSpec) ProtoMessage() {}
func (x *VolumeMountRequestSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_block_block_proto_msgTypes[19]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[20]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1557,7 +1650,7 @@ func (x *VolumeMountRequestSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeMountRequestSpec.ProtoReflect.Descriptor instead.
func (*VolumeMountRequestSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{19}
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{20}
}
func (x *VolumeMountRequestSpec) GetVolumeId() string {
@@ -1594,7 +1687,7 @@ type VolumeMountStatusSpec struct {
func (x *VolumeMountStatusSpec) Reset() {
*x = VolumeMountStatusSpec{}
- mi := &file_resource_definitions_block_block_proto_msgTypes[20]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[21]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1606,7 +1699,7 @@ func (x *VolumeMountStatusSpec) String() string {
func (*VolumeMountStatusSpec) ProtoMessage() {}
func (x *VolumeMountStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_block_block_proto_msgTypes[20]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[21]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1619,7 +1712,7 @@ func (x *VolumeMountStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeMountStatusSpec.ProtoReflect.Descriptor instead.
func (*VolumeMountStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{20}
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{21}
}
func (x *VolumeMountStatusSpec) GetVolumeId() string {
@@ -1670,13 +1763,15 @@ type VolumeStatusSpec struct {
MountSpec *MountSpec `protobuf:"bytes,15,opt,name=mount_spec,json=mountSpec,proto3" json:"mount_spec,omitempty"`
Type enums.BlockVolumeType `protobuf:"varint,16,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"`
ConfiguredEncryptionKeys []string `protobuf:"bytes,17,rep,name=configured_encryption_keys,json=configuredEncryptionKeys,proto3" json:"configured_encryption_keys,omitempty"`
+ SymlinkSpec *SymlinkProvisioningSpec `protobuf:"bytes,18,opt,name=symlink_spec,json=symlinkSpec,proto3" json:"symlink_spec,omitempty"`
+ ParentId string `protobuf:"bytes,19,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (x *VolumeStatusSpec) Reset() {
*x = VolumeStatusSpec{}
- mi := &file_resource_definitions_block_block_proto_msgTypes[21]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[22]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@@ -1688,7 +1783,7 @@ func (x *VolumeStatusSpec) String() string {
func (*VolumeStatusSpec) ProtoMessage() {}
func (x *VolumeStatusSpec) ProtoReflect() protoreflect.Message {
- mi := &file_resource_definitions_block_block_proto_msgTypes[21]
+ mi := &file_resource_definitions_block_block_proto_msgTypes[22]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@@ -1701,7 +1796,7 @@ func (x *VolumeStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use VolumeStatusSpec.ProtoReflect.Descriptor instead.
func (*VolumeStatusSpec) Descriptor() ([]byte, []int) {
- return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{21}
+ return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{22}
}
func (x *VolumeStatusSpec) GetPhase() enums.BlockVolumePhase {
@@ -1823,6 +1918,20 @@ func (x *VolumeStatusSpec) GetConfiguredEncryptionKeys() []string {
return nil
}
+func (x *VolumeStatusSpec) GetSymlinkSpec() *SymlinkProvisioningSpec {
+ if x != nil {
+ return x.SymlinkSpec
+ }
+ return nil
+}
+
+func (x *VolumeStatusSpec) GetParentId() string {
+ if x != nil {
+ return x.ParentId
+ }
+ return ""
+}
+
var File_resource_definitions_block_block_proto protoreflect.FileDescriptor
var file_resource_definitions_block_block_proto_rawDesc = string([]byte{
@@ -1995,7 +2104,7 @@ var file_resource_definitions_block_block_proto_rawDesc = string([]byte{
0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x49,
0x44, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18,
0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22,
- 0xa2, 0x01, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1f, 0x0a,
+ 0x90, 0x02, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1f, 0x0a,
0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01,
0x28, 0x09, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x23,
0x0a, 0x0d, 0x73, 0x65, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18,
@@ -2005,182 +2114,208 @@ var file_resource_definitions_block_block_proto_rawDesc = string([]byte{
0x28, 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61,
0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e,
0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65,
- 0x6e, 0x74, 0x49, 0x64, 0x22, 0xa1, 0x03, 0x0a, 0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74,
- 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x46, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63,
- 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72,
- 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69,
- 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52,
- 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63,
- 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72,
- 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
- 0x12, 0x55, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04,
- 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
+ 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6d, 0x6f, 0x64,
+ 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x4d, 0x6f, 0x64,
+ 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03,
+ 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03,
+ 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69,
+ 0x76, 0x65, 0x5f, 0x72, 0x65, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08,
+ 0x52, 0x10, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x62,
+ 0x65, 0x6c, 0x22, 0xa1, 0x03, 0x0a, 0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74,
+ 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x46, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
- 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c,
- 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c,
- 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f,
- 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64,
- 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f,
- 0x71, 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20,
- 0x01, 0x28, 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74,
- 0x61, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72,
- 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18,
- 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65,
- 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f,
- 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x45, 0x6e,
- 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72,
- 0x54, 0x79, 0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
- 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x72,
- 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x69,
- 0x6e, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x69,
- 0x6e, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x5f, 0x73, 0x69, 0x7a,
- 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65,
- 0x12, 0x12, 0x0a, 0x04, 0x67, 0x72, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04,
- 0x67, 0x72, 0x6f, 0x77, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20,
- 0x01, 0x28, 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79,
- 0x70, 0x65, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74,
- 0x79, 0x70, 0x65, 0x55, 0x75, 0x69, 0x64, 0x22, 0xae, 0x02, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x76,
- 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x53, 0x0a, 0x0d,
- 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
- 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
- 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63,
- 0x74, 0x6f, 0x72, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f,
- 0x72, 0x12, 0x56, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73,
- 0x70, 0x65, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x61, 0x6c, 0x6f,
- 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x61, 0x72,
- 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x61, 0x76,
- 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x77, 0x61, 0x76, 0x65, 0x12, 0x59, 0x0a,
- 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x73, 0x70, 0x65, 0x63,
- 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72,
- 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69,
- 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79,
- 0x73, 0x74, 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79,
- 0x73, 0x74, 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x22, 0x23, 0x0a, 0x0b, 0x53, 0x79, 0x6d, 0x6c,
- 0x69, 0x6e, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73,
- 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x22, 0x44, 0x0a,
- 0x0e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12,
- 0x17, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x06, 0x64, 0x69, 0x73, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x76, 0x5f,
- 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x76, 0x50,
