From 203e02df492ab5e49ffaaa106c47ae81bcb67251 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Thu, 20 Mar 2025 21:50:37 +0400 Subject: [PATCH] refactor: implement directory and overlay mounts This complements the previous PRs to implement more volume features: directory volumes control their permissions, SELinux labels, etc. Overlay mounts support additional parent relationship. Signed-off-by: Andrey Smirnov --- .github/workflows/ci.yaml | 165 ++--- .github/workflows/integration-aws-cron.yaml | 6 +- .../integration-aws-nvidia-nonfree-cron.yaml | 6 +- .../integration-aws-nvidia-oss-cron.yaml | 6 +- .../workflows/integration-cilium-cron.yaml | 4 +- .../integration-conformance-cron.yaml | 4 +- ...ntegration-conformance-enforcing-cron.yaml | 12 +- .../integration-extensions-cron.yaml | 4 +- .github/workflows/integration-gcp-cron.yaml | 6 +- .../integration-image-factory-cron.yaml | 17 +- .../workflows/integration-images-cron.yaml | 4 +- .../workflows/integration-misc-0-cron.yaml | 6 +- .../workflows/integration-misc-1-cron.yaml | 4 +- .../integration-misc-1-enforcing-cron.yaml | 18 +- .../workflows/integration-misc-2-cron.yaml | 6 +- .../workflows/integration-misc-3-cron.yaml | 4 +- .../integration-misc-3-enforcing-cron.yaml | 16 +- .../workflows/integration-misc-4-cron.yaml | 4 +- .../integration-misc-4-enforcing-cron.yaml | 18 +- .../integration-provision-0-cron.yaml | 4 +- .../integration-provision-1-cron.yaml | 4 +- .../integration-provision-2-cron.yaml | 4 +- .github/workflows/integration-qemu-cron.yaml | 4 +- .../integration-qemu-csi-longhorn-cron.yaml | 4 +- .../integration-qemu-csi-openebs-cron.yaml | 4 +- .../integration-qemu-csi-rook-ceph-cron.yaml | 4 +- .../integration-qemu-encrypted-vip-cron.yaml | 4 +- .../integration-qemu-enforcing-cron.yaml | 18 +- .../workflows/integration-qemu-race-cron.yaml | 4 +- .../integration-trusted-boot-cron.yaml | 8 +- ...tegration-trusted-boot-enforcing-cron.yaml | 14 +- .kres.yaml | 166 +++-- Makefile | 47 +- api/resource/definitions/block/block.proto | 13 + api/resource/definitions/enums/enums.proto | 2 + .../block/internal/volumes/close.go | 4 +- .../block/internal/volumes/locate.go | 5 +- .../block/internal/volumes/volumes.go | 2 + .../machined/pkg/controllers/block/mount.go | 256 +++++++- .../controllers/block/mount_status_test.go | 90 +++ .../pkg/controllers/block/mount_test.go | 152 +++++ .../pkg/controllers/block/user_disk_config.go | 9 +- .../pkg/controllers/block/volume_config.go | 212 ++++++- .../controllers/block/volume_config_test.go | 26 + .../pkg/controllers/block/volume_manager.go | 97 ++- .../pkg/controllers/cri/image_cache_config.go | 19 +- .../runtime/v1alpha1/v1alpha1_sequencer.go | 12 +- .../v1alpha1/v1alpha1_sequencer_tasks.go | 188 +----- internal/app/machined/pkg/startup/startup.go | 1 - internal/app/machined/pkg/startup/tasks.go | 69 +- .../machined/pkg/system/integration_test.go | 2 +- .../app/machined/pkg/system/mocks_test.go | 2 +- internal/app/machined/pkg/system/service.go | 2 +- .../app/machined/pkg/system/service_runner.go | 9 +- .../app/machined/pkg/system/services/apid.go | 2 +- .../machined/pkg/system/services/auditd.go | 2 +- .../pkg/system/services/containerd.go | 2 +- .../app/machined/pkg/system/services/cri.go | 21 +- .../machined/pkg/system/services/dashboard.go | 2 +- .../app/machined/pkg/system/services/etcd.go | 27 +- .../machined/pkg/system/services/extension.go | 2 +- .../machined/pkg/system/services/kubelet.go | 18 +- .../machined/pkg/system/services/machined.go | 2 +- .../machined/pkg/system/services/registryd.go | 2 +- .../machined/pkg/system/services/syslogd.go | 2 +- .../machined/pkg/system/services/trustd.go | 2 +- .../app/machined/pkg/system/services/udevd.go | 2 +- internal/app/machined/pkg/system/volumes.go | 15 +- internal/integration/api/selinux.go | 117 ++-- internal/integration/k8s/tink.go | 7 +- internal/pkg/mount/v2/overlay.go | 20 - internal/pkg/selinux/selinux.go | 27 +- .../resource/definitions/block/block.pb.go | 600 +++++++++++------- .../definitions/block/block_vtproto.pb.go | 431 +++++++++++++ .../resource/definitions/enums/enums.pb.go | 167 ++--- pkg/machinery/constants/constants.go | 3 + pkg/machinery/gendata/data/pkgs | 2 +- .../resources/block/volume_config.go | 23 + .../resources/block/volume_status.go | 6 +- pkg/machinery/resources/block/volumetype.go | 2 + .../resources/block/volumetype_enumer.go | 16 +- website/content/v1.10/reference/api.md | 26 + 82 files changed, 2259 insertions(+), 1060 deletions(-) create mode 100644 internal/app/machined/pkg/controllers/block/mount_status_test.go create mode 100644 internal/app/machined/pkg/controllers/block/mount_test.go delete mode 100644 internal/pkg/mount/v2/overlay.go diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 990c6bf47..549c4a20d 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-24T14:29:42Z by kres 921213e. +# Generated on 2025-04-01T10:44:44Z by kres d903dae. name: default concurrency: @@ -441,7 +441,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -453,7 +453,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: e2e-aws-prepare @@ -576,7 +576,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -588,7 +588,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: checkout extensions @@ -731,7 +731,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -743,7 +743,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: checkout extensions @@ -870,7 +870,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -998,7 +998,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -1080,7 +1080,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -1175,10 +1175,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -1191,9 +1189,9 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: conformance-qemu env: EXTRA_TEST_ARGS: -talos.enforcing @@ -1201,7 +1199,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io QEMU_CPUS_WORKERS: "6" QEMU_MEMORY_WORKERS: "4096" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing TEST_MODE: fast-conformance run: | sudo -E make e2e-qemu @@ -1287,7 +1285,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -1421,7 +1419,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -1433,7 +1431,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: e2e-gcp-prepare @@ -1661,21 +1659,6 @@ jobs: if: github.event_name == 'schedule' run: | make talosctl-cni-bundle - - name: iso - if: github.event_name == 'schedule' - env: - IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - run: | - make iso secureboot-iso - - name: images-essential - if: github.event_name == 'schedule' - env: - IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 - run: | - make images-essential - name: factory-1.7-iso env: FACTORY_BOOT_METHOD: iso @@ -1835,7 +1818,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -1918,7 +1901,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -1930,7 +1913,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make image-metal-uki - name: e2e-firewall @@ -2045,7 +2028,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -2167,10 +2150,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -2183,16 +2164,16 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: e2e-no-cluster-discovery env: EXTRA_TEST_ARGS: -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "false" run: | sudo -E make e2e-qemu @@ -2202,7 +2183,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-kubespan IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "true" WITH_KUBESPAN: "true" run: | @@ -2214,7 +2195,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-default-hostname IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" run: | sudo -E make e2e-qemu @@ -2227,7 +2208,7 @@ jobs: QEMU_MEMORY_WORKERS: "1024" QEMU_SYSTEM_DISK_SIZE: "10240" SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing run: | sudo -E make e2e-qemu - name: save artifacts @@ -2314,7 +2295,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -2333,7 +2314,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: e2e-bios @@ -2462,7 +2443,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -2572,10 +2553,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -2588,16 +2567,16 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: e2e-network-chaos env: EXTRA_TEST_ARGS: -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_NETWORK_CHAOS: "yes" run: | sudo -E make e2e-qemu @@ -2607,7 +2586,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CONFIG_INJECTION_METHOD: metal-iso run: | sudo -E make e2e-qemu @@ -2617,7 +2596,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_IOMMU: "yes" run: | sudo -E make e2e-qemu @@ -2699,7 +2678,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -2828,10 +2807,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -2844,16 +2821,16 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: e2e-siderolink env: EXTRA_TEST_ARGS: -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_SIDEROLINK_AGENT: "true" run: | @@ -2864,7 +2841,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tunnel IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_SIDEROLINK_AGENT: tunnel run: | @@ -2875,7 +2852,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tls IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_SIDEROLINK_AGENT: wireguard+tls run: | @@ -2894,7 +2871,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml' run: | sudo -E make e2e-qemu @@ -2976,7 +2953,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3071,7 +3048,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3166,7 +3143,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3261,7 +3238,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3362,7 +3339,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3496,7 +3473,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3604,7 +3581,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3711,7 +3688,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -3809,25 +3786,23 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: talosctl-cni-bundle + if: github.event_name == 'schedule' + run: | + make talosctl-cni-bundle - name: images-essential-enforcing env: IMAGE_REGISTRY: registry.dev.siderolabs.io IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | make images-essential - - name: talosctl-cni-bundle - if: github.event_name == 'schedule' - run: | - make talosctl-cni-bundle - name: e2e-qemu env: EXTRA_TEST_ARGS: -talos.enforcing @@ -3835,7 +3810,7 @@ jobs: QEMU_EXTRA_DISKS: "3" QEMU_EXTRA_DISKS_DRIVERS: ide,nvme QEMU_EXTRA_DISKS_SIZE: "10240" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2 WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml' WITH_USER_DISK: "true" @@ -3919,7 +3894,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -4103,7 +4078,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -4116,7 +4091,7 @@ jobs: env: IMAGE_REGISTRY: registry.dev.siderolabs.io IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: secureboot-iso @@ -4124,7 +4099,7 @@ jobs: env: IMAGE_REGISTRY: registry.dev.siderolabs.io IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make secureboot-iso - name: integration-trusted-boot @@ -4220,7 +4195,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -4234,15 +4209,15 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: secureboot-iso if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 + IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 + PLATFORM: linux/amd64,linux/arm64 run: | make secureboot-iso - name: integration-trusted-boot @@ -4250,7 +4225,7 @@ jobs: EXTRA_TEST_ARGS: -talos.trustedboot -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot IMAGE_REGISTRY: registry.dev.siderolabs.io - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_TRUSTED_BOOT_ISO: "true" run: | diff --git a/.github/workflows/integration-aws-cron.yaml b/.github/workflows/integration-aws-cron.yaml index d5cb1c734..a2c2d698f 100644 --- a/.github/workflows/integration-aws-cron.yaml +++ b/.github/workflows/integration-aws-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-11T14:06:53Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-aws-cron concurrency: @@ -82,7 +82,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -94,7 +94,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: e2e-aws-prepare diff --git a/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml b/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml index dd984ab60..f7cdb8f95 100644 --- a/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml +++ b/.github/workflows/integration-aws-nvidia-nonfree-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-11T14:06:53Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-aws-nvidia-nonfree-cron concurrency: @@ -86,7 +86,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -98,7 +98,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: checkout extensions diff --git a/.github/workflows/integration-aws-nvidia-oss-cron.yaml b/.github/workflows/integration-aws-nvidia-oss-cron.yaml index d21c744cf..0f90b4dfb 100644 --- a/.github/workflows/integration-aws-nvidia-oss-cron.yaml +++ b/.github/workflows/integration-aws-nvidia-oss-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-11T14:06:53Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-aws-nvidia-oss-cron concurrency: @@ -86,7 +86,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -98,7 +98,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: checkout extensions diff --git a/.github/workflows/integration-cilium-cron.yaml