- 0x61, 0x74, 0x68, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x73, 0x65, 0x72, 0x44, 0x69, 0x73, 0x6b, 0x43,
- 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12,
- 0x14, 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05,
- 0x72, 0x65, 0x61, 0x64, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x72, 0x6e, 0x5f, 0x64, 0x6f,
- 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x6f, 0x72, 0x6e, 0x44, 0x6f,
- 0x77, 0x6e, 0x22, 0xac, 0x03, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x6f, 0x6e,
- 0x66, 0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e,
- 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65,
- 0x6e, 0x74, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01,
- 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
+ 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71,
+ 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63, 0x12, 0x16,
+ 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
+ 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+ 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x55,
+ 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, 0x20, 0x01,
+ 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
- 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d,
- 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x56, 0x0a, 0x0c, 0x70,
- 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28,
- 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
- 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62,
- 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e,
- 0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e,
- 0x69, 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x04,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
- 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
- 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x53,
- 0x70, 0x65, 0x63, 0x52, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x41, 0x0a, 0x05,
- 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61,
- 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66,
- 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d,
- 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x05, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12,
- 0x50, 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
- 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
- 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f,
- 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f,
- 0x6e, 0x22, 0x70, 0x0a, 0x16, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74,
- 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x76,
- 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
- 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x75,
- 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x71,
- 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f,
- 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f,
- 0x6e, 0x6c, 0x79, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f,
- 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a,
- 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
- 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65,
- 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72,
- 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67,
- 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74,
- 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x04, 0x20,
- 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xb0, 0x07,
- 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70,
- 0x65, 0x63, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
- 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
- 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65,
- 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65,
- 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08,
- 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
- 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x72, 0x72, 0x6f,
- 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x12, 0x0a,
- 0x04, 0x75, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x75, 0x69,
- 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75,
- 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69,
- 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x75, 0x69, 0x64, 0x12, 0x58, 0x0a, 0x0e, 0x70, 0x72, 0x65, 0x5f,
- 0x66, 0x61, 0x69, 0x6c, 0x5f, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e,
- 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
- 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e,
- 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x50,
- 0x68, 0x61, 0x73, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x46, 0x61, 0x69, 0x6c, 0x50, 0x68, 0x61,
- 0x73, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63,
- 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x61, 0x72,
- 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x70,
- 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x08,
- 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49,
- 0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01,
- 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x55, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65,
- 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74,
- 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65,
- 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e,
- 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54,
- 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12,
- 0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4c, 0x6f,
- 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
- 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x0c, 0x20,
+ 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73,
+ 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73,
+ 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e,
+ 0x6c, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e,
+ 0x6c, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x71, 0x75,
+ 0x6f, 0x74, 0x61, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28,
+ 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x53,
+ 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
+ 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x07, 0x20,
0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x45, 0x6e, 0x63, 0x72,
0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79,
0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72,
- 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x65, 0x74, 0x74, 0x79,
- 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x65,
- 0x74, 0x74, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x65, 0x6e, 0x63, 0x72, 0x79,
- 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x5f, 0x73, 0x79, 0x6e,
- 0x63, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70,
- 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x53, 0x79, 0x6e, 0x63, 0x73, 0x12,
- 0x4a, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x18, 0x0f, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
+ 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x74, 0x69,
+ 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x69, 0x6e, 0x5f,
+ 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x53,
+ 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18,
+ 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x12,
+ 0x0a, 0x04, 0x67, 0x72, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x67, 0x72,
+ 0x6f, 0x77, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28,
+ 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65,
+ 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70,
+ 0x65, 0x55, 0x75, 0x69, 0x64, 0x22, 0xae, 0x02, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73,
+ 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x53, 0x0a, 0x0d, 0x64, 0x69,
+ 0x73, 0x6b, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+ 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62,
+ 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f,
+ 0x72, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12,
+ 0x56, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x70, 0x65,
+ 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e,
+ 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
+ 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x61, 0x72, 0x74, 0x69,
+ 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74,
+ 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x61, 0x76, 0x65, 0x18,
+ 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x77, 0x61, 0x76, 0x65, 0x12, 0x59, 0x0a, 0x0f, 0x66,
+ 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x18, 0x04,
+ 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
+ 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+ 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74,
+ 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74,
+ 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x22, 0x5f, 0x0a, 0x17, 0x53, 0x79, 0x6d, 0x6c, 0x69, 0x6e,
+ 0x6b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65,
+ 0x63, 0x12, 0x2e, 0x0a, 0x13, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x74, 0x61, 0x72,
+ 0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11,
+ 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74,
+ 0x68, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08,
+ 0x52, 0x05, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x22, 0x23, 0x0a, 0x0b, 0x53, 0x79, 0x6d, 0x6c, 0x69,
+ 0x6e, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18,
+ 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x22, 0x44, 0x0a, 0x0e,
+ 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x17,
+ 0x0a, 0x07, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x06, 0x64, 0x69, 0x73, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x76, 0x5f, 0x70,
+ 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x76, 0x50, 0x61,
+ 0x74, 0x68, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x73, 0x65, 0x72, 0x44, 0x69, 0x73, 0x6b, 0x43, 0x6f,
+ 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14,
+ 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x72,
+ 0x65, 0x61, 0x64, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x72, 0x6e, 0x5f, 0x64, 0x6f, 0x77,
+ 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x6f, 0x72, 0x6e, 0x44, 0x6f, 0x77,
+ 0x6e, 0x22, 0x81, 0x04, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
+ 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, 0x6e,
+ 0x74, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+ 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+ 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65,
+ 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65,
+ 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x56, 0x0a, 0x0c, 0x70, 0x72,
+ 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c,
+ 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67,
+ 0x53, 0x70, 0x65, 0x63, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69,
+ 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x04, 0x20,
+ 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f,
0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
- 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63,
- 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x45, 0x0a, 0x04, 0x74,
- 0x79, 0x70, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f,
- 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f,
- 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79,
- 0x70, 0x65, 0x12, 0x3c, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x64,
- 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x73,
- 0x18, 0x11, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
- 0x65, 0x64, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x73,
- 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70,
- 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5a, 0x48, 0x67, 0x69,
- 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c,
- 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61,
- 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f,
- 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73,
- 0x2f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x53, 0x70,
+ 0x65, 0x63, 0x52, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6d,
+ 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c,
+ 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69,
+ 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f,
+ 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x05, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x50,
+ 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75,
+ 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e,
+ 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+ 0x53, 0x70, 0x65, 0x63, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+ 0x12, 0x53, 0x0a, 0x07, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28,
+ 0x0b, 0x32, 0x39, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72,
+ 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62,
+ 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x53, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x50, 0x72, 0x6f, 0x76,
+ 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x07, 0x73, 0x79,
+ 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x22, 0x70, 0x0a, 0x16, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d,
+ 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12,
+ 0x1b, 0x0a, 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09,
+ 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65,
+ 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72,
+ 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75,
+ 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65,
+ 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c,
+ 0x0a, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28,
+ 0x09, 0x52, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06,
+ 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61,
+ 0x72, 0x67, 0x65, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c,
+ 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c,
+ 0x79, 0x22, 0xab, 0x08, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74,
+ 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18,
+ 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65,
+ 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f,
+ 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f,
+ 0x6c, 0x75, 0x6d, 0x65, 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65,
+ 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d,
+ 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67,
+ 0x65, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x04, 0x75, 0x75, 0x69, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69,
+ 0x6f, 0x6e, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70,
+ 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x75, 0x69, 0x64, 0x12, 0x58, 0x0a, 0x0e,
+ 0x70, 0x72, 0x65, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x5f, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x06,
+ 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73,
+ 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e,
+ 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c,
+ 0x75, 0x6d, 0x65, 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x46, 0x61, 0x69,
+ 0x6c, 0x50, 0x68, 0x61, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74,
+ 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x0e, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
+ 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x64,
+ 0x65, 0x78, 0x18, 0x08, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74,
+ 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65,
+ 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x55, 0x0a, 0x0a,
+ 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e,
+ 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e,
+ 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73,
+ 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73,
+ 0x74, 0x65, 0x6d, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x6f, 0x75,
+ 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e,
+ 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65,
+ 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e,
+ 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
+ 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b,
+ 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64,
+ 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69,
+ 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72,
+ 0x65, 0x74, 0x74, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x0a, 0x70, 0x72, 0x65, 0x74, 0x74, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x65,
+ 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64,
+ 0x5f, 0x73, 0x79, 0x6e, 0x63, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x65, 0x6e,
+ 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x53, 0x79,
+ 0x6e, 0x63, 0x73, 0x12, 0x4a, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x73, 0x70, 0x65,
+ 0x63, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e,
+ 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
+ 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74,
+ 0x53, 0x70, 0x65, 0x63, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12,
+ 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e,
+ 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64,
+ 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73,
+ 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65,
+ 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3c, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+ 0x75, 0x72, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
+ 0x6b, 0x65, 0x79, 0x73, 0x18, 0x11, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x75, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+ 0x4b, 0x65, 0x79, 0x73, 0x12, 0x5c, 0x0a, 0x0c, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x5f,
+ 0x73, 0x70, 0x65, 0x63, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x74, 0x61, 0x6c,
+ 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69,
+ 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x53, 0x79,
+ 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e,
+ 0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0b, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x53, 0x70,