b/.github/workflows/integration-cilium-cron.yaml index e47ee22c8..45ec7a0dc 100644 --- a/.github/workflows/integration-cilium-cron.yaml +++ b/.github/workflows/integration-cilium-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-cilium-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-conformance-cron.yaml b/.github/workflows/integration-conformance-cron.yaml index 7b264c6c1..ae0415fcb 100644 --- a/.github/workflows/integration-conformance-cron.yaml +++ b/.github/workflows/integration-conformance-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-21T15:51:32Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-conformance-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-conformance-enforcing-cron.yaml b/.github/workflows/integration-conformance-enforcing-cron.yaml index 26c4ba958..cfc35a0c2 100644 --- a/.github/workflows/integration-conformance-enforcing-cron.yaml +++ b/.github/workflows/integration-conformance-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-24T09:55:56Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-conformance-enforcing-cron concurrency: @@ -70,10 +70,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -86,9 +84,9 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: conformance-qemu env: EXTRA_TEST_ARGS: -talos.enforcing @@ -96,7 +94,7 @@ jobs: IMAGE_REGISTRY: registry.dev.siderolabs.io QEMU_CPUS_WORKERS: "6" QEMU_MEMORY_WORKERS: "4096" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing TEST_MODE: fast-conformance run: | sudo -E make e2e-qemu diff --git a/.github/workflows/integration-extensions-cron.yaml b/.github/workflows/integration-extensions-cron.yaml index 785019e8f..0b7a24f36 100644 --- a/.github/workflows/integration-extensions-cron.yaml +++ b/.github/workflows/integration-extensions-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-extensions-cron concurrency: @@ -74,7 +74,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-gcp-cron.yaml b/.github/workflows/integration-gcp-cron.yaml index d61363c27..ffd32c0cc 100644 --- a/.github/workflows/integration-gcp-cron.yaml +++ b/.github/workflows/integration-gcp-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-11T14:06:53Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-gcp-cron concurrency: @@ -82,7 +82,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -94,7 +94,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: e2e-gcp-prepare diff --git a/.github/workflows/integration-image-factory-cron.yaml b/.github/workflows/integration-image-factory-cron.yaml index 4dfd80f5e..c07220b8c 100644 --- a/.github/workflows/integration-image-factory-cron.yaml +++ b/.github/workflows/integration-image-factory-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-image-factory-cron concurrency: @@ -84,21 +84,6 @@ jobs: if: github.event_name == 'schedule' run: | make talosctl-cni-bundle - - name: iso - if: github.event_name == 'schedule' - env: - IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - run: | - make iso secureboot-iso - - name: images-essential - if: github.event_name == 'schedule' - env: - IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 - run: | - make images-essential - name: factory-1.7-iso env: FACTORY_BOOT_METHOD: iso diff --git a/.github/workflows/integration-images-cron.yaml b/.github/workflows/integration-images-cron.yaml index b1dd61f87..2df25021f 100644 --- a/.github/workflows/integration-images-cron.yaml +++ b/.github/workflows/integration-images-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-images-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-misc-0-cron.yaml b/.github/workflows/integration-misc-0-cron.yaml index d3b8428df..162ff63e1 100644 --- a/.github/workflows/integration-misc-0-cron.yaml +++ b/.github/workflows/integration-misc-0-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-21T15:51:32Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-misc-0-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -82,7 +82,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make image-metal-uki - name: e2e-firewall diff --git a/.github/workflows/integration-misc-1-cron.yaml b/.github/workflows/integration-misc-1-cron.yaml index 402c9e617..9187be8e0 100644 --- a/.github/workflows/integration-misc-1-cron.yaml +++ b/.github/workflows/integration-misc-1-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-21T16:23:54Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-misc-1-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-misc-1-enforcing-cron.yaml b/.github/workflows/integration-misc-1-enforcing-cron.yaml index 1a5282d42..9c8bbee4f 100644 --- a/.github/workflows/integration-misc-1-enforcing-cron.yaml +++ b/.github/workflows/integration-misc-1-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-24T09:55:56Z by kres ec5ec04. +# Generated on 2025-04-01T10:44:44Z by kres d903dae. name: integration-misc-1-enforcing-cron concurrency: @@ -70,10 +70,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -86,16 +84,16 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: e2e-no-cluster-discovery env: EXTRA_TEST_ARGS: -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "false" run: | sudo -E make e2e-qemu @@ -105,7 +103,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-kubespan IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CLUSTER_DISCOVERY: "true" WITH_KUBESPAN: "true" run: | @@ -117,7 +115,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-default-hostname IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" run: | sudo -E make e2e-qemu @@ -130,7 +128,7 @@ jobs: QEMU_MEMORY_WORKERS: "1024" QEMU_SYSTEM_DISK_SIZE: "10240" SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing run: | sudo -E make e2e-qemu - name: save artifacts diff --git a/.github/workflows/integration-misc-2-cron.yaml b/.github/workflows/integration-misc-2-cron.yaml index 379d27c5f..305b29b79 100644 --- a/.github/workflows/integration-misc-2-cron.yaml +++ b/.github/workflows/integration-misc-2-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-14T10:24:50Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-misc-2-cron concurrency: @@ -76,7 +76,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -95,7 +95,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: e2e-bios diff --git a/.github/workflows/integration-misc-3-cron.yaml b/.github/workflows/integration-misc-3-cron.yaml index 362bc7571..95a6d327c 100644 --- a/.github/workflows/integration-misc-3-cron.yaml +++ b/.github/workflows/integration-misc-3-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-21T15:51:32Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-misc-3-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-misc-3-enforcing-cron.yaml b/.github/workflows/integration-misc-3-enforcing-cron.yaml index ac2b9d18d..e93e26584 100644 --- a/.github/workflows/integration-misc-3-enforcing-cron.yaml +++ b/.github/workflows/integration-misc-3-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-24T09:55:56Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-misc-3-enforcing-cron concurrency: @@ -70,10 +70,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -86,16 +84,16 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: e2e-network-chaos env: EXTRA_TEST_ARGS: -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_NETWORK_CHAOS: "yes" run: | sudo -E make e2e-qemu @@ -105,7 +103,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CONFIG_INJECTION_METHOD: metal-iso run: | sudo -E make e2e-qemu @@ -115,7 +113,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_IOMMU: "yes" run: | sudo -E make e2e-qemu diff --git a/.github/workflows/integration-misc-4-cron.yaml b/.github/workflows/integration-misc-4-cron.yaml index 0c3766be7..a7a29a2d5 100644 --- a/.github/workflows/integration-misc-4-cron.yaml +++ b/.github/workflows/integration-misc-4-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-21T15:51:32Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-misc-4-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-misc-4-enforcing-cron.yaml b/.github/workflows/integration-misc-4-enforcing-cron.yaml index a5050d790..fe5b354b9 100644 --- a/.github/workflows/integration-misc-4-enforcing-cron.yaml +++ b/.github/workflows/integration-misc-4-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-24T09:55:56Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-misc-4-enforcing-cron concurrency: @@ -70,10 +70,8 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - name: talosctl-cni-bundle @@ -86,16 +84,16 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: e2e-siderolink env: EXTRA_TEST_ARGS: -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_SIDEROLINK_AGENT: "true" run: | @@ -106,7 +104,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tunnel IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_SIDEROLINK_AGENT: tunnel run: | @@ -117,7 +115,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-siderolink-tls IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_SIDEROLINK_AGENT: wireguard+tls run: | @@ -136,7 +134,7 @@ jobs: GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace IMAGE_REGISTRY: registry.dev.siderolabs.io SHORT_INTEGRATION_TEST: "yes" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml' run: | sudo -E make e2e-qemu diff --git a/.github/workflows/integration-provision-0-cron.yaml b/.github/workflows/integration-provision-0-cron.yaml index c733601f7..f975f62d0 100644 --- a/.github/workflows/integration-provision-0-cron.yaml +++ b/.github/workflows/integration-provision-0-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-provision-0-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-provision-1-cron.yaml b/.github/workflows/integration-provision-1-cron.yaml index e6eca2d72..27ed5101b 100644 --- a/.github/workflows/integration-provision-1-cron.yaml +++ b/.github/workflows/integration-provision-1-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-provision-1-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-provision-2-cron.yaml b/.github/workflows/integration-provision-2-cron.yaml index 92b7c5b22..6f3645c05 100644 --- a/.github/workflows/integration-provision-2-cron.yaml +++ b/.github/workflows/integration-provision-2-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-provision-2-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-qemu-cron.yaml b/.github/workflows/integration-qemu-cron.yaml index 9cf96b0ee..e04a5d63e 100644 --- a/.github/workflows/integration-qemu-cron.yaml +++ b/.github/workflows/integration-qemu-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-qemu-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-qemu-csi-longhorn-cron.yaml b/.github/workflows/integration-qemu-csi-longhorn-cron.yaml index 2fa05de5e..e209da897 100644 --- a/.github/workflows/integration-qemu-csi-longhorn-cron.yaml +++ b/.github/workflows/integration-qemu-csi-longhorn-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-04T16:42:28Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-qemu-csi-longhorn-cron concurrency: @@ -74,7 +74,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-qemu-csi-openebs-cron.yaml b/.github/workflows/integration-qemu-csi-openebs-cron.yaml index 4d8e3bdf7..66434b1fd 100644 --- a/.github/workflows/integration-qemu-csi-openebs-cron.yaml +++ b/.github/workflows/integration-qemu-csi-openebs-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-qemu-csi-openebs-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml b/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml index cb9167758..d907fb753 100644 --- a/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml +++ b/.github/workflows/integration-qemu-csi-rook-ceph-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-02-26T15:23:43Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-qemu-csi-rook-ceph-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-qemu-encrypted-vip-cron.yaml b/.github/workflows/integration-qemu-encrypted-vip-cron.yaml index 0a77ad2ca..ba590f8e4 100644 --- a/.github/workflows/integration-qemu-encrypted-vip-cron.yaml +++ b/.github/workflows/integration-qemu-encrypted-vip-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-21T15:51:32Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-qemu-encrypted-vip-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-qemu-enforcing-cron.yaml b/.github/workflows/integration-qemu-enforcing-cron.yaml index 987912d32..c622efad4 100644 --- a/.github/workflows/integration-qemu-enforcing-cron.yaml +++ b/.github/workflows/integration-qemu-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-24T09:55:56Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-qemu-enforcing-cron concurrency: @@ -70,25 +70,23 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=enforcing=1 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 + - name: talosctl-cni-bundle + if: github.event_name == 'schedule' + run: | + make talosctl-cni-bundle - name: images-essential-enforcing env: IMAGE_REGISTRY: registry.dev.siderolabs.io IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | make images-essential - - name: talosctl-cni-bundle - if: github.event_name == 'schedule' - run: | - make talosctl-cni-bundle - name: e2e-qemu env: EXTRA_TEST_ARGS: -talos.enforcing @@ -96,7 +94,7 @@ jobs: QEMU_EXTRA_DISKS: "3" QEMU_EXTRA_DISKS_DRIVERS: ide,nvme QEMU_EXTRA_DISKS_SIZE: "10240" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2 WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml' WITH_USER_DISK: "true" diff --git a/.github/workflows/integration-qemu-race-cron.yaml b/.github/workflows/integration-qemu-race-cron.yaml index f4813599a..30c8f7a36 100644 --- a/.github/workflows/integration-qemu-race-cron.yaml +++ b/.github/workflows/integration-qemu-race-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-04T13:59:07Z by kres 1281806. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-qemu-race-cron concurrency: @@ -70,7 +70,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 diff --git a/.github/workflows/integration-trusted-boot-cron.yaml b/.github/workflows/integration-trusted-boot-cron.yaml index 5df0d4021..61a89212e 100644 --- a/.github/workflows/integration-trusted-boot-cron.yaml +++ b/.github/workflows/integration-trusted-boot-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-21T15:51:32Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-trusted-boot-cron concurrency: @@ -76,7 +76,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -89,7 +89,7 @@ jobs: env: IMAGE_REGISTRY: registry.dev.siderolabs.io IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make images-essential - name: secureboot-iso @@ -97,7 +97,7 @@ jobs: env: IMAGE_REGISTRY: registry.dev.siderolabs.io IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 run: | make secureboot-iso - name: integration-trusted-boot diff --git a/.github/workflows/integration-trusted-boot-enforcing-cron.yaml b/.github/workflows/integration-trusted-boot-enforcing-cron.yaml index 6ede4f8fc..bd416ff4d 100644 --- a/.github/workflows/integration-trusted-boot-enforcing-cron.yaml +++ b/.github/workflows/integration-trusted-boot-enforcing-cron.yaml @@ -1,6 +1,6 @@ # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT. # -# Generated on 2025-03-24T09:55:56Z by kres ec5ec04. +# Generated on 2025-04-01T08:14:24Z by kres d903dae. name: integration-trusted-boot-enforcing-cron concurrency: @@ -76,7 +76,7 @@ jobs: if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 PUSH: "true" run: | make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 @@ -90,15 +90,15 @@ jobs: IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 PLATFORM: linux/amd64,linux/arm64 PUSH: "true" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing run: | - make imager installer-base installer images-essential + make images-essential - name: secureboot-iso if: github.event_name == 'schedule' env: IMAGE_REGISTRY: registry.dev.siderolabs.io - IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 - PLATFORM: linux/amd64 + IMAGER_ARGS: --extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1 + PLATFORM: linux/amd64,linux/arm64 run: | make secureboot-iso - name: integration-trusted-boot @@ -106,7 +106,7 @@ jobs: EXTRA_TEST_ARGS: -talos.trustedboot -talos.enforcing GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot IMAGE_REGISTRY: registry.dev.siderolabs.io - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing VIA_MAINTENANCE_MODE: "true" WITH_TRUSTED_BOOT_ISO: "true" run: | diff --git a/.kres.yaml b/.kres.yaml index 451f2ea39..dd7991059 100644 --- a/.kres.yaml +++ b/.kres.yaml @@ -331,7 +331,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -384,27 +384,25 @@ spec: conditions: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 - environment: - PLATFORM: linux/amd64 - IMAGER_ARGS: "--extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing - IMAGE_REGISTRY: registry.dev.siderolabs.io - PUSH: true - - name: images-essential-enforcing - command: images-essential environment: PLATFORM: linux/amd64,linux/arm64 - IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle conditions: - only-on-schedule + - name: images-essential-enforcing + command: images-essential + environment: + PLATFORM: linux/amd64,linux/arm64 + IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" + TAG_SUFFIX_OUT: -enforcing + IMAGE_REGISTRY: registry.dev.siderolabs.io + PUSH: true - name: e2e-qemu withSudo: true environment: - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io QEMU_EXTRA_DISKS: "3" @@ -451,7 +449,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -504,20 +502,18 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 - IMAGER_ARGS: "--extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle conditions: - only-on-schedule - name: images-essential-enforcing - command: imager installer-base installer images-essential + command: images-essential environment: PLATFORM: linux/amd64,linux/arm64 IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: conformance-qemu @@ -528,7 +524,7 @@ spec: QEMU_CPUS_WORKERS: 6 QEMU_MEMORY_WORKERS: 4096 TEST_MODE: fast-conformance - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs @@ -574,7 +570,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -584,14 +580,14 @@ spec: conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0" IMAGE_REGISTRY: registry.dev.siderolabs.io - name: secureboot-iso conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0" IMAGE_REGISTRY: registry.dev.siderolabs.io - name: integration-trusted-boot @@ -646,26 +642,26 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle conditions: - only-on-schedule - name: images-essential-enforcing - command: imager installer-base installer images-essential + command: images-essential environment: PLATFORM: linux/amd64,linux/arm64 IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: secureboot-iso conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 - IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0" + PLATFORM: linux/amd64,linux/arm64 + IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" IMAGE_REGISTRY: registry.dev.siderolabs.io - name: integration-trusted-boot command: e2e-qemu @@ -674,7 +670,7 @@ spec: GITHUB_STEP_NAME: ${{ github.job}}-integration-trusted-boot VIA_MAINTENANCE_MODE: true WITH_TRUSTED_BOOT_ISO: true - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: "-talos.trustedboot -talos.enforcing" IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs @@ -716,7 +712,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -767,7 +763,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -818,7 +814,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -869,7 +865,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -879,7 +875,7 @@ spec: conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-firewall command: e2e-qemu @@ -954,7 +950,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1035,20 +1031,18 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 - IMAGER_ARGS: "--extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle conditions: - only-on-schedule - name: images-essential-enforcing - command: imager installer-base installer images-essential + command: images-essential environment: PLATFORM: linux/amd64,linux/arm64 IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: e2e-no-cluster-discovery @@ -1058,7 +1052,7 @@ spec: GITHUB_STEP_NAME: ${{ github.job}}-e2e-no-cluster-discovery SHORT_INTEGRATION_TEST: yes WITH_CLUSTER_DISCOVERY: false - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-kubespan @@ -1069,7 +1063,7 @@ spec: SHORT_INTEGRATION_TEST: yes WITH_CLUSTER_DISCOVERY: true WITH_KUBESPAN: true - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-default-hostname @@ -1080,7 +1074,7 @@ spec: SHORT_INTEGRATION_TEST: yes VIA_MAINTENANCE_MODE: true DISABLE_DHCP_HOSTNAME: true - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-min-requirements @@ -1092,7 +1086,7 @@ spec: QEMU_MEMORY_WORKERS: 1024 QEMU_MEMORY_CONTROLPLANES: 2048 QEMU_SYSTEM_DISK_SIZE: 10240 - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs @@ -1139,7 +1133,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1156,7 +1150,7 @@ spec: conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-bios command: e2e-qemu @@ -1245,7 +1239,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1314,20 +1308,18 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 - IMAGER_ARGS: "--extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle conditions: - only-on-schedule - name: images-essential-enforcing - command: imager installer-base installer images-essential + command: images-essential environment: PLATFORM: linux/amd64,linux/arm64 IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: e2e-network-chaos @@ -1337,7 +1329,7 @@ spec: GITHUB_STEP_NAME: ${{ github.job}}-e2e-network-chaos SHORT_INTEGRATION_TEST: yes WITH_NETWORK_CHAOS: yes - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-metal-iso @@ -1347,7 +1339,7 @@ spec: GITHUB_STEP_NAME: ${{ github.job}}-e2e-metal-iso SHORT_INTEGRATION_TEST: yes WITH_CONFIG_INJECTION_METHOD: "metal-iso" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-iommu-pcidriverrebind @@ -1357,7 +1349,7 @@ spec: GITHUB_STEP_NAME: ${{ github.job}}-e2e-iommu-pcidriverrebind SHORT_INTEGRATION_TEST: yes WITH_IOMMU: yes - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs @@ -1399,7 +1391,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1487,20 +1479,18 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 - IMAGER_ARGS: "--extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle conditions: - only-on-schedule - name: images-essential-enforcing - command: imager installer-base installer images-essential + command: images-essential environment: PLATFORM: linux/amd64,linux/arm64 IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0 --extra-kernel-arg=enforcing=1" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_OUT: -enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: e2e-siderolink @@ -1511,7 +1501,7 @@ spec: SHORT_INTEGRATION_TEST: yes WITH_SIDEROLINK_AGENT: true VIA_MAINTENANCE_MODE: true - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-siderolink-tunnel @@ -1522,7 +1512,7 @@ spec: SHORT_INTEGRATION_TEST: yes WITH_SIDEROLINK_AGENT: tunnel VIA_MAINTENANCE_MODE: true - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-siderolink-tls @@ -1533,7 +1523,7 @@ spec: SHORT_INTEGRATION_TEST: yes WITH_SIDEROLINK_AGENT: wireguard+tls VIA_MAINTENANCE_MODE: true - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-apparmor @@ -1551,7 +1541,7 @@ spec: GITHUB_STEP_NAME: ${{ github.job}}-e2e-k8s-user-namespace SHORT_INTEGRATION_TEST: yes WITH_CONFIG_PATCH: "@hack/test/patches/usernamespace.yaml" - TAG_SUFFIX: -enforcing + TAG_SUFFIX_IN: -enforcing EXTRA_TEST_ARGS: -talos.enforcing IMAGE_REGISTRY: registry.dev.siderolabs.io - name: save-talos-logs @@ -1595,7 +1585,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1675,7 +1665,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1755,7 +1745,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1810,7 +1800,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1876,7 +1866,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -1946,7 +1936,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -2037,7 +2027,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -2103,7 +2093,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -2166,7 +2156,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: images @@ -2279,20 +2269,6 @@ spec: - name: talosctl-cni-bundle conditions: - only-on-schedule - - name: iso - conditions: - - only-on-schedule - command: iso secureboot-iso - environment: - IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0" - IMAGE_REGISTRY: registry.dev.siderolabs.io - - name: images-essential - conditions: - - only-on-schedule - environment: - PLATFORM: linux/amd64 - IMAGER_ARGS: "--extra-kernel-arg=console=ttyS0" - IMAGE_REGISTRY: registry.dev.siderolabs.io - name: factory-1.7-iso command: e2e-image-factory withSudo: true @@ -2418,7 +2394,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -2428,7 +2404,7 @@ spec: conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-aws-prepare environment: @@ -2494,7 +2470,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -2504,7 +2480,7 @@ spec: conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io - name: checkout extensions checkoutStep: @@ -2592,7 +2568,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -2602,7 +2578,7 @@ spec: conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io - name: checkout extensions checkoutStep: @@ -2687,7 +2663,7 @@ spec: - only-on-schedule command: talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64 environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io PUSH: true - name: talosctl-cni-bundle @@ -2697,7 +2673,7 @@ spec: conditions: - only-on-schedule environment: - PLATFORM: linux/amd64 + PLATFORM: linux/amd64,linux/arm64 IMAGE_REGISTRY: registry.dev.siderolabs.io - name: e2e-gcp-prepare - name: checkout contrib diff --git a/Makefile b/Makefile index fdf57ce7a..785d8d5c8 100644 --- a/Makefile +++ b/Makefile @@ -4,9 +4,12 @@ SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty) TAG ?= $(shell git describe --tag --always --dirty --match v[0-9]\*) ABBREV_TAG ?= $(shell git describe --tag --always --match v[0-9]\* --abbrev=0 ) TAG_SUFFIX ?= +TAG_SUFFIX_IN ?= $(TAG_SUFFIX) +TAG_SUFFIX_OUT ?= $(TAG_SUFFIX) SOURCE_DATE_EPOCH ?= $(shell git log -1 --pretty=%ct) IMAGE_REGISTRY ?= $(REGISTRY) -IMAGE_TAG ?= $(TAG)$(TAG_SUFFIX) +IMAGE_TAG_IN ?= $(TAG)$(TAG_SUFFIX_IN) +IMAGE_TAG_OUT ?= $(TAG)$(TAG_SUFFIX_OUT) BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD) REGISTRY_AND_USERNAME := $(IMAGE_REGISTRY)/$(USERNAME) NAME = Talos @@ -24,7 +27,7 @@ EMBED_TARGET ?= embed TOOLS_PREFIX ?= ghcr.io/siderolabs/tools TOOLS ?= v1.10.0-alpha.0-23-g6d456ca PKGS_PREFIX ?= ghcr.io/siderolabs -PKGS ?= v1.10.0-alpha.0-69-g665f782 +PKGS ?= v1.10.0-alpha.0-72-g7d7323b EXTRAS ?