+ 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18,
+ 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x42,
+ 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69,
+ 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69,
+ 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5a, 0x48, 0x67, 0x69, 0x74,
+ 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61,
+ 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63,
+ 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75,
+ 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f,
+ 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
})
var (
@@ -2195,7 +2330,7 @@ func file_resource_definitions_block_block_proto_rawDescGZIP() []byte {
return file_resource_definitions_block_block_proto_rawDescData
}
-var file_resource_definitions_block_block_proto_msgTypes = make([]protoimpl.MessageInfo, 22)
+var file_resource_definitions_block_block_proto_msgTypes = make([]protoimpl.MessageInfo, 23)
var file_resource_definitions_block_block_proto_goTypes = []any{
(*DeviceSpec)(nil), // 0: talos.resource.definitions.block.DeviceSpec
(*DiscoveredVolumeSpec)(nil), // 1: talos.resource.definitions.block.DiscoveredVolumeSpec
@@ -2212,49 +2347,52 @@ var file_resource_definitions_block_block_proto_goTypes = []any{
(*MountStatusSpec)(nil), // 12: talos.resource.definitions.block.MountStatusSpec
(*PartitionSpec)(nil), // 13: talos.resource.definitions.block.PartitionSpec
(*ProvisioningSpec)(nil), // 14: talos.resource.definitions.block.ProvisioningSpec
- (*SymlinkSpec)(nil), // 15: talos.resource.definitions.block.SymlinkSpec
- (*SystemDiskSpec)(nil), // 16: talos.resource.definitions.block.SystemDiskSpec
- (*UserDiskConfigStatusSpec)(nil), // 17: talos.resource.definitions.block.UserDiskConfigStatusSpec
- (*VolumeConfigSpec)(nil), // 18: talos.resource.definitions.block.VolumeConfigSpec
- (*VolumeMountRequestSpec)(nil), // 19: talos.resource.definitions.block.VolumeMountRequestSpec
- (*VolumeMountStatusSpec)(nil), // 20: talos.resource.definitions.block.VolumeMountStatusSpec
- (*VolumeStatusSpec)(nil), // 21: talos.resource.definitions.block.VolumeStatusSpec
- (*v1alpha1.CheckedExpr)(nil), // 22: google.api.expr.v1alpha1.CheckedExpr
- (enums.BlockEncryptionKeyType)(0), // 23: talos.resource.definitions.enums.BlockEncryptionKeyType
- (enums.BlockEncryptionProviderType)(0), // 24: talos.resource.definitions.enums.BlockEncryptionProviderType
- (enums.BlockFilesystemType)(0), // 25: talos.resource.definitions.enums.BlockFilesystemType
- (enums.BlockVolumeType)(0), // 26: talos.resource.definitions.enums.BlockVolumeType
- (enums.BlockVolumePhase)(0), // 27: talos.resource.definitions.enums.BlockVolumePhase
+ (*SymlinkProvisioningSpec)(nil), // 15: talos.resource.definitions.block.SymlinkProvisioningSpec
+ (*SymlinkSpec)(nil), // 16: talos.resource.definitions.block.SymlinkSpec
+ (*SystemDiskSpec)(nil), // 17: talos.resource.definitions.block.SystemDiskSpec
+ (*UserDiskConfigStatusSpec)(nil), // 18: talos.resource.definitions.block.UserDiskConfigStatusSpec
+ (*VolumeConfigSpec)(nil), // 19: talos.resource.definitions.block.VolumeConfigSpec
+ (*VolumeMountRequestSpec)(nil), // 20: talos.resource.definitions.block.VolumeMountRequestSpec
+ (*VolumeMountStatusSpec)(nil), // 21: talos.resource.definitions.block.VolumeMountStatusSpec
+ (*VolumeStatusSpec)(nil), // 22: talos.resource.definitions.block.VolumeStatusSpec
+ (*v1alpha1.CheckedExpr)(nil), // 23: google.api.expr.v1alpha1.CheckedExpr
+ (enums.BlockEncryptionKeyType)(0), // 24: talos.resource.definitions.enums.BlockEncryptionKeyType
+ (enums.BlockEncryptionProviderType)(0), // 25: talos.resource.definitions.enums.BlockEncryptionProviderType
+ (enums.BlockFilesystemType)(0), // 26: talos.resource.definitions.enums.BlockFilesystemType
+ (enums.BlockVolumeType)(0), // 27: talos.resource.definitions.enums.BlockVolumeType
+ (enums.BlockVolumePhase)(0), // 28: talos.resource.definitions.enums.BlockVolumePhase
}
var file_resource_definitions_block_block_proto_depIdxs = []int32{
- 22, // 0: talos.resource.definitions.block.DiskSelector.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
- 23, // 1: talos.resource.definitions.block.EncryptionKey.type:type_name -> talos.resource.definitions.enums.BlockEncryptionKeyType
- 24, // 2: talos.resource.definitions.block.EncryptionSpec.provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
+ 23, // 0: talos.resource.definitions.block.DiskSelector.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
+ 24, // 1: talos.resource.definitions.block.EncryptionKey.type:type_name -> talos.resource.definitions.enums.BlockEncryptionKeyType
+ 25, // 2: talos.resource.definitions.block.EncryptionSpec.provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
6, // 3: talos.resource.definitions.block.EncryptionSpec.keys:type_name -> talos.resource.definitions.block.EncryptionKey
- 25, // 4: talos.resource.definitions.block.FilesystemSpec.type:type_name -> talos.resource.definitions.enums.BlockFilesystemType
- 22, // 5: talos.resource.definitions.block.LocatorSpec.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
+ 26, // 4: talos.resource.definitions.block.FilesystemSpec.type:type_name -> talos.resource.definitions.enums.BlockFilesystemType
+ 23, // 5: talos.resource.definitions.block.LocatorSpec.match:type_name -> google.api.expr.v1alpha1.CheckedExpr
10, // 6: talos.resource.definitions.block.MountStatusSpec.spec:type_name -> talos.resource.definitions.block.MountRequestSpec
- 25, // 7: talos.resource.definitions.block.MountStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
- 24, // 8: talos.resource.definitions.block.MountStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
+ 26, // 7: talos.resource.definitions.block.MountStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
+ 25, // 8: talos.resource.definitions.block.MountStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
4, // 9: talos.resource.definitions.block.ProvisioningSpec.disk_selector:type_name -> talos.resource.definitions.block.DiskSelector
13, // 10: talos.resource.definitions.block.ProvisioningSpec.partition_spec:type_name -> talos.resource.definitions.block.PartitionSpec
8, // 11: talos.resource.definitions.block.ProvisioningSpec.filesystem_spec:type_name -> talos.resource.definitions.block.FilesystemSpec
- 26, // 12: talos.resource.definitions.block.VolumeConfigSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
+ 27, // 12: talos.resource.definitions.block.VolumeConfigSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
14, // 13: talos.resource.definitions.block.VolumeConfigSpec.provisioning:type_name -> talos.resource.definitions.block.ProvisioningSpec
9, // 14: talos.resource.definitions.block.VolumeConfigSpec.locator:type_name -> talos.resource.definitions.block.LocatorSpec
11, // 15: talos.resource.definitions.block.VolumeConfigSpec.mount:type_name -> talos.resource.definitions.block.MountSpec
7, // 16: talos.resource.definitions.block.VolumeConfigSpec.encryption:type_name -> talos.resource.definitions.block.EncryptionSpec
- 27, // 17: talos.resource.definitions.block.VolumeStatusSpec.phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
- 27, // 18: talos.resource.definitions.block.VolumeStatusSpec.pre_fail_phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
- 25, // 19: talos.resource.definitions.block.VolumeStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
- 24, // 20: talos.resource.definitions.block.VolumeStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
- 11, // 21: talos.resource.definitions.block.VolumeStatusSpec.mount_spec:type_name -> talos.resource.definitions.block.MountSpec
- 26, // 22: talos.resource.definitions.block.VolumeStatusSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
- 23, // [23:23] is the sub-list for method output_type
- 23, // [23:23] is the sub-list for method input_type
- 23, // [23:23] is the sub-list for extension type_name
- 23, // [23:23] is the sub-list for extension extendee
- 0, // [0:23] is the sub-list for field type_name
+ 15, // 17: talos.resource.definitions.block.VolumeConfigSpec.symlink:type_name -> talos.resource.definitions.block.SymlinkProvisioningSpec
+ 28, // 18: talos.resource.definitions.block.VolumeStatusSpec.phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
+ 28, // 19: talos.resource.definitions.block.VolumeStatusSpec.pre_fail_phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase
+ 26, // 20: talos.resource.definitions.block.VolumeStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType
+ 25, // 21: talos.resource.definitions.block.VolumeStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType
+ 11, // 22: talos.resource.definitions.block.VolumeStatusSpec.mount_spec:type_name -> talos.resource.definitions.block.MountSpec
+ 27, // 23: talos.resource.definitions.block.VolumeStatusSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType
+ 15, // 24: talos.resource.definitions.block.VolumeStatusSpec.symlink_spec:type_name -> talos.resource.definitions.block.SymlinkProvisioningSpec
+ 25, // [25:25] is the sub-list for method output_type
+ 25, // [25:25] is the sub-list for method input_type
+ 25, // [25:25] is the sub-list for extension type_name