= v1.10.0-alpha.0-4-gc201b87 KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest @@ -355,10 +358,10 @@ local-%: ## Builds the specified target defined in the Dockerfile using the loca docker-%: ## Builds the specified target defined in the Dockerfile using the docker output type. The build result will be output to the specified local destination. @mkdir -p $(DEST) - @$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)" + @$(MAKE) target-$* TARGET_ARGS="--output type=docker,dest=$(DEST)/$*.tar,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG_OUT) $(TARGET_ARGS)" registry-%: ## Builds the specified target defined in the Dockerfile using the image/registry output type. The build result will be pushed to the registry if PUSH=true. - @$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG) $(TARGET_ARGS)" + @$(MAKE) target-$* TARGET_ARGS="--output type=image,name=$(REGISTRY_AND_USERNAME)/$*:$(IMAGE_TAG_OUT) $(TARGET_ARGS)" hack-test-%: ## Runs the specified script in ./hack/test with well known environment variables. @./hack/test/$*.sh @@ -450,10 +453,10 @@ talosctl: @$(MAKE) local-talosctl-targetarch DEST=$(ARTIFACTS) image-%: ## Builds the specified image. Valid options are aws, azure, digital-ocean, gcp, and vmware (e.g. image-aws) - @docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) + @docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG_IN) @for platform in $(subst $(,),$(space),$(PLATFORM)); do \ arch=$$(basename "$${platform}") && \ - docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out -e SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch $$arch $(IMAGER_ARGS) ; \ + docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out -e SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG_IN) $* --arch $$arch $(IMAGER_ARGS) ; \ done .PHONY: images-essential @@ -472,23 +475,23 @@ IMAGES_LIST := .PHONY: installer installer: ## Builds the installer and outputs it to the artifact directory. - @$(MAKE) image-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(IMAGER_ARGS)" + @$(MAKE) image-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(IMAGER_ARGS)" @crane_args="" @for platform in $(subst $(,),$(space),$(PLATFORM)); do \ arch=$$(basename "$${platform}") && \ - image=$$(crane push $(ARTIFACTS)/installer-$${arch}.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}) && \ + image=$$(crane push $(ARTIFACTS)/installer-$${arch}.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-$${arch}) && \ crane_args="$${crane_args} -m $${image}" ; \ done; \ - crane index append -t "${REGISTRY_AND_USERNAME}/installer:${IMAGE_TAG}" $${crane_args} + crane index append -t "${REGISTRY_AND_USERNAME}/installer:${IMAGE_TAG_OUT}" $${crane_args} .PHONY: secureboot-installer secureboot-installer: ## Builds UEFI only installer which uses UKI and push it to the registry. - @$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(IMAGER_ARGS)" + @$(MAKE) image-secureboot-installer IMAGER_ARGS="--base-installer-image $(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(IMAGER_ARGS)" @for platform in $(subst $(,),$(space),$(PLATFORM)); do \ arch=$$(basename "$${platform}") && \ - crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-$${arch}-secureboot ; \ + crane push $(ARTIFACTS)/installer-$${arch}-secureboot.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-$${arch}-secureboot ; \ done .PHONY: talosctl-cni-bundle @@ -519,10 +522,10 @@ uki-certs: talosctl ## Generate test certificates for SecureBoot/PCR Signing .PHONY: cache-create cache-create: installer imager ## Generate image cache. @docker run --entrypoint /usr/local/bin/e2e.test registry.k8s.io/conformance:$(KUBECTL_VERSION) --list-images | \ - $(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG) --registry-and-user=$(REGISTRY_AND_USERNAME) | \ + $(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG_IN) --registry-and-user=$(REGISTRY_AND_USERNAME) | \ $(TALOSCTL_EXECUTABLE) images cache-create --image-cache-path=/tmp/cache.tar --images=- --force - @crane push /tmp/cache.tar $(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG) - @$(MAKE) image-iso IMAGER_ARGS="--image-cache=$(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG) --extra-kernel-arg='console=ttyS0'" + @crane push /tmp/cache.tar $(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG_OUT) + @$(MAKE) image-iso IMAGER_ARGS="--image-cache=$(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG_OUT) --extra-kernel-arg='console=ttyS0'" # Code Quality @@ -600,8 +603,8 @@ e2e-%: $(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 external-artifacts TAG=$(TAG) \ SHA=$(SHA) \ REGISTRY=$(IMAGE_REGISTRY) \ - IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG) \ - INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG) \ + IMAGE=$(REGISTRY_AND_USERNAME)/talos:$(IMAGE_TAG_IN) \ + INSTALLER_IMAGE=$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_IN) \ ARTIFACTS=$(ARTIFACTS) \ TALOSCTL=$(PWD)/$(ARTIFACTS)/$(TALOSCTL_DEFAULT_TARGET)-amd64 \ INTEGRATION_TEST=$(PWD)/$(ARTIFACTS)/$(INTEGRATION_TEST_DEFAULT_TARGET)-amd64 \ @@ -633,9 +636,9 @@ provision-tests-track-%: installer-with-extensions: $(ARTIFACTS)/extensions/_out/extensions-metadata $(MAKE) image-installer \ - IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | $(EXTENSIONS_FILTER_COMMAND) | xargs -n 1 echo --system-extension-image)" - crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions - INSTALLER_IMAGE_EXTENSIONS="$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG)-amd64-extensions" yq eval -n '.machine.install.image = strenv(INSTALLER_IMAGE_EXTENSIONS)' > $(ARTIFACTS)/installer-extensions-patch.yaml + IMAGER_ARGS="--base-installer-image=$(REGISTRY_AND_USERNAME)/installer-base:$(IMAGE_TAG_IN) $(shell cat $(ARTIFACTS)/extensions/_out/extensions-metadata | $(EXTENSIONS_FILTER_COMMAND) | xargs -n 1 echo --system-extension-image)" + crane push $(ARTIFACTS)/installer-amd64.tar $(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-amd64-extensions + INSTALLER_IMAGE_EXTENSIONS="$(REGISTRY_AND_USERNAME)/installer:$(IMAGE_TAG_OUT)-amd64-extensions" yq eval -n '.machine.install.image = strenv(INSTALLER_IMAGE_EXTENSIONS)' > $(ARTIFACTS)/installer-extensions-patch.yaml kubelet-fat-patch: K8S_VERSION=$(KUBECTL_VERSION) yq eval -n '.machine.kubelet.image = "ghcr.io/siderolabs/kubelet:" + strenv(K8S_VERSION) + "-fat"' > $(ARTIFACTS)/kubelet-fat-patch.yaml @@ -687,7 +690,7 @@ push: ## Pushes the installer, imager, talos and talosctl images to the configur @$(MAKE) talosctl-image PUSH=true push-%: ## Pushes the installer, imager, talos and talosctl images to the configured container registry with the specified tag (e.g. push-latest). - @$(MAKE) push IMAGE_TAG=$* + @$(MAKE) push IMAGE_TAG_OUT=$* .PHONY: clean clean: ## Cleans up all artifacts. @@ -695,11 +698,11 @@ clean: ## Cleans up all artifacts. .PHONY: image-list image-list: ## Prints a list of all images built by this Makefile with digests. - @echo -n installer installer-base talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})' + @echo -n installer installer-base talos imager talosctl | xargs -d ' ' -I{} sh -c 'echo $(REGISTRY_AND_USERNAME)/{}:$(IMAGE_TAG_IN)' | xargs -I{} sh -c 'echo {}@$$(crane digest {})' .PHONY: sign-images sign-images: ## Run cosign to sign all images built by this Makefile. - @for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG=$(IMAGE_TAG)); do \ + @for image in $(shell $(MAKE) --quiet image-list REGISTRY_AND_USERNAME=$(REGISTRY_AND_USERNAME) IMAGE_TAG_IN=$(IMAGE_TAG_IN)); do \ echo '==>' $$image; \ cosign verify $$image --certificate-identity-regexp '@siderolabs\.com$$' --certificate-oidc-issuer https://accounts.google.com || \ cosign sign --yes $$image; \ diff --git a/api/resource/definitions/block/block.proto b/api/resource/definitions/block/block.proto index 07a28dfdd..26ca5c56f 100755 --- a/api/resource/definitions/block/block.proto +++ b/api/resource/definitions/block/block.proto @@ -126,6 +126,10 @@ message MountSpec { string selinux_label = 2; bool project_quota_support = 3; string parent_id = 4; + uint32 file_mode = 5; + int64 uid = 6; + int64 gid = 7; + bool recursive_relabel = 8; } // MountStatusSpec is the spec for MountStatus. @@ -156,6 +160,12 @@ message ProvisioningSpec { FilesystemSpec filesystem_spec = 4; } +// SymlinkProvisioningSpec is the spec for volume symlink. +message SymlinkProvisioningSpec { + string symlink_target_path = 1; + bool force = 2; +} + // SymlinkSpec is the spec for Symlinks resource. message SymlinkSpec { repeated string paths = 1; @@ -181,6 +191,7 @@ message VolumeConfigSpec { LocatorSpec locator = 4; MountSpec mount = 5; EncryptionSpec encryption = 6; + SymlinkProvisioningSpec symlink = 7; } // VolumeMountRequestSpec is the spec for VolumeMountRequest. @@ -217,5 +228,7 @@ message VolumeStatusSpec { MountSpec mount_spec = 15; talos.resource.definitions.enums.BlockVolumeType type = 16; repeated string configured_encryption_keys = 17; + SymlinkProvisioningSpec symlink_spec = 18; + string parent_id = 19; } diff --git a/api/resource/definitions/enums/enums.proto b/api/resource/definitions/enums/enums.proto index d1df81d77..051d97ffc 100755 --- a/api/resource/definitions/enums/enums.proto +++ b/api/resource/definitions/enums/enums.proto @@ -401,6 +401,8 @@ enum BlockVolumeType { VOLUME_TYPE_DISK = 1; VOLUME_TYPE_TMPFS = 2; VOLUME_TYPE_DIRECTORY = 3; + VOLUME_TYPE_SYMLINK = 4; + VOLUME_TYPE_OVERLAY = 5; } // CriImageCacheStatus describes image cache status type. diff --git a/internal/app/machined/pkg/controllers/block/internal/volumes/close.go b/internal/app/machined/pkg/controllers/block/internal/volumes/close.go index 57c9df744..d6bf77787 100644 --- a/internal/app/machined/pkg/controllers/block/internal/volumes/close.go +++ b/internal/app/machined/pkg/controllers/block/internal/volumes/close.go @@ -19,8 +19,8 @@ import ( // Close the encrypted volumes. func Close(ctx context.Context, logger *zap.Logger, volumeContext ManagerContext) error { switch volumeContext.Cfg.TypedSpec().Type { - case block.VolumeTypeTmpfs, block.VolumeTypeDirectory: - // tmpfs & directory volumes can be always closed + case block.VolumeTypeTmpfs, block.VolumeTypeDirectory, block.VolumeTypeSymlink, block.VolumeTypeOverlay: + // tmpfs, directory, symlink and overlay volumes can be always closed volumeContext.Status.Phase = block.VolumePhaseClosed return nil diff --git a/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go b/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go index 4daf703c0..040bec0cc 100644 --- a/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go +++ b/internal/app/machined/pkg/controllers/block/internal/volumes/locate.go @@ -25,11 +25,12 @@ import ( //nolint:gocyclo,cyclop func LocateAndProvision(ctx context.Context, logger *zap.Logger, volumeContext ManagerContext) error { volumeContext.Status.MountSpec = volumeContext.Cfg.TypedSpec().Mount + volumeContext.Status.SymlinkSpec = volumeContext.Cfg.TypedSpec().Symlink volumeType := volumeContext.Cfg.TypedSpec().Type switch volumeType { - case block.VolumeTypeTmpfs, block.VolumeTypeDirectory: - // tmpfs & directory volumes are always ready + case block.VolumeTypeTmpfs, block.VolumeTypeDirectory, block.VolumeTypeSymlink, block.VolumeTypeOverlay: + // tmpfs, directory, symlink and overlays volumes are always ready volumeContext.Status.Phase = block.VolumePhaseReady return nil diff --git a/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go b/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go index dffc27583..175e9049c 100644 --- a/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go +++ b/internal/app/machined/pkg/controllers/block/internal/volumes/volumes.go @@ -82,6 +82,8 @@ func (d *DiskContext) ToCELContext() map[string]any { type ManagerContext struct { Cfg *block.VolumeConfig Status *block.VolumeStatusSpec + ParentStatus *block.VolumeStatus + ParentFinalizer string DiscoveredVolumes []*blockpb.DiscoveredVolumeSpec Disks []DiskContext diff --git a/internal/app/machined/pkg/controllers/block/mount.go b/internal/app/machined/pkg/controllers/block/mount.go index d66050497..71b9fd3bf 100644 --- a/internal/app/machined/pkg/controllers/block/mount.go +++ b/internal/app/machined/pkg/controllers/block/mount.go @@ -7,7 +7,9 @@ package block import ( "context" "fmt" + "os" "path/filepath" + "syscall" "github.com/cosi-project/runtime/pkg/controller" "github.com/cosi-project/runtime/pkg/resource" @@ -15,8 +17,12 @@ import ( "github.com/cosi-project/runtime/pkg/state" "github.com/siderolabs/gen/xslices" "go.uber.org/zap" + "golang.org/x/sys/unix" "github.com/siderolabs/talos/internal/pkg/mount/v2" + "github.com/siderolabs/talos/internal/pkg/selinux" + "github.com/siderolabs/talos/pkg/filetree" + "github.com/siderolabs/talos/pkg/machinery/constants" "github.com/siderolabs/talos/pkg/machinery/resources/block" ) @@ -203,12 +209,13 @@ func (ctrl *MountController) Run(ctx context.Context, r controller.Runtime, logg mountTarget := volumeStatus.TypedSpec().MountSpec.TargetPath mountFilesystem := volumeStatus.TypedSpec().Filesystem + rootPath := "/" + if mountHasParent { - // mount target is a path within the parent mount - mountTarget = filepath.Join(mountParentStatus.TypedSpec().Target, mountTarget) + rootPath = mountParentStatus.TypedSpec().Target } - if err = ctrl.handleMountOperation(logger, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus); err != nil { + if err = ctrl.handleMountOperation(logger, rootPath, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus); err != nil { return err } @@ -217,7 +224,7 @@ func (ctrl *MountController) Run(ctx context.Context, r controller.Runtime, logg func(mountStatus *block.MountStatus) error { mountStatus.TypedSpec().Spec = *mountRequest.TypedSpec() mountStatus.TypedSpec().Source = mountSource - mountStatus.TypedSpec().Target = mountTarget + mountStatus.TypedSpec().Target = filepath.Join(rootPath, mountTarget) mountStatus.TypedSpec().Filesystem = mountFilesystem mountStatus.TypedSpec().EncryptionProvider = volumeStatus.TypedSpec().EncryptionProvider mountStatus.TypedSpec().ReadOnly = mountRequest.TypedSpec().ReadOnly @@ -264,6 +271,7 @@ func (ctrl *MountController) tearDownMountStatus(ctx context.Context, r controll func (ctrl *MountController) handleMountOperation( logger *zap.Logger, + rootPath string, mountSource, mountTarget string, mountFilesystem block.FilesystemType, mountRequest *block.MountRequest, @@ -271,24 +279,173 @@ func (ctrl *MountController) handleMountOperation( ) error { switch volumeStatus.TypedSpec().Type { case block.VolumeTypeDirectory: - return ctrl.handleDirectoryMountOperation(mountTarget, volumeStatus) + return ctrl.handleDirectoryMountOperation(rootPath, mountTarget, volumeStatus) + case block.VolumeTypeOverlay: + return ctrl.handleOverlayMountOperation(logger, filepath.Join(rootPath, mountTarget), mountRequest, volumeStatus) + case block.VolumeTypeSymlink: + return ctrl.handleSymlinkMountOperation(logger, rootPath, mountTarget, mountRequest, volumeStatus) case block.VolumeTypeTmpfs: return fmt.Errorf("not implemented yet") case block.VolumeTypeDisk, block.VolumeTypePartition: - return ctrl.handleDiskMountOperation(logger, mountSource, mountTarget, mountFilesystem, mountRequest, volumeStatus) + return ctrl.handleDiskMountOperation(logger, mountSource, filepath.Join(rootPath, mountTarget), mountFilesystem, mountRequest, volumeStatus) default: return fmt.Errorf("unsupported volume type %q", volumeStatus.TypedSpec().Type) } } func (ctrl *MountController) handleDirectoryMountOperation( - _ string, - _ *block.VolumeStatus, + rootPath string, + target string, + volumeStatus *block.VolumeStatus, ) error { - // [TODO]: implement me - // - create directory if missing - // - set SELinux label if needed - // - set uid:gid if needed + targetPath := filepath.Join(rootPath, target) + + if err := os.Mkdir(targetPath, volumeStatus.TypedSpec().MountSpec.FileMode); err != nil { + if !os.IsExist(err) { + return fmt.Errorf("failed to create target path: %w", err) + } + + st, err := os.Stat(targetPath) + if err != nil { + return fmt.Errorf("failed to stat target path: %w", err) + } + + if !st.IsDir() { + return fmt.Errorf("target path %q is not a directory", targetPath) + } + } + + return ctrl.updateTargetSettings(targetPath, volumeStatus.TypedSpec().MountSpec) +} + +//nolint:gocyclo +func (ctrl *MountController) handleSymlinkMountOperation( + logger *zap.Logger, + rootPath string, + target string, + mountRequest *block.MountRequest, + volumeStatus *block.VolumeStatus, +) error { + _, ok := ctrl.activeMounts[mountRequest.Metadata().ID()] + if ok { + return nil + } + + targetPath := filepath.Join(rootPath, target) + + st, err := os.Lstat(targetPath) + if err != nil && !os.IsNotExist(err) { + return fmt.Errorf("failed to stat target path: %w", err) + } + + if st == nil { + // create the symlink + if err := os.Symlink(volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath, targetPath); err != nil { + return fmt.Errorf("failed to create symlink %q: %w", targetPath, err) + } + + ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{} + + return nil + } + + if st.Mode()&os.ModeSymlink != 0 { + // if it's already a symlink, check if it points to the right target + symlinkTarget, err := os.Readlink(targetPath) + if err != nil { + return fmt.Errorf("failed to read symlink target: %w", err) + } + + if symlinkTarget == volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath { + return nil + } + } + + if !volumeStatus.TypedSpec().SymlinkSpec.Force { + return fmt.Errorf("target path %q is not a symlink to %q", targetPath, volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath) + } + + // try to remove forcefully + if err := os.RemoveAll(targetPath); err != nil { + if !st.Mode().IsDir() { + return fmt.Errorf("failed to remove target path, and target is not a directory %s: %w", st.Mode(), err) + } + + // try to remove all entries if it's a directory + entries, err := os.ReadDir(targetPath) + if err != nil { + return fmt.Errorf("failed to read target path: %w", err) + } + + for _, entry := range entries { + if err := os.RemoveAll(filepath.Join(targetPath, entry.Name())); err != nil { + logger.Warn("failed to remove target path entry", zap.String("entry", entry.Name()), zap.Error(err)) + } + } + + ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{} + + // return early, i.e. keep this as a directory + return nil + } + + if err := os.Symlink(volumeStatus.TypedSpec().SymlinkSpec.SymlinkTargetPath, targetPath); err != nil { + return fmt.Errorf("failed to create symlink %q: %w", targetPath, err) + } + + ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{} + + return nil +} + +//nolint:gocyclo +func (ctrl *MountController) updateTargetSettings( + targetPath string, + mountSpec block.MountSpec, +) error { + if err := os.Chmod(targetPath, mountSpec.FileMode); err != nil { + return fmt.Errorf("failed to chmod %q: %w", targetPath, err) + } + + st, err := os.Stat(targetPath) + if err != nil { + return fmt.Errorf("failed to stat %q: %w", targetPath, err) + } + + sysStat := st.Sys().(*syscall.Stat_t) + + if sysStat.Uid != uint32(mountSpec.UID) || sysStat.Gid != uint32(mountSpec.GID) { + if mountSpec.RecursiveRelabel { + err = filetree.ChownRecursive(targetPath, uint32(mountSpec.UID), uint32(mountSpec.GID)) + } else { + err = os.Chown(targetPath, mountSpec.UID, mountSpec.GID) + } + + if err != nil { + return fmt.Errorf("failed to chown %q: %w", targetPath, err) + } + } + + currentLabel, err := selinux.GetLabel(targetPath) + if err != nil { + return fmt.Errorf("failed to get current label %q: %w", targetPath, err) + } + + if currentLabel == mountSpec.SelinuxLabel { + // nothing to do + return nil + } + + if mountSpec.RecursiveRelabel { + err = selinux.SetLabelRecursive(targetPath, mountSpec.SelinuxLabel) + } else { + err = selinux.SetLabel(targetPath, mountSpec.SelinuxLabel) + } + + if err != nil { + return fmt.Errorf("error setting label %q: %w", targetPath, err) + } + return nil } @@ -326,6 +483,14 @@ func (ctrl *MountController) handleDiskMountOperation( return fmt.Errorf("failed to mount %q: %w", mountRequest.Metadata().ID(), err) } + if !mountRequest.TypedSpec().ReadOnly { + if err = ctrl.updateTargetSettings(mountTarget, volumeStatus.TypedSpec().MountSpec); err != nil { + unmounter() //nolint:errcheck + + return fmt.Errorf("failed to update target settings %q: %w", mountRequest.Metadata().ID(), err) + } + } + logger.Info("volume mount", zap.String("volume", volumeStatus.Metadata().ID()), zap.String("source", mountSource), @@ -364,6 +529,52 @@ func (ctrl *MountController) handleDiskMountOperation( return nil } +func (ctrl *MountController) handleOverlayMountOperation( + logger *zap.Logger, + mountTarget string, + mountRequest *block.MountRequest, + volumeStatus *block.VolumeStatus, +) error { + if _, ok := ctrl.activeMounts[mountRequest.Metadata().ID()]; ok { + return nil + } + + if volumeStatus.TypedSpec().ParentID != constants.EphemeralPartitionLabel { + return fmt.Errorf("overlay mount is not supported for %q", volumeStatus.TypedSpec().ParentID) + } + + mountpoint := mount.NewVarOverlay( + []string{mountTarget}, + mountTarget, + mount.WithFlags(unix.MS_I_VERSION), + mount.WithSelinuxLabel(volumeStatus.TypedSpec().MountSpec.SelinuxLabel), + ) + + unmounter, err := mountpoint.Mount(mount.WithMountPrinter(logger.Sugar().Infof)) + if err != nil { + return fmt.Errorf("failed to mount %q: %w", mountRequest.Metadata().ID(), err) + } + + if err = ctrl.updateTargetSettings(mountTarget, volumeStatus.TypedSpec().MountSpec); err != nil { + unmounter() //nolint:errcheck + + return fmt.Errorf("failed to update target settings %q: %w", mountRequest.Metadata().ID(), err) + } + + logger.Info("overlay mount", + zap.String("volume", volumeStatus.Metadata().ID()), + zap.String("target", mountTarget), + zap.String("parent", volumeStatus.TypedSpec().ParentID), + ) + + ctrl.activeMounts[mountRequest.Metadata().ID()] = &mountContext{ + point: mountpoint, + unmounter: unmounter, + } + + return nil +} + func (ctrl *MountController) handleUnmountOperation( logger *zap.Logger, mountRequest *block.MountRequest, @@ -371,23 +582,18 @@ func (ctrl *MountController) handleUnmountOperation( ) error { switch volumeStatus.TypedSpec().Type { case block.VolumeTypeDirectory: - return ctrl.handleDirectoryUnmountOperation(mountRequest, volumeStatus) + return nil case block.VolumeTypeTmpfs: return fmt.Errorf("not implemented yet") - case block.VolumeTypeDisk, block.VolumeTypePartition: + case block.VolumeTypeDisk, block.VolumeTypePartition, block.VolumeTypeOverlay: return ctrl.handleDiskUnmountOperation(logger, mountRequest, volumeStatus) + case block.VolumeTypeSymlink: + return ctrl.handleSymlinkUmountOperation(mountRequest) default: return fmt.Errorf("unsupported volume type %q", volumeStatus.TypedSpec().Type) } } -func (ctrl *MountController) handleDirectoryUnmountOperation( - _ *block.MountRequest, - _ *block.VolumeStatus, -) error { - return nil -} - func (ctrl *MountController) handleDiskUnmountOperation( logger *zap.Logger, mountRequest *block.MountRequest, @@ -413,3 +619,11 @@ func (ctrl *MountController) handleDiskUnmountOperation( return nil } + +func (ctrl *MountController) handleSymlinkUmountOperation( + mountRequest *block.MountRequest, +) error { + delete(ctrl.activeMounts, mountRequest.Metadata().ID()) + + return nil +} diff --git a/internal/app/machined/pkg/controllers/block/mount_status_test.go b/internal/app/machined/pkg/controllers/block/mount_status_test.go new file mode 100644 index 000000000..05c293f96 --- /dev/null +++ b/internal/app/machined/pkg/controllers/block/mount_status_test.go @@ -0,0 +1,90 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package block_test + +import ( + "testing" + "time" + + "github.com/cosi-project/runtime/pkg/resource" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" + + blockctrls "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/block" + "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest" + "github.com/siderolabs/talos/pkg/machinery/resources/block" +) + +type MountStatusSuite struct { + ctest.DefaultSuite +} + +func TestMountStatusSuite(t *testing.T) { + t.Parallel() + + suite.Run(t, &MountStatusSuite{ + DefaultSuite: ctest.DefaultSuite{ + Timeout: 3 * time.Second, + AfterSetup: func(suite *ctest.DefaultSuite) { + suite.Require().NoError(suite.Runtime().RegisterController(&blockctrls.MountStatusController{})) + }, + }, + }) +} + +func (suite *MountStatusSuite) TestReconcile() { + mountStatus1 := block.NewMountStatus(block.NamespaceName, "volume1") + mountStatus1.TypedSpec().Spec = block.MountRequestSpec{ + VolumeID: "volume1", + Requesters: []string{"requester1", "requester2"}, + RequesterIDs: []string{"requester1/volume1", "requester2/volume1"}, + } + mountStatus1.TypedSpec().Target = "/target" + suite.Create(mountStatus1) + + // mount status is exploded into volume mount statuses + ctest.AssertResources(suite, + []resource.ID{"requester1/volume1", "requester2/volume1"}, + func(vms *block.VolumeMountStatus, asrt *assert.Assertions) { + asrt.Equal("volume1", vms.Metadata().Labels().Raw()["mount-status-id"]) + asrt.Equal("volume1", vms.TypedSpec().VolumeID) + asrt.Equal("/target", vms.TypedSpec().Target) + }, + ) + + // mount status should now have a finalizer + ctest.AssertResource(suite, "volume1", func(ms *block.MountStatus, asrt *assert.Assertions) { + asrt.True(ms.Metadata().Finalizers().Has((&blockctrls.MountStatusController{}).Name())) + }) + + // add a finalizer for volume mount status + suite.AddFinalizer(block.NewVolumeMountStatus(block.NamespaceName, "requester1/volume1").Metadata(), "test-finalizer") + + // now, teardown the mount status + ready, err := suite.State().Teardown(suite.Ctx(), mountStatus1.Metadata()) + suite.Require().NoError(err) + suite.Assert().False(ready) + + // volume mount status without finalizer should be removed + ctest.AssertNoResource[*block.VolumeMountStatus](suite, "requester2/volume1") + + // volume mount status with finalizer should be tearing down + ctest.AssertResource(suite, "requester1/volume1", func(vms *block.VolumeMountStatus, asrt *assert.Assertions) { + asrt.Equal(resource.PhaseTearingDown, vms.Metadata().Phase()) + }) + + // remove finalizer from volume mount status + suite.RemoveFinalizer(block.NewVolumeMountStatus(block.NamespaceName, "requester1/volume1").Metadata(), "test-finalizer") + + // volume mount status should be destroyed + ctest.AssertNoResource[*block.VolumeMountStatus](suite, "requester1/volume1") + + // now the mount status finalizers should be empty as well + ctest.AssertResource(suite, "volume1", func(ms *block.MountStatus, asrt *assert.Assertions) { + asrt.True(ms.Metadata().Finalizers().Empty()) + }) + + suite.Destroy(mountStatus1) +} diff --git a/internal/app/machined/pkg/controllers/block/mount_test.go b/internal/app/machined/pkg/controllers/block/mount_test.go new file mode 100644 index 000000000..38ca30af2 --- /dev/null +++ b/internal/app/machined/pkg/controllers/block/mount_test.go @@ -0,0 +1,152 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package block_test + +import ( + "os" + "path/filepath" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" + + blockctrls "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/block" + "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest" + "github.com/siderolabs/talos/pkg/machinery/resources/block" +) + +type MountSuite struct { + ctest.DefaultSuite +} + +func TestMountSuite(t *testing.T) { + t.Parallel() + + suite.Run(t, &MountSuite{ + DefaultSuite: ctest.DefaultSuite{ + Timeout: 3 * time.Second, + AfterSetup: func(suite *ctest.DefaultSuite) { + suite.Require().NoError(suite.Runtime().RegisterController(&blockctrls.MountController{})) + }, + }, + }) +} + +func (suite *MountSuite) mountVolume(volumeID string) { //nolint:unparam + mountRequest := block.NewMountRequest(block.NamespaceName, volumeID) + mountRequest.TypedSpec().RequesterIDs = []string{"requester1/" + volumeID} + mountRequest.TypedSpec().Requesters = []string{"requester1"} + mountRequest.TypedSpec().VolumeID = volumeID + suite.Create(mountRequest) + + // wait for the mount status to be created + ctest.AssertResource(suite, volumeID, func(*block.MountStatus, *assert.Assertions) {}) +} + +func (suite *MountSuite) TestSymlinkNew() { + dir := suite.T().TempDir() + targetPath := filepath.Join(dir, "target") + + volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1") + volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink + volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{ + SymlinkTargetPath: "/run", + Force: true, + } + volumeStatus.TypedSpec().MountSpec = block.MountSpec{ + TargetPath: targetPath, + } + volumeStatus.TypedSpec().Phase = block.VolumePhaseReady + suite.Create(volumeStatus) + + suite.mountVolume("volume1") + + // verify symlink + path, err := os.Readlink(targetPath) + suite.Require().NoError(err) + suite.Assert().Equal("/run", path) +} + +func (suite *MountSuite) TestSymlinkExists() { + dir := suite.T().TempDir() + targetPath := filepath.Join(dir, "target") + + // symlink already exists + suite.Require().NoError(os.Symlink("/run", targetPath)) + + volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1") + volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink + volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{ + SymlinkTargetPath: "/run", + } + volumeStatus.TypedSpec().MountSpec = block.MountSpec{ + TargetPath: targetPath, + } + volumeStatus.TypedSpec().Phase = block.VolumePhaseReady + suite.Create(volumeStatus) + + suite.mountVolume("volume1") + + // verify symlink + path, err := os.Readlink(targetPath) + suite.Require().NoError(err) + suite.Assert().Equal("/run", path) +} + +func (suite *MountSuite) TestSymlinkWrong() { + dir := suite.T().TempDir() + targetPath := filepath.Join(dir, "target") + + // wrong symlink target + suite.Require().NoError(os.Symlink("/foo", targetPath)) + + volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1") + volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink + volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{ + SymlinkTargetPath: "/run", + Force: true, + } + volumeStatus.TypedSpec().MountSpec = block.MountSpec{ + TargetPath: targetPath, + } + volumeStatus.TypedSpec().Phase = block.VolumePhaseReady + suite.Create(volumeStatus) + + suite.mountVolume("volume1") + + // verify symlink + path, err := os.Readlink(targetPath) + suite.Require().NoError(err) + suite.Assert().Equal("/run", path) +} + +func (suite *MountSuite) TestSymlinkDirectory() { + dir := suite.T().TempDir() + targetPath := filepath.Join(dir, "target") + + // non-empty directory structure + suite.Require().NoError(os.Mkdir(targetPath, 0o755)) + suite.Require().NoError(os.Mkdir(filepath.Join(targetPath, "foo"), 0o755)) + + volumeStatus := block.NewVolumeStatus(block.NamespaceName, "volume1") + volumeStatus.TypedSpec().Type = block.VolumeTypeSymlink + volumeStatus.TypedSpec().SymlinkSpec = block.SymlinkProvisioningSpec{ + SymlinkTargetPath: "/run", + Force: true, + } + volumeStatus.TypedSpec().MountSpec = block.MountSpec{ + TargetPath: targetPath, + } + volumeStatus.TypedSpec().Phase = block.VolumePhaseReady + suite.Create(volumeStatus) + + suite.mountVolume("volume1") + + // verify symlink + path, err := os.Readlink(targetPath) + suite.Require().NoError(err) + suite.Assert().Equal("/run", path) +} diff --git a/internal/app/machined/pkg/controllers/block/user_disk_config.go b/internal/app/machined/pkg/controllers/block/user_disk_config.go index ca625b5bf..f7726f7aa 100644 --- a/internal/app/machined/pkg/controllers/block/user_disk_config.go +++ b/internal/app/machined/pkg/controllers/block/user_disk_config.go @@ -216,10 +216,13 @@ func (ctrl *UserDiskConfigController) processUserDiskPartition( targetPath = strings.TrimPrefix(targetPath, "/var/") } - // TODO: label user disks vc.TypedSpec().Mount = block.MountSpec{ - TargetPath: targetPath, - ParentID: parentID, + TargetPath: targetPath, + ParentID: parentID, + SelinuxLabel: constants.EphemeralSelinuxLabel, + FileMode: 0o755, + UID: 0, + GID: 0, } return nil diff --git a/internal/app/machined/pkg/controllers/block/volume_config.go b/internal/app/machined/pkg/controllers/block/volume_config.go index 9dd8dd486..c6026d508 100644 --- a/internal/app/machined/pkg/controllers/block/volume_config.go +++ b/internal/app/machined/pkg/controllers/block/volume_config.go @@ -8,6 +8,8 @@ import ( "context" "encoding/json" "fmt" + "os" + "path/filepath" "github.com/cosi-project/runtime/pkg/controller" "github.com/cosi-project/runtime/pkg/safe" @@ -198,6 +200,14 @@ func (ctrl *VolumeConfigController) Run(ctx context.Context, r controller.Runtim ); err != nil { return fmt.Errorf("error creating ephemeral volume configuration: %w", err) } + + if err = ctrl.manageStandardVolumes(ctx, r); err != nil { + return fmt.Errorf("error creating standard volume configuration: %w", err) + } + + if err = ctrl.manageOverlayVolumes(ctx, r); err != nil { + return fmt.Errorf("error creating overlay volume configuration: %w", err) + } } // [TODO]: this would fail as it doesn't handle finalizers properly @@ -210,7 +220,11 @@ func (ctrl *VolumeConfigController) Run(ctx context.Context, r controller.Runtim func (ctrl *VolumeConfigController) manageEphemeralInContainer(vc *block.VolumeConfig) error { vc.TypedSpec().Type = block.VolumeTypeDirectory vc.TypedSpec().Mount = block.MountSpec{ - TargetPath: constants.EphemeralMountPoint, + TargetPath: constants.EphemeralMountPoint, + SelinuxLabel: constants.EphemeralSelinuxLabel, + FileMode: 0o755, + UID: 0, + GID: 0, } return nil @@ -247,6 +261,9 @@ func (ctrl *VolumeConfigController) manageEphemeral(config cfg.Config) func(vc * vc.TypedSpec().Mount = block.MountSpec{ TargetPath: constants.EphemeralMountPoint, SelinuxLabel: constants.EphemeralSelinuxLabel, + FileMode: 0o755, + UID: 0, + GID: 0, ProjectQuotaSupport: config.Machine().Features().DiskQuotaSupportEnabled(), } @@ -268,7 +285,11 @@ func (ctrl *VolumeConfigController) manageEphemeral(config cfg.Config) func(vc * func (ctrl *VolumeConfigController) manageStateInContainer(vc *block.VolumeConfig) error { vc.TypedSpec().Type = block.VolumeTypeDirectory vc.TypedSpec().Mount = block.MountSpec{ - TargetPath: constants.StateMountPoint, + TargetPath: constants.StateMountPoint, + SelinuxLabel: constants.StateSelinuxLabel, + FileMode: 0o700, + UID: 0, + GID: 0, } return nil @@ -284,6 +305,9 @@ func (ctrl *VolumeConfigController) manageStateConfigPresent(config cfg.Config) vc.TypedSpec().Mount = block.MountSpec{ TargetPath: constants.StateMountPoint, SelinuxLabel: constants.StateSelinuxLabel, + FileMode: 0o700, + UID: 0, + GID: 0, } vc.TypedSpec().Provisioning = block.ProvisioningSpec{ @@ -328,6 +352,9 @@ func (ctrl *VolumeConfigController) manageStateNoConfig(encryptionMeta *runtime. vc.TypedSpec().Mount = block.MountSpec{ TargetPath: constants.StateMountPoint, SelinuxLabel: constants.StateSelinuxLabel, + FileMode: 0o700, + UID: 0, + GID: 0, } match := labelVolumeMatchAndNonEmpty(constants.StatePartitionLabel) @@ -360,3 +387,184 @@ func (ctrl *VolumeConfigController) manageStateNoConfig(encryptionMeta *runtime. return nil } } + +func (ctrl *VolumeConfigController) manageStandardVolumes(ctx context.Context, r controller.Runtime) error { + if err := safe.WriterModify(ctx, r, + block.NewVolumeConfig(block.NamespaceName, "/var/run"), + func(vc *block.VolumeConfig) error { + vc.TypedSpec().Type = block.VolumeTypeSymlink + vc.TypedSpec().Symlink = block.SymlinkProvisioningSpec{ + SymlinkTargetPath: "/run", + Force: true, + } + vc.TypedSpec().Mount = block.MountSpec{ + TargetPath: "/var/run", + } + + return nil + }, + ); err != nil { + return fmt.Errorf("error creating symlink volume configuration for /var/run: %w", err) + } + + parentIDs := map[string]string{ + "/var": constants.EphemeralPartitionLabel, + "/var/run": "/var/run", + } + + for _, volume := range []struct { + ID string + Path string + Mode os.FileMode + UID int + GID int + Recursive bool + SELinuxLabel string + }{ + // /var/log + { + Path: "/var/log", + Mode: 0o755, + SELinuxLabel: "system_u:object_r:var_log_t:s0", + }, + { + Path: "/var/log/audit", + Mode: 0o700, + SELinuxLabel: "system_u:object_r:audit_log_t:s0", + }, + { + Path: constants.KubernetesAuditLogDir, + Mode: 0o700, + UID: constants.KubernetesAPIServerRunUser, + GID: constants.KubernetesAPIServerRunGroup, + Recursive: true, + SELinuxLabel: "system_u:object_r:kube_log_t:s0", + }, + { + Path: "/var/log/containers", + Mode: 0o755, + SELinuxLabel: "system_u:object_r:containers_log_t:s0", + }, + { + Path: "/var/log/pods", + Mode: 0o755, + SELinuxLabel: "system_u:object_r:pods_log_t:s0", + }, + // /var/lib + { + Path: "/var/lib", + Mode: 0o700, + SELinuxLabel: constants.EphemeralSelinuxLabel, + }, + { + ID: constants.EtcdDataVolumeID, + Path: constants.EtcdDataPath, + SELinuxLabel: constants.EtcdDataSELinuxLabel, + Mode: 0o700, + UID: constants.EtcdUserID, + GID: constants.EtcdUserID, + Recursive: true, + }, + { + Path: "/var/lib/containerd", + Mode: 0o000, + SELinuxLabel: "system_u:object_r:containerd_state_t:s0", + }, + { + Path: "/var/lib/kubelet", + Mode: 0o700, + SELinuxLabel: "system_u:object_r:kubelet_state_t:s0", + }, + { + Path: "/var/lib/cni", + Mode: 0o700, + Recursive: true, + SELinuxLabel: "system_u:object_r:cni_state_t:s0", + }, + { + Path: "/var/lib/kubelet/seccomp", + Mode: 0o700, + SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0", + }, + { + Path: constants.SeccompProfilesDirectory, + Mode: 0o700, + Recursive: true, + SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0", + }, + // /var/run + { + Path: "/var/run/lock", + Mode: 0o755, + SELinuxLabel: "system_u:object_r:var_lock_t:s0", + }, + } { + parentDir := filepath.Dir(volume.Path) + targetDir := filepath.Base(volume.Path) + + parentID, ok := parentIDs[parentDir] + if !ok { + return fmt.Errorf("unknown parent directory volume %q for %q", parentDir, volume.Path) + } + + volumeID := volume.Path + + if volume.ID != "" { + volumeID = volume.ID + } + + if err := safe.WriterModify(ctx, r, + block.NewVolumeConfig(block.NamespaceName, volumeID), + func(vc *block.VolumeConfig) error { + vc.TypedSpec().Type = block.VolumeTypeDirectory + + vc.TypedSpec().Mount = block.MountSpec{ + TargetPath: targetDir, + ParentID: parentID, + SelinuxLabel: volume.SELinuxLabel, + FileMode: volume.Mode, + UID: volume.UID, + GID: volume.GID, + RecursiveRelabel: volume.Recursive, + } + + return nil + }, + ); err != nil { + return fmt.Errorf("error creating volume configuration for %q: %w", volume.Path, err) + } + + parentIDs[volume.Path] = volumeID + } + + return nil +} + +func (ctrl *VolumeConfigController) manageOverlayVolumes(ctx context.Context, r controller.Runtime) error { + if ctrl.V1Alpha1Mode.InContainer() { + return nil + } + + for _, overlay := range constants.Overlays { + if err := safe.WriterModify(ctx, r, + block.NewVolumeConfig(block.NamespaceName, overlay.Path), + func(vc *block.VolumeConfig) error { + vc.TypedSpec().Type = block.VolumeTypeOverlay + vc.TypedSpec().ParentID = constants.EphemeralPartitionLabel + vc.TypedSpec().Mount = block.MountSpec{ + TargetPath: overlay.Path, + SelinuxLabel: overlay.Label, + FileMode: 0o755, + UID: 0, + GID: 0, + } + + return nil + }, + ); err != nil { + return fmt.Errorf("error creating volume configuration for %q: %w", overlay.Path, err) + } + } + + return nil +} diff --git a/internal/app/machined/pkg/controllers/block/volume_config_test.go b/internal/app/machined/pkg/controllers/block/volume_config_test.go index f08cd78fe..797068101 100644 --- a/internal/app/machined/pkg/controllers/block/volume_config_test.go +++ b/internal/app/machined/pkg/controllers/block/volume_config_test.go @@ -10,6 +10,8 @@ import ( "testing" "time" + "github.com/cosi-project/runtime/pkg/resource" + "github.com/siderolabs/gen/xslices" "github.com/siderolabs/go-pointer" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" @@ -120,6 +122,30 @@ func (suite *VolumeConfigSuite) TestReconcileDefaults() { asrt.Equal(constants.EphemeralMountPoint, r.TypedSpec().Mount.TargetPath) }) + + ctest.AssertResources(suite, []resource.ID{ + "/var/log", + "/var/log/audit", + "/var/log/containers", + "/var/log/pods", + constants.EtcdDataVolumeID, + "/var/lib/containerd", + "/var/lib/kubelet", + "/var/lib/cni", + constants.SeccompProfilesDirectory, + constants.KubernetesAuditLogDir, + "/var/run/lock", + }, func(r *block.VolumeConfig, asrt *assert.Assertions) { + asrt.Equal(block.VolumeTypeDirectory, r.TypedSpec().Type) + }) + + ctest.AssertResources(suite, + xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) resource.ID { + return target.Path + }), + func(r *block.VolumeConfig, asrt *assert.Assertions) { + asrt.Equal(block.VolumeTypeOverlay, r.TypedSpec().Type) + }) } func (suite *VolumeConfigSuite) TestReconcileEncryptedSTATE() { diff --git a/internal/app/machined/pkg/controllers/block/volume_manager.go b/internal/app/machined/pkg/controllers/block/volume_manager.go index 879feb3a9..caf628c33 100644 --- a/internal/app/machined/pkg/controllers/block/volume_manager.go +++ b/internal/app/machined/pkg/controllers/block/volume_manager.go @@ -49,7 +49,7 @@ func (ctrl *VolumeManagerController) Inputs() []controller.Input { { Namespace: block.NamespaceName, Type: block.VolumeStatusType, - Kind: controller.InputDestroyReady, + Kind: controller.InputStrong, }, { Namespace: block.NamespaceName, @@ -294,14 +294,31 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti volumeStatus := volumeStatuses[vc.Metadata().ID()] volumeLogger := logger.With(zap.String("volume", vc.Metadata().ID())) + var volumeParentStatus *block.VolumeStatus + + if vc.TypedSpec().ParentID != "" { + volumeParentStatus = volumeStatuses[vc.TypedSpec().ParentID] + } + + parentFinalizer := ctrl.Name() + "-" + vc.Metadata().ID() + // figure out if we are tearing down this volume or building it tearingDown := (volumeStatus != nil && volumeStatus.Metadata().Phase() == resource.PhaseTearingDown) || // we started tearing down the volume, so finish doing so vc.Metadata().Phase() == resource.PhaseTearingDown || // volume config is being torn down + volumeParentStatus != nil && volumeParentStatus.Metadata().Phase() == resource.PhaseTearingDown || // parent volume is being torn down volumeLifecycleTearingDown // global volume lifecycle requires all volumes to be torn down // volume status doesn't exist yet, figure out what to do if volumeStatus == nil { if tearingDown { + if volumeParentStatus != nil { + if volumeParentStatus.Metadata().Finalizers().Has(parentFinalizer) { + if err = r.RemoveFinalizer(ctx, volumeParentStatus.Metadata(), parentFinalizer); err != nil { + return fmt.Errorf("error removing finalizer from parent volume configuration: %w", err) + } + } + } + // happy case, we don't need to progress this volume if vc.Metadata().Finalizers().Has(ctrl.Name()) { if err = r.RemoveFinalizer(ctx, vc.Metadata(), ctrl.Name()); err != nil { @@ -316,6 +333,7 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti volumeStatus = block.NewVolumeStatus(block.NamespaceName, vc.Metadata().ID()) volumeStatus.TypedSpec().Phase = block.VolumePhaseWaiting volumeStatus.TypedSpec().Type = vc.TypedSpec().Type + volumeStatus.TypedSpec().ParentID = vc.TypedSpec().ParentID volumeStatuses[vc.Metadata().ID()] = volumeStatus } @@ -331,12 +349,15 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti prevPhase := volumeStatus.TypedSpec().Phase - if err = ctrl.processVolumeConfig( + if err = ctrl.progressVolumeConfig( ctx, volumeLogger, + r, volumes.ManagerContext{ Cfg: vc, Status: volumeStatus.TypedSpec(), + ParentStatus: volumeParentStatus, + ParentFinalizer: parentFinalizer, DiscoveredVolumes: discoveredVolumesSpecs, Disks: diskSpecs, DevicesReady: devicesReady, @@ -373,34 +394,53 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti } if prevPhase != volumeStatus.TypedSpec().Phase || err != nil { - fields := []zap.Field{ - zap.String("phase", fmt.Sprintf("%s -> %s", prevPhase, volumeStatus.TypedSpec().Phase)), - zap.Error(err), - } + suppressVolumeLogs := slices.Contains( + []block.VolumeType{ + block.VolumeTypeDirectory, + block.VolumeTypeOverlay, + block.VolumeTypeSymlink, + }, + volumeStatus.TypedSpec().Type, + ) - if volumeStatus.TypedSpec().Location != "" { - fields = append(fields, zap.String("location", volumeStatus.TypedSpec().Location)) - } + if !suppressVolumeLogs { + fields := []zap.Field{ + zap.String("phase", fmt.Sprintf("%s -> %s", prevPhase, volumeStatus.TypedSpec().Phase)), + zap.Error(err), + } - if volumeStatus.TypedSpec().MountLocation != "" && volumeStatus.TypedSpec().MountLocation != volumeStatus.TypedSpec().Location { - fields = append(fields, zap.String("mountLocation", volumeStatus.TypedSpec().MountLocation)) - } + if volumeStatus.TypedSpec().Location != "" { + fields = append(fields, zap.String("location", volumeStatus.TypedSpec().Location)) + } - if volumeStatus.TypedSpec().ParentLocation != "" { - fields = append(fields, zap.String("parentLocation", volumeStatus.TypedSpec().ParentLocation)) - } + if volumeStatus.TypedSpec().MountLocation != "" && volumeStatus.TypedSpec().MountLocation != volumeStatus.TypedSpec().Location { + fields = append(fields, zap.String("mountLocation", volumeStatus.TypedSpec().MountLocation)) + } - if len(volumeStatus.TypedSpec().EncryptionFailedSyncs) > 0 { - fields = append(fields, zap.Strings("encryptionFailedSyncs", volumeStatus.TypedSpec().EncryptionFailedSyncs)) - } + if volumeStatus.TypedSpec().ParentLocation != "" { + fields = append(fields, zap.String("parentLocation", volumeStatus.TypedSpec().ParentLocation)) + } - volumeLogger.Info("volume status", fields...) + if len(volumeStatus.TypedSpec().EncryptionFailedSyncs) > 0 { + fields = append(fields, zap.Strings("encryptionFailedSyncs", volumeStatus.TypedSpec().EncryptionFailedSyncs)) + } + + volumeLogger.Info("volume status", fields...) + } } // when closing, ignore META volume, we want it to stay longer, so no problem if is not closed yet allClosed = allClosed && (volumeStatus.TypedSpec().Phase == block.VolumePhaseClosed || vc.Metadata().ID() == constants.MetaPartitionLabel) if shouldCloseVolume && volumeStatus.TypedSpec().Phase == block.VolumePhaseClosed { + if volumeParentStatus != nil { + if volumeParentStatus.Metadata().Finalizers().Has(parentFinalizer) { + if err = r.RemoveFinalizer(ctx, volumeParentStatus.Metadata(), parentFinalizer); err != nil { + return fmt.Errorf("error removing finalizer from parent volume configuration: %w", err) + } + } + } + // we can destroy the volume status now if err = r.Destroy(ctx, volumeStatus.Metadata()); err != nil { return fmt.Errorf("error destroying volume status: %w", err) @@ -430,6 +470,25 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti } } +func (ctrl *VolumeManagerController) progressVolumeConfig(ctx context.Context, logger *zap.Logger, r controller.Runtime, volumeContext volumes.ManagerContext) error { + if !volumeContext.ShouldCloseVolume { + if volumeContext.Cfg.TypedSpec().ParentID != "" { + if volumeContext.ParentStatus == nil { + // not ready yet + return nil + } + + if !volumeContext.ParentStatus.Metadata().Finalizers().Has(volumeContext.ParentFinalizer) { + if err := r.AddFinalizer(ctx, volumeContext.ParentStatus.Metadata(), volumeContext.ParentFinalizer); err != nil { + return fmt.Errorf("error adding finalizer to parent volume configuration: %w", err) + } + } + } + } + + return ctrl.processVolumeConfig(ctx, logger, volumeContext) +} + // processVolumeConfig implements the volume configuration automata. // // Initial -> { Waiting } ----> { Missing } // volume is not found (by locator) diff --git a/internal/app/machined/pkg/controllers/cri/image_cache_config.go b/internal/app/machined/pkg/controllers/cri/image_cache_config.go index 86ed26be7..154652728 100644 --- a/internal/app/machined/pkg/controllers/cri/image_cache_config.go +++ b/internal/app/machined/pkg/controllers/cri/image_cache_config.go @@ -82,6 +82,11 @@ func (ctrl *ImageCacheConfigController) Inputs() []controller.Input { Type: block.VolumeMountStatusType, Kind: controller.InputStrong, }, + { + Namespace: block.NamespaceName, + Type: block.VolumeMountRequestType, + Kind: controller.InputDestroyReady, + }, } } @@ -252,7 +257,12 @@ func (ctrl *ImageCacheConfigController) createVolumeConfigISO(ctx context.Contex volumeCfg.TypedSpec().Locator = block.LocatorSpec{ Match: *boolExpr, } - volumeCfg.TypedSpec().Mount.TargetPath = constants.ImageCacheISOMountPoint + volumeCfg.TypedSpec().Mount = block.MountSpec{ + TargetPath: constants.ImageCacheISOMountPoint, + FileMode: 0o700, + UID: 0, + GID: 0, + } return nil }) @@ -305,7 +315,12 @@ func (ctrl *ImageCacheConfigController) createVolumeConfigDisk(ctx context.Conte volumeCfg.TypedSpec().Provisioning.FilesystemSpec.Type = block.FilesystemTypeEXT4 } - volumeCfg.TypedSpec().Mount.TargetPath = constants.ImageCacheDiskMountPoint + volumeCfg.TypedSpec().Mount = block.MountSpec{ + TargetPath: constants.ImageCacheDiskMountPoint, + FileMode: 0o700, + UID: 0, + GID: 0, + } return nil }) diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go index cf5388fe7..71255f9fd 100644 --- a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go +++ b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer.go @@ -217,17 +217,9 @@ func (*Sequencer) Boot(r runtime.Runtime) []runtime.Phase { r.State().Platform().Mode() == runtime.ModeContainer, "sharedFilesystems", SetupSharedFilesystems, - ).AppendWhen( - r.State().Platform().Mode() != runtime.ModeContainer, + ).Append( "ephemeral", MountEphemeralPartition, - ).Append( - "var", - SetupVarDirectory, - ).AppendWhen( - r.State().Platform().Mode() != runtime.ModeContainer, - "overlay", - MountOverlayFilesystems, ).AppendWhen( r.State().Platform().Mode() != runtime.ModeContainer, "udevSetup", @@ -455,7 +447,6 @@ func (*Sequencer) Upgrade(r runtime.Runtime, in *machineapi.UpgradeRequest) []ru StopServicesEphemeral, ).Append( "unmount", - UnmountOverlayFilesystems, UnmountPodMounts, ).Append( "unmountBind", @@ -503,7 +494,6 @@ func stopAllPhaselist(r runtime.Runtime, enableKexec bool) PhaseList { StopServicesEphemeral, ).Append( "umount", - UnmountOverlayFilesystems, UnmountPodMounts, ).Append( "unmountBind", diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go index f575b543e..6785183aa 100644 --- a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go +++ b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go @@ -509,15 +509,6 @@ func StopAllServices(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) }, "stopAllServices" } -// MountOverlayFilesystems represents the MountOverlayFilesystems task. -func MountOverlayFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { - return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) { - _, err = mountv2.OverlayMountPoints().Mount() - - return err - }, "mountOverlayFilesystems" -} - // SetupSharedFilesystems represents the SetupSharedFilesystems task. func SetupSharedFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) { @@ -532,132 +523,6 @@ func SetupSharedFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, s }, "setupSharedFilesystems" } -// CreateDirectory is a structure describing properties of a directory to be initialized. -type CreateDirectory struct { - Path string - Mode os.FileMode - UID, GID int - SELinuxLabel string - ExcludeLabels []string -} - -// InitializeDirectoryStructure creates directories and sets security options on them. -func InitializeDirectoryStructure(directories []CreateDirectory) error { - for _, dir := range directories { - if err := os.MkdirAll(dir.Path, dir.Mode); err != nil { - return err - } - - if err := os.Chmod(dir.Path, dir.Mode); err != nil { - return err - } - - if err := selinux.SetLabelRecursive(dir.Path, dir.SELinuxLabel, dir.ExcludeLabels...); err != nil { - return err - } - - if dir.UID != 0 || dir.GID != 0 { - if err := os.Chown(dir.Path, dir.UID, dir.GID); err != nil { - return err - } - } - } - - return nil -} - -// SetupVarDirectory represents the SetupVarDirectory task. -func SetupVarDirectory(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { - return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error { - if err := setupVarRun(logger); err != nil { - return err - } - - directoryConfigurations := []CreateDirectory{ - { - Path: "/var/log", - Mode: 0o755, - SELinuxLabel: "system_u:object_r:var_log_t:s0", - }, - { - Path: "/var/log/audit", - Mode: 0o700, - SELinuxLabel: "system_u:object_r:audit_log_t:s0", - }, - { - Path: "/var/log/containers", - Mode: 0o755, - SELinuxLabel: "system_u:object_r:containers_log_t:s0", - }, - { - Path: "/var/log/pods", - Mode: 0o755, - SELinuxLabel: "system_u:object_r:pods_log_t:s0", - }, - { - Path: "/var/lib/containerd", - Mode: 0o000, - SELinuxLabel: "system_u:object_r:containerd_state_t:s0", - }, - { - Path: "/var/lib/kubelet", - Mode: 0o700, - SELinuxLabel: "system_u:object_r:kubelet_state_t:s0", - }, - { - Path: "/var/lib/cni", - Mode: 0o700, - SELinuxLabel: "system_u:object_r:cni_state_t:s0", - }, - { - Path: "/var/run/lock", - Mode: 0o755, - SELinuxLabel: "system_u:object_r:var_lock_t:s0", - }, - { - Path: constants.SeccompProfilesDirectory, - Mode: 0o700, - SELinuxLabel: "system_u:object_r:seccomp_profile_t:s0", - }, - { - Path: constants.KubernetesAuditLogDir, - Mode: 0o700, - UID: constants.KubernetesAPIServerRunUser, - GID: constants.KubernetesAPIServerRunGroup, - SELinuxLabel: "system_u:object_r:kube_log_t:s0", - }, - } - - return InitializeDirectoryStructure(directoryConfigurations) - }, "setupVarDirectory" -} - -func setupVarRun(logger *log.Logger) error { - // handle '/var/run' - if that exists after an upgrade, and is a directory, clean it up - // if it doesn't exist, create as a symlink to '/run' - runSt, err := os.Lstat("/var/run") - if err == nil && runSt.IsDir() { - // old Talos versions had '/var/run' as a directory, clean it up on boot - entries, err := os.ReadDir("/var/run") - if