+ 25, // [25:25] is the sub-list for extension extendee
+ 0, // [0:25] is the sub-list for field type_name
}
func init() { file_resource_definitions_block_block_proto_init() }
@@ -2268,7 +2406,7 @@ func file_resource_definitions_block_block_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_resource_definitions_block_block_proto_rawDesc), len(file_resource_definitions_block_block_proto_rawDesc)),
NumEnums: 0,
- NumMessages: 22,
+ NumMessages: 23,
NumExtensions: 0,
NumServices: 0,
},
diff --git a/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go b/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go
index f32f90ca4..76f6d4604 100644
--- a/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go
+++ b/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go
@@ -924,6 +924,31 @@ func (m *MountSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
+ if m.RecursiveRelabel {
+ i--
+ if m.RecursiveRelabel {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i--
+ dAtA[i] = 0x40
+ }
+ if m.Gid != 0 {
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Gid))
+ i--
+ dAtA[i] = 0x38
+ }
+ if m.Uid != 0 {
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Uid))
+ i--
+ dAtA[i] = 0x30
+ }
+ if m.FileMode != 0 {
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(m.FileMode))
+ i--
+ dAtA[i] = 0x28
+ }
if len(m.ParentId) > 0 {
i -= len(m.ParentId)
copy(dAtA[i:], m.ParentId)
@@ -1180,6 +1205,56 @@ func (m *ProvisioningSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
return len(dAtA) - i, nil
}
+func (m *SymlinkProvisioningSpec) MarshalVT() (dAtA []byte, err error) {
+ if m == nil {
+ return nil, nil
+ }
+ size := m.SizeVT()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalToSizedBufferVT(dAtA[:size])
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *SymlinkProvisioningSpec) MarshalToVT(dAtA []byte) (int, error) {
+ size := m.SizeVT()
+ return m.MarshalToSizedBufferVT(dAtA[:size])
+}
+
+func (m *SymlinkProvisioningSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
+ if m == nil {
+ return 0, nil
+ }
+ i := len(dAtA)
+ _ = i
+ var l int
+ _ = l
+ if m.unknownFields != nil {
+ i -= len(m.unknownFields)
+ copy(dAtA[i:], m.unknownFields)
+ }
+ if m.Force {
+ i--
+ if m.Force {
+ dAtA[i] = 1
+ } else {
+ dAtA[i] = 0
+ }
+ i--
+ dAtA[i] = 0x10
+ }
+ if len(m.SymlinkTargetPath) > 0 {
+ i -= len(m.SymlinkTargetPath)
+ copy(dAtA[i:], m.SymlinkTargetPath)
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.SymlinkTargetPath)))
+ i--
+ dAtA[i] = 0xa
+ }
+ return len(dAtA) - i, nil
+}
+
func (m *SymlinkSpec) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
@@ -1352,6 +1427,16 @@ func (m *VolumeConfigSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
+ if m.Symlink != nil {
+ size, err := m.Symlink.MarshalToSizedBufferVT(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
+ i--
+ dAtA[i] = 0x3a
+ }
if m.Encryption != nil {
size, err := m.Encryption.MarshalToSizedBufferVT(dAtA[:i])
if err != nil {
@@ -1558,6 +1643,27 @@ func (m *VolumeStatusSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
+ if len(m.ParentId) > 0 {
+ i -= len(m.ParentId)
+ copy(dAtA[i:], m.ParentId)
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.ParentId)))
+ i--
+ dAtA[i] = 0x1
+ i--
+ dAtA[i] = 0x9a
+ }
+ if m.SymlinkSpec != nil {
+ size, err := m.SymlinkSpec.MarshalToSizedBufferVT(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = protohelpers.EncodeVarint(dAtA, i, uint64(size))
+ i--
+ dAtA[i] = 0x1
+ i--
+ dAtA[i] = 0x92
+ }
if len(m.ConfiguredEncryptionKeys) > 0 {
for iNdEx := len(m.ConfiguredEncryptionKeys) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ConfiguredEncryptionKeys[iNdEx])
@@ -2079,6 +2185,18 @@ func (m *MountSpec) SizeVT() (n int) {
if l > 0 {
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
+ if m.FileMode != 0 {
+ n += 1 + protohelpers.SizeOfVarint(uint64(m.FileMode))
+ }
+ if m.Uid != 0 {
+ n += 1 + protohelpers.SizeOfVarint(uint64(m.Uid))
+ }
+ if m.Gid != 0 {
+ n += 1 + protohelpers.SizeOfVarint(uint64(m.Gid))
+ }
+ if m.RecursiveRelabel {
+ n += 2
+ }
n += len(m.unknownFields)
return n
}
@@ -2169,6 +2287,23 @@ func (m *ProvisioningSpec) SizeVT() (n int) {
return n
}
+func (m *SymlinkProvisioningSpec) SizeVT() (n int) {
+ if m == nil {
+ return 0
+ }
+ var l int
+ _ = l
+ l = len(m.SymlinkTargetPath)
+ if l > 0 {
+ n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
+ if m.Force {
+ n += 2
+ }
+ n += len(m.unknownFields)
+ return n
+}
+
func (m *SymlinkSpec) SizeVT() (n int) {
if m == nil {
return 0
@@ -2248,6 +2383,10 @@ func (m *VolumeConfigSpec) SizeVT() (n int) {
l = m.Encryption.SizeVT()
n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
}
+ if m.Symlink != nil {
+ l = m.Symlink.SizeVT()
+ n += 1 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
n += len(m.unknownFields)
return n
}
@@ -2369,6 +2508,14 @@ func (m *VolumeStatusSpec) SizeVT() (n int) {
n += 2 + l + protohelpers.SizeOfVarint(uint64(l))
}
}
+ if m.SymlinkSpec != nil {
+ l = m.SymlinkSpec.SizeVT()
+ n += 2 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
+ l = len(m.ParentId)
+ if l > 0 {
+ n += 2 + l + protohelpers.SizeOfVarint(uint64(l))
+ }
n += len(m.unknownFields)
return n
}
@@ -4937,6 +5084,83 @@ func (m *MountSpec) UnmarshalVT(dAtA []byte) error {
}
m.ParentId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
+ case 5:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field FileMode", wireType)
+ }
+ m.FileMode = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.FileMode |= uint32(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 6:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType)
+ }
+ m.Uid = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Uid |= int64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 7:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType)
+ }
+ m.Gid = 0
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ m.Gid |= int64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ case 8:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field RecursiveRelabel", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.RecursiveRelabel = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
@@ -5539,6 +5763,109 @@ func (m *ProvisioningSpec) UnmarshalVT(dAtA []byte) error {
}
return nil
}
+func (m *SymlinkProvisioningSpec) UnmarshalVT(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: SymlinkProvisioningSpec: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: SymlinkProvisioningSpec: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field SymlinkTargetPath", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.SymlinkTargetPath = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ case 2:
+ if wireType != 0 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Force", wireType)
+ }
+ var v int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ v |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ m.Force = bool(v != 0)
+ default:
+ iNdEx = preIndex
+ skippy, err := protohelpers.Skip(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if (skippy < 0) || (iNdEx+skippy) < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...)
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *SymlinkSpec) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@@ -6052,6 +6379,42 @@ func (m *VolumeConfigSpec) UnmarshalVT(dAtA []byte) error {
return err
}
iNdEx = postIndex
+ case 7:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field Symlink", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if m.Symlink == nil {
+ m.Symlink = &SymlinkProvisioningSpec{}
+ }
+ if err := m.Symlink.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
@@ -6862,6 +7225,74 @@ func (m *VolumeStatusSpec) UnmarshalVT(dAtA []byte) error {
}
m.ConfiguredEncryptionKeys = append(m.ConfiguredEncryptionKeys, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
+ case 18:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field SymlinkSpec", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ if m.SymlinkSpec == nil {
+ m.SymlinkSpec = &SymlinkProvisioningSpec{}
+ }
+ if err := m.SymlinkSpec.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
+ case 19:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field ParentId", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return protohelpers.ErrIntOverflow
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex < 0 {
+ return protohelpers.ErrInvalidLength
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.ParentId = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := protohelpers.Skip(dAtA[iNdEx:])
diff --git a/pkg/machinery/api/resource/definitions/enums/enums.pb.go b/pkg/machinery/api/resource/definitions/enums/enums.pb.go
index 5ec4a2ea0..b1e61af3c 100644
--- a/pkg/machinery/api/resource/definitions/enums/enums.pb.go
+++ b/pkg/machinery/api/resource/definitions/enums/enums.pb.go
@@ -2108,6 +2108,8 @@ const (
BlockVolumeType_VOLUME_TYPE_DISK BlockVolumeType = 1
BlockVolumeType_VOLUME_TYPE_TMPFS BlockVolumeType = 2
BlockVolumeType_VOLUME_TYPE_DIRECTORY BlockVolumeType = 3
+ BlockVolumeType_VOLUME_TYPE_SYMLINK BlockVolumeType = 4
+ BlockVolumeType_VOLUME_TYPE_OVERLAY BlockVolumeType = 5
)
// Enum value maps for BlockVolumeType.
@@ -2117,12 +2119,16 @@ var (
1: "VOLUME_TYPE_DISK",
2: "VOLUME_TYPE_TMPFS",
3: "VOLUME_TYPE_DIRECTORY",
+ 4: "VOLUME_TYPE_SYMLINK",
+ 5: "VOLUME_TYPE_OVERLAY",
}
BlockVolumeType_value = map[string]int32{
"VOLUME_TYPE_PARTITION": 0,
"VOLUME_TYPE_DISK": 1,
"VOLUME_TYPE_TMPFS": 2,
"VOLUME_TYPE_DIRECTORY": 3,
+ "VOLUME_TYPE_SYMLINK": 4,
+ "VOLUME_TYPE_OVERLAY": 5,
}
)
@@ -2941,87 +2947,90 @@ var file_resource_definitions_enums_enums_proto_rawDesc = string([]byte{
0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x45, 0x44, 0x10, 0x05, 0x12, 0x16, 0x0a, 0x12, 0x56, 0x4f,
0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x50, 0x48, 0x41, 0x53, 0x45, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59,
0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x50, 0x48, 0x41,
- 0x53, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10, 0x07, 0x2a, 0x74, 0x0a, 0x0f, 0x42,
- 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19,
- 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x41,
- 0x52, 0x54, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x4f, 0x4c,
- 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x4b, 0x10, 0x01, 0x12,
- 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54,
- 0x4d, 0x50, 0x46, 0x53, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45,
- 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x59, 0x10,
- 0x03, 0x2a, 0x96, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61,
- 0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1e, 0x0a, 0x1a, 0x49, 0x4d, 0x41,
- 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
- 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b, 0x49, 0x4d, 0x41,
- 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f,
- 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4d,
- 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
- 0x5f, 0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x1c, 0x0a, 0x18,
+ 0x53, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10, 0x07, 0x2a, 0xa6, 0x01, 0x0a, 0x0f,
+ 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12,
+ 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50,
+ 0x41, 0x52, 0x54, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x4f,
+ 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x4b, 0x10, 0x01,
+ 0x12, 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
+ 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d,
+ 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x59,
+ 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50,
+ 0x45, 0x5f, 0x53, 0x59, 0x4d, 0x4c, 0x49, 0x4e, 0x4b, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x56,
+ 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x4c,
+ 0x41, 0x59, 0x10, 0x05, 0x2a, 0x96, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67,
+ 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1e, 0x0a, 0x1a,
0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54,
- 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0xab, 0x01, 0x0a, 0x17, 0x43,
- 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x70, 0x79,
- 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f,
- 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55,
- 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x49,
- 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f,
- 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x50, 0x45, 0x44, 0x10, 0x01,
- 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f,
- 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x45, 0x4e, 0x44,
- 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43,
- 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53,
- 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0x53, 0x0a, 0x11, 0x4b, 0x75, 0x62, 0x65,
- 0x73, 0x70, 0x61, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a,
- 0x12, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e,
- 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54,
- 0x41, 0x54, 0x45, 0x5f, 0x55, 0x50, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x45, 0x45, 0x52,
- 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x02, 0x2a, 0x88, 0x01,
- 0x0a, 0x12, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4c,
- 0x61, 0x79, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x44,
- 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46,
- 0x49, 0x47, 0x5f, 0x43, 0x4d, 0x44, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f,
- 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x50, 0x4c, 0x41, 0x54, 0x46, 0x4f, 0x52, 0x4d, 0x10,
- 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52,
- 0x41, 0x54, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47,
- 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x55,
- 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x4b, 0x0a, 0x0f, 0x4e, 0x65, 0x74, 0x77,
- 0x6f, 0x72, 0x6b, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x4f,
- 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50, 0x34, 0x10, 0x00, 0x12,
- 0x12, 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50,
- 0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f,
- 0x56, 0x49, 0x50, 0x10, 0x02, 0x2a, 0x9b, 0x02, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d,
- 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x19, 0x0a,
- 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55,
- 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48,
- 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x54, 0x49, 0x4e,
- 0x47, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53,
- 0x54, 0x41, 0x47, 0x45, 0x5f, 0x49, 0x4e, 0x53, 0x54, 0x41, 0x4c, 0x4c, 0x49, 0x4e, 0x47, 0x10,
- 0x02, 0x12, 0x1d, 0x0a, 0x19, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41,
- 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, 0x45, 0x10, 0x03,
+ 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b,
+ 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54,
+ 0x55, 0x53, 0x5f, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a,
+ 0x1c, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41,
+ 0x54, 0x55, 0x53, 0x5f, 0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12,
+ 0x1c, 0x0a, 0x18, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53,
+ 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0xab, 0x01,
+ 0x0a, 0x17, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43,
+ 0x6f, 0x70, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41,
+ 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54,
+ 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x23,
+ 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f,
+ 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x50, 0x45,
+ 0x44, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43,
+ 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50,
+ 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4d, 0x41, 0x47,
+ 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41,
+ 0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0x53, 0x0a, 0x11, 0x4b,
+ 0x75, 0x62, 0x65, 0x73, 0x70, 0x61, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65,
+ 0x12, 0x16, 0x0a, 0x12, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55,
+ 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x45, 0x45, 0x52,
+ 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x50, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50,
+ 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x02,
+ 0x2a, 0x88, 0x01, 0x0a, 0x12, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x43, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46, 0x49,
+ 0x47, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x43,
+ 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x43, 0x4d, 0x44, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12,
+ 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x50, 0x4c, 0x41, 0x54, 0x46, 0x4f,
+ 0x52, 0x4d, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x4f,
+ 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x4f, 0x4e,
+ 0x46, 0x49, 0x47, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46,
+ 0x49, 0x47, 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x4b, 0x0a, 0x0f, 0x4e,
+ 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x12,
+ 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50, 0x34,
+ 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44,
+ 0x48, 0x43, 0x50, 0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54,
+ 0x4f, 0x52, 0x5f, 0x56, 0x49, 0x50, 0x10, 0x02, 0x2a, 0x9b, 0x02, 0x0a, 0x13, 0x52, 0x75, 0x6e,
+ 0x74, 0x69, 0x6d, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x67, 0x65,
0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47,
- 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x4d,
- 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45, 0x42,
- 0x4f, 0x4f, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x41, 0x43, 0x48,
- 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x48, 0x55, 0x54, 0x54, 0x49,
- 0x4e, 0x47, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x06, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43,
- 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45, 0x53, 0x45, 0x54,
- 0x54, 0x49, 0x4e, 0x47, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e,
- 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x49, 0x4e,
- 0x47, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x53, 0x45,
- 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x53, 0x45,
- 0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x49, 0x53,
- 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x53, 0x45, 0x5f, 0x4c, 0x49,
- 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53,
- 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4e,
- 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x46, 0x4f, 0x52, 0x43, 0x49,
- 0x4e, 0x47, 0x10, 0x02, 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f,
- 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64,
- 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73,
- 0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64,
- 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b,
- 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f,
- 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74,
- 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
- 0x6f, 0x33,
+ 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x4d,
+ 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x42, 0x4f, 0x4f,
+ 0x54, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e,
+ 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x49, 0x4e, 0x53, 0x54, 0x41, 0x4c, 0x4c, 0x49,
+ 0x4e, 0x47, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x19, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f,
+ 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43,
+ 0x45, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53,
+ 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x1b,
+ 0x0a, 0x17, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f,
+ 0x52, 0x45, 0x42, 0x4f, 0x4f, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x1f, 0x0a, 0x1b, 0x4d,
+ 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x48, 0x55,
+ 0x54, 0x54, 0x49, 0x4e, 0x47, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x06, 0x12, 0x1b, 0x0a, 0x17,
+ 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45,
+ 0x53, 0x45, 0x54, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43,
+ 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41,
+ 0x44, 0x49, 0x4e, 0x47, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d,
+ 0x65, 0x53, 0x45, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a,
+ 0x17, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f,
+ 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x53, 0x45,
+ 0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x45, 0x52,
+ 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x45, 0x5f,
+ 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x46, 0x4f,
+ 0x52, 0x43, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74,
+ 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63,
+ 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e,
+ 0x75, 0x6d, 0x73, 0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+ 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73,
+ 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61,
+ 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69,
+ 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x62, 0x06, 0x70,
+ 0x72, 0x6f, 0x74, 0x6f, 0x33,
})
var (
diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go
index 622acd749..5f3007738 100644
--- a/pkg/machinery/constants/constants.go
+++ b/pkg/machinery/constants/constants.go
@@ -477,6 +477,9 @@ const (
// EtcdDataPath is the path where etcd stores its' data.
EtcdDataPath = "/var/lib/etcd"
+ // EtcdDataVolumeID is the ID of the etcd data volume.
+ EtcdDataVolumeID = "ETCD"
+
// EtcdDataSELinuxLabel is the SELinux label for the etcd data directory.
EtcdDataSELinuxLabel = "system_u:object_r:etcd_data_t:s0"
diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs
index d5619ac18..6b376ae21 100644
--- a/pkg/machinery/gendata/data/pkgs
+++ b/pkg/machinery/gendata/data/pkgs
@@ -1 +1 @@
-v1.10.0-alpha.0-69-g665f782
\ No newline at end of file
+v1.10.0-alpha.0-72-g7d7323b
\ No newline at end of file
diff --git a/pkg/machinery/resources/block/volume_config.go b/pkg/machinery/resources/block/volume_config.go
index 8ae2f25f0..8f7b54a53 100644
--- a/pkg/machinery/resources/block/volume_config.go
+++ b/pkg/machinery/resources/block/volume_config.go
@@ -5,6 +5,8 @@
package block
import (
+ "os"
+
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/resource/meta"
"github.com/cosi-project/runtime/pkg/resource/protobuf"
@@ -41,6 +43,9 @@ type VolumeConfigSpec struct {
// Mount options for the volume.
Mount MountSpec `yaml:"mount,omitempty" protobuf:"5"`
+
+ // Symlink options for the volume.
+ Symlink SymlinkProvisioningSpec `yaml:"symlink,omitempty" protobuf:"7"`
}
// Wave constants.
@@ -154,6 +159,24 @@ type MountSpec struct {
ProjectQuotaSupport bool `yaml:"projectQuotaSupport" protobuf:"3"`
// Parent mount request ID.
ParentID string `yaml:"parentId,omitempty" protobuf:"4"`
+ // FileMode is the file mode for the mount target.
+ FileMode os.FileMode `yaml:"fileMode,omitempty" protobuf:"5"`
+ // UID is the user ID for the mount target.
+ UID int `yaml:"uid,omitempty" protobuf:"6"`
+ // GID is the group ID for the mount target.
+ GID int `yaml:"gid,omitempty" protobuf:"7"`
+ // RecursiveRelabel is the recursive relabel/chown flag for the mount target.
+ RecursiveRelabel bool `yaml:"recursiveRelabel,omitempty" protobuf:"8"`
+}
+
+// SymlinkProvisioningSpec is the spec for volume symlink.
+//
+//gotagsrewrite:gen
+type SymlinkProvisioningSpec struct {
+ // Symlink target path for the volume.
+ SymlinkTargetPath string `yaml:"symlinkTargetPath" protobuf:"1"`
+ // Force symlink creation.
+ Force bool `yaml:"force" protobuf:"2"`
}
// NewVolumeConfig initializes a BlockVolumeConfig resource.
diff --git a/pkg/machinery/resources/block/volume_status.go b/pkg/machinery/resources/block/volume_status.go
index 04c568ae6..99d25cb39 100644
--- a/pkg/machinery/resources/block/volume_status.go
+++ b/pkg/machinery/resources/block/volume_status.go
@@ -27,7 +27,8 @@ type VolumeStatusSpec struct {
Phase VolumePhase `yaml:"phase" protobuf:"1"`
PreFailPhase VolumePhase `yaml:"preFailPhase,omitempty" protobuf:"6"`
- Type VolumeType `yaml:"type" protobuf:"16"`
+ Type VolumeType `yaml:"type" protobuf:"16"`
+ ParentID string `yaml:"parentID,omitempty" protobuf:"19"`
// Location is the path to the block device (raw).
Location string `yaml:"location,omitempty" protobuf:"2"`
@@ -56,6 +57,9 @@ type VolumeStatusSpec struct {
// MountSpec is the mount specification.
MountSpec MountSpec `yaml:"mountSpec,omitempty" protobuf:"15"`
+ // Symlink is the symlink specification.
+ SymlinkSpec SymlinkProvisioningSpec `yaml:"symlink,omitempty" protobuf:"18"`
+
ErrorMessage string `yaml:"errorMessage,omitempty" protobuf:"3"`
}
diff --git a/pkg/machinery/resources/block/volumetype.go b/pkg/machinery/resources/block/volumetype.go
index a7711a7a1..c973330f4 100644
--- a/pkg/machinery/resources/block/volumetype.go
+++ b/pkg/machinery/resources/block/volumetype.go
@@ -15,4 +15,6 @@ const (
VolumeTypeDisk // disk
VolumeTypeTmpfs // tmpfs
VolumeTypeDirectory // directory
+ VolumeTypeSymlink // symlink
+ VolumeTypeOverlay // overlay
)
diff --git a/pkg/machinery/resources/block/volumetype_enumer.go b/pkg/machinery/resources/block/volumetype_enumer.go
index 219444ebc..0b8ab63dd 100644
--- a/pkg/machinery/resources/block/volumetype_enumer.go
+++ b/pkg/machinery/resources/block/volumetype_enumer.go
@@ -7,11 +7,11 @@ import (
"strings"
)
-const _VolumeTypeName = "partitiondisktmpfsdirectory"
+const _VolumeTypeName = "partitiondisktmpfsdirectorysymlinkoverlay"
-var _VolumeTypeIndex = [...]uint8{0, 9, 13, 18, 27}
+var _VolumeTypeIndex = [...]uint8{0, 9, 13, 18, 27, 34, 41}
-const _VolumeTypeLowerName = "partitiondisktmpfsdirectory"
+const _VolumeTypeLowerName = "partitiondisktmpfsdirectorysymlinkoverlay"
func (i VolumeType) String() string {
if i < 0 || i >= VolumeType(len(_VolumeTypeIndex)-1) {
@@ -28,9 +28,11 @@ func _VolumeTypeNoOp() {
_ = x[VolumeTypeDisk-(1)]
_ = x[VolumeTypeTmpfs-(2)]
_ = x[VolumeTypeDirectory-(3)]
+ _ = x[VolumeTypeSymlink-(4)]
+ _ = x[VolumeTypeOverlay-(5)]
}
-var _VolumeTypeValues = []VolumeType{VolumeTypePartition, VolumeTypeDisk, VolumeTypeTmpfs, VolumeTypeDirectory}
+var _VolumeTypeValues = []VolumeType{VolumeTypePartition, VolumeTypeDisk, VolumeTypeTmpfs, VolumeTypeDirectory, VolumeTypeSymlink, VolumeTypeOverlay}
var _VolumeTypeNameToValueMap = map[string]VolumeType{
_VolumeTypeName[0:9]: VolumeTypePartition,
@@ -41,6 +43,10 @@ var _VolumeTypeNameToValueMap = map[string]VolumeType{
_VolumeTypeLowerName[13:18]: VolumeTypeTmpfs,
_VolumeTypeName[18:27]: VolumeTypeDirectory,
_VolumeTypeLowerName[18:27]: VolumeTypeDirectory,
+ _VolumeTypeName[27:34]: VolumeTypeSymlink,
+ _VolumeTypeLowerName[27:34]: VolumeTypeSymlink,
+ _VolumeTypeName[34:41]: VolumeTypeOverlay,
+ _VolumeTypeLowerName[34:41]: VolumeTypeOverlay,
}
var _VolumeTypeNames = []string{
@@ -48,6 +54,8 @@ var _VolumeTypeNames = []string{
_VolumeTypeName[9:13],
_VolumeTypeName[13:18],
_VolumeTypeName[18:27],
+ _VolumeTypeName[27:34],
+ _VolumeTypeName[34:41],
}
// VolumeTypeString retrieves an enum value from the enum constants string name.
diff --git a/website/content/v1.10/reference/api.md b/website/content/v1.10/reference/api.md
index d3546eefb..87e1cf8eb 100644
--- a/website/content/v1.10/reference/api.md
+++ b/website/content/v1.10/reference/api.md
@@ -42,6 +42,7 @@ description: Talos gRPC API reference.
- [MountStatusSpec](#talos.resource.definitions.block.MountStatusSpec)
- [PartitionSpec](#talos.resource.definitions.block.PartitionSpec)
- [ProvisioningSpec](#talos.resource.definitions.block.ProvisioningSpec)
+ - [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec)
- [SymlinkSpec](#talos.resource.definitions.block.SymlinkSpec)
- [SystemDiskSpec](#talos.resource.definitions.block.SystemDiskSpec)
- [UserDiskConfigStatusSpec](#talos.resource.definitions.block.UserDiskConfigStatusSpec)
@@ -1058,6 +1059,10 @@ MountSpec is the spec for volume mount.
| selinux_label | [string](#string) | | |
| project_quota_support | [bool](#bool) | | |
| parent_id | [string](#string) | | |
+| file_mode | [uint32](#uint32) | | |
+| uid | [int64](#int64) | | |
+| gid | [int64](#int64) | | |
+| recursive_relabel | [bool](#bool) | | |
@@ -1122,6 +1127,22 @@ ProvisioningSpec is the spec for volume provisioning.
+
+
+### SymlinkProvisioningSpec
+SymlinkProvisioningSpec is the spec for volume symlink.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| symlink_target_path | [string](#string) | | |
+| force | [bool](#bool) | | |
+
+
+
+
+
+
### SymlinkSpec
@@ -1183,6 +1204,7 @@ VolumeConfigSpec is the spec for VolumeConfig resource.
| locator | [LocatorSpec](#talos.resource.definitions.block.LocatorSpec) | | |
| mount | [MountSpec](#talos.resource.definitions.block.MountSpec) | | |
| encryption | [EncryptionSpec](#talos.resource.definitions.block.EncryptionSpec) | | |
+| symlink | [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec) | | |
@@ -1249,6 +1271,8 @@ VolumeStatusSpec is the spec for VolumeStatus resource.
| mount_spec | [MountSpec](#talos.resource.definitions.block.MountSpec) | | |
| type | [talos.resource.definitions.enums.BlockVolumeType](#talos.resource.definitions.enums.BlockVolumeType) | | |
| configured_encryption_keys | [string](#string) | repeated | |
+| symlink_spec | [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec) | | |
+| parent_id | [string](#string) | | |
@@ -1654,6 +1678,8 @@ BlockVolumeType describes volume type.
| VOLUME_TYPE_DISK | 1 | |
| VOLUME_TYPE_TMPFS | 2 | |
| VOLUME_TYPE_DIRECTORY | 3 | |
+| VOLUME_TYPE_SYMLINK | 4 | |
+| VOLUME_TYPE_OVERLAY | 5 | |