err != nil { - return fmt.Errorf("failed to read /var/run: %w", err) - } - - for _, e := range entries { - if err = os.RemoveAll(filepath.Join("/var/run", e.Name())); err != nil { - logger.Printf("failed to remove %s: %s", e.Name(), err) - } - } - } else if err != nil && os.IsNotExist(err) { - // '/var/run' doesn't exist, create as a symlink to '/run' - if err = os.Symlink("/run", "/var/run"); err != nil { - return fmt.Errorf("failed to create /var/run symlink: %w", err) - } - } - - return nil -} - // MountUserDisks represents the MountUserDisks task. func MountUserDisks(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error { @@ -865,13 +730,6 @@ func existsAndIsFile(p string) (err error) { return nil } -// UnmountOverlayFilesystems represents the UnmountOverlayFilesystems task. -func UnmountOverlayFilesystems(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { - return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) { - return mountv2.OverlayMountPoints().Unmount() - }, "unmountOverlayFilesystems" -} - // UnmountPodMounts represents the UnmountPodMounts task. func UnmountPodMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) { @@ -910,18 +768,24 @@ func UnmountPodMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) } // UnmountSystemDiskBindMounts represents the UnmountSystemDiskBindMounts task. +// +//nolint:gocyclo func UnmountSystemDiskBindMounts(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) (err error) { - systemDisk, err := blockres.GetSystemDisk(ctx, r.State().V1Alpha2().Resources()) - if err != nil { + ephemeralStatus, err := safe.StateGetByID[*blockres.VolumeStatus](ctx, r.State().V1Alpha2().Resources(), constants.EphemeralPartitionLabel) + if err != nil && !state.IsNotFoundError(err) { return err } - if systemDisk == nil { + if ephemeralStatus == nil { return nil } - devname := systemDisk.DevPath + devname := ephemeralStatus.TypedSpec().MountLocation + + if devname == "" { + return nil + } f, err := os.Open("/proc/mounts") if err != nil { @@ -938,18 +802,19 @@ func UnmountSystemDiskBindMounts(runtime.Sequence, any) (runtime.TaskExecutionFu continue } - device := strings.ReplaceAll(fields[0], "/dev/mapper", "/dev") - mountpoint := fields[1] + device, mountpoint := fields[0], fields[1] - if strings.HasPrefix(device, devname) && device != devname { - logger.Printf("unmounting %s\n", mountpoint) + if device != devname || mountpoint == constants.EphemeralMountPoint { + continue + } - if err = mountv2.SafeUnmount(ctx, logger.Printf, mountpoint); err != nil { - if errors.Is(err, syscall.EINVAL) { - log.Printf("ignoring unmount error %s: %v", mountpoint, err) - } else { - return fmt.Errorf("error unmounting %s: %w", mountpoint, err) - } + logger.Printf("unmounting %s\n", mountpoint) + + if err = mountv2.SafeUnmount(ctx, logger.Printf, mountpoint); err != nil { + if errors.Is(err, syscall.EINVAL) { + log.Printf("ignoring unmount error %s: %v", mountpoint, err) + } else { + return fmt.Errorf("error unmounting %s: %w", mountpoint, err) } } } @@ -1617,21 +1482,16 @@ func UnmountEphemeralPartition(runtime.Sequence, any) (runtime.TaskExecutionFunc return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error { mountRequest := blockres.NewVolumeMountRequest(blockres.NamespaceName, constants.EphemeralPartitionLabel).Metadata() - _, err := r.State().V1Alpha2().Resources().Teardown(ctx, mountRequest) + err := r.State().V1Alpha2().Resources().Destroy(ctx, mountRequest) if err != nil { if state.IsNotFoundError(err) { return nil } - return fmt.Errorf("failed to teardown EPHEMERAL mount request: %w", err) + return fmt.Errorf("failed to destroy EPHEMERAL mount request: %w", err) } - _, err = r.State().V1Alpha2().Resources().WatchFor(ctx, mountRequest, state.WithFinalizerEmpty()) - if err != nil { - return fmt.Errorf("failed to wait for EPHEMERAL teardown: %w", err) - } - - return r.State().V1Alpha2().Resources().Destroy(ctx, mountRequest) + return nil }, "unmountEphemeralPartition" } diff --git a/internal/app/machined/pkg/startup/startup.go b/internal/app/machined/pkg/startup/startup.go index b93644b44..14b695f80 100644 --- a/internal/app/machined/pkg/startup/startup.go +++ b/internal/app/machined/pkg/startup/startup.go @@ -40,7 +40,6 @@ func DefaultTasks() []Task { LogMode, MountPseudoLate, SetupSystemDirectories, - SetupSystemSubdirectories, InitVolumeLifecycle, MountCgroups, SetRLimit, diff --git a/internal/app/machined/pkg/startup/tasks.go b/internal/app/machined/pkg/startup/tasks.go index 09e7a94ee..42f51bd97 100644 --- a/internal/app/machined/pkg/startup/tasks.go +++ b/internal/app/machined/pkg/startup/tasks.go @@ -17,7 +17,6 @@ import ( "golang.org/x/sys/unix" "github.com/siderolabs/talos/internal/app/machined/pkg/runtime" - "github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1" "github.com/siderolabs/talos/internal/pkg/environment" "github.com/siderolabs/talos/internal/pkg/mount/v2" "github.com/siderolabs/talos/internal/pkg/selinux" @@ -34,61 +33,27 @@ func LogMode(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next Next // SetupSystemDirectories creates system default directories. func SetupSystemDirectories(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next NextTaskFunc) error { - for _, path := range []string{constants.SystemEtcPath, constants.SystemVarPath, constants.StateMountPoint} { - if err := os.MkdirAll(path, 0o700); err != nil { + for _, dir := range []struct { + path string + perm os.FileMode + label string + }{ + {constants.SystemEtcPath, 0o700, constants.EtcSelinuxLabel}, + {constants.SystemVarPath, 0o700, constants.SystemVarSelinuxLabel}, + {constants.StateMountPoint, 0o700, ""}, + {constants.SystemRunPath, 0o751, "system_u:object_r:system_run_t:s0"}, + {"/system/run/containerd", 0o711, "system_u:object_r:sys_containerd_run_t:s0"}, + {"/run/containerd", 0o711, "system_u:object_r:pod_containerd_run_t:s0"}, + } { + if err := os.MkdirAll(dir.path, dir.perm); err != nil { return fmt.Errorf("setupSystemDirectories: %w", err) } - var label string - - switch path { - case constants.SystemEtcPath: - label = constants.EtcSelinuxLabel - case constants.SystemVarPath: - label = constants.SystemVarSelinuxLabel - default: // /system/state is another mount - label = "" + if dir.label != "" { + if err := selinux.SetLabel(dir.path, dir.label); err != nil { + return fmt.Errorf("setupSystemDirectories: %w", err) + } } - - if err := selinux.SetLabel(path, label); err != nil { - return err - } - } - - for _, path := range []string{constants.SystemRunPath} { - if err := os.MkdirAll(path, 0o751); err != nil { - return fmt.Errorf("setupSystemDirectories: %w", err) - } - } - - return next()(ctx, log, rt, next) -} - -// SetupSystemSubdirectories creates and configures subdirectories under /system. -func SetupSystemSubdirectories(ctx context.Context, log *zap.Logger, rt runtime.Runtime, next NextTaskFunc) error { - directoryConfigurations := []v1alpha1.CreateDirectory{ - { - Path: "/system/run", - Mode: 0o751, - SELinuxLabel: "system_u:object_r:system_run_t:s0", - }, - { - Path: "/system/run/containerd", - Mode: 0o711, - SELinuxLabel: "system_u:object_r:sys_containerd_run_t:s0", - ExcludeLabels: []string{"system_u:object_r:sys_containerd_socket_t:s0"}, - }, - { - Path: "/run/containerd", - Mode: 0o711, - SELinuxLabel: "system_u:object_r:pod_containerd_run_t:s0", - ExcludeLabels: []string{"system_u:object_r:pod_containerd_socket_t:s0"}, - }, - } - - err := v1alpha1.InitializeDirectoryStructure(directoryConfigurations) - if err != nil { - return err } return next()(ctx, log, rt, next) diff --git a/internal/app/machined/pkg/system/integration_test.go b/internal/app/machined/pkg/system/integration_test.go index 6d32ed78a..c8d4ecc97 100644 --- a/internal/app/machined/pkg/system/integration_test.go +++ b/internal/app/machined/pkg/system/integration_test.go @@ -70,7 +70,7 @@ func (TestService) DependsOn(runtime.Runtime) []string { return nil } -func (TestService) Volumes() []string { +func (TestService) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/mocks_test.go b/internal/app/machined/pkg/system/mocks_test.go index 7b8358d76..61f356c68 100644 --- a/internal/app/machined/pkg/system/mocks_test.go +++ b/internal/app/machined/pkg/system/mocks_test.go @@ -64,7 +64,7 @@ func (m *MockService) DependsOn(runtime.Runtime) []string { return m.dependencies } -func (m *MockService) Volumes() []string { +func (m *MockService) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/service.go b/internal/app/machined/pkg/system/service.go index 9c65af683..086a76c2f 100644 --- a/internal/app/machined/pkg/system/service.go +++ b/internal/app/machined/pkg/system/service.go @@ -30,7 +30,7 @@ type Service interface { // DependsOn returns list of service IDs this service depends on. DependsOn(runtime.Runtime) []string // Volumes returns a list of volume IDs the service needs. - Volumes() []string + Volumes(runtime.Runtime) []string } // HealthcheckedService is a service which provides health check. diff --git a/internal/app/machined/pkg/system/service_runner.go b/internal/app/machined/pkg/system/service_runner.go index dc6c101f4..56805d92c 100644 --- a/internal/app/machined/pkg/system/service_runner.go +++ b/internal/app/machined/pkg/system/service_runner.go @@ -219,7 +219,7 @@ func (svcrunner *ServiceRunner) Run(notifyChannels ...chan<- struct{}) error { condition = conditions.WaitForAll(serviceDependencies, condition) } - if volumeIDs := svcrunner.service.Volumes(); len(volumeIDs) > 0 && !svcrunner.runtime.State().Platform().Mode().InContainer() { + if volumeIDs := svcrunner.service.Volumes(svcrunner.runtime); len(volumeIDs) > 0 { // create volume mount request for each volume requested volumeRequestIDs := make([]string, 0, len(volumeIDs)) @@ -241,8 +241,11 @@ func (svcrunner *ServiceRunner) Run(notifyChannels ...chan<- struct{}) error { // cleanup volume mounts defer func() { - if err := svcrunner.deleteVolumeMountRequest(ctx, volumeRequestIDs); err != nil { - svcrunner.UpdateState(ctx, events.StateFailed, "Failed to clean up volumes: %v", err) + cleanupCtx, cleanupCancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cleanupCancel() + + if err := svcrunner.deleteVolumeMountRequest(cleanupCtx, volumeRequestIDs); err != nil { + svcrunner.UpdateState(cleanupCtx, events.StateFailed, "Failed to clean up volumes: %v", err) } }() } diff --git a/internal/app/machined/pkg/system/services/apid.go b/internal/app/machined/pkg/system/services/apid.go index 6ea579fde..c0f899d08 100644 --- a/internal/app/machined/pkg/system/services/apid.go +++ b/internal/app/machined/pkg/system/services/apid.go @@ -135,7 +135,7 @@ func (o *APID) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (o *APID) Volumes() []string { +func (o *APID) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/auditd.go b/internal/app/machined/pkg/system/services/auditd.go index a856b6006..4dafe181b 100644 --- a/internal/app/machined/pkg/system/services/auditd.go +++ b/internal/app/machined/pkg/system/services/auditd.go @@ -51,7 +51,7 @@ func (s *Auditd) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (s *Auditd) Volumes() []string { +func (s *Auditd) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/containerd.go b/internal/app/machined/pkg/system/services/containerd.go index 5fc0df09e..b393d1254 100644 --- a/internal/app/machined/pkg/system/services/containerd.go +++ b/internal/app/machined/pkg/system/services/containerd.go @@ -79,7 +79,7 @@ func (c *Containerd) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (c *Containerd) Volumes() []string { +func (c *Containerd) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/cri.go b/internal/app/machined/pkg/system/services/cri.go index 6791488e0..736dcb86f 100644 --- a/internal/app/machined/pkg/system/services/cri.go +++ b/internal/app/machined/pkg/system/services/cri.go @@ -11,6 +11,7 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/defaults" + "github.com/siderolabs/gen/xslices" "google.golang.org/grpc/health/grpc_health_v1" "github.com/siderolabs/talos/internal/app/machined/pkg/runtime" @@ -81,8 +82,24 @@ func (c *CRI) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (c *CRI) Volumes() []string { - return []string{constants.EphemeralPartitionLabel} +func (c *CRI) Volumes(r runtime.Runtime) []string { + volumes := []string{ + "/var/lib", + "/var/lib/cni", + "/var/lib/containerd", + "/var/run", + "/var/run/lock", + } + + if !r.State().Platform().Mode().InContainer() { + volumes = append(volumes, + xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) string { + return target.Path + })..., + ) + } + + return volumes } // Runner implements the Service interface. diff --git a/internal/app/machined/pkg/system/services/dashboard.go b/internal/app/machined/pkg/system/services/dashboard.go index 8642ded0f..2c33ac7dc 100644 --- a/internal/app/machined/pkg/system/services/dashboard.go +++ b/internal/app/machined/pkg/system/services/dashboard.go @@ -51,7 +51,7 @@ func (d *Dashboard) DependsOn(_ runtime.Runtime) []string { } // Volumes implements the Service interface. -func (d *Dashboard) Volumes() []string { +func (d *Dashboard) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/etcd.go b/internal/app/machined/pkg/system/services/etcd.go index 83be96e72..b85f02957 100644 --- a/internal/app/machined/pkg/system/services/etcd.go +++ b/internal/app/machined/pkg/system/services/etcd.go @@ -40,7 +40,6 @@ import ( "github.com/siderolabs/talos/internal/pkg/containers/image" "github.com/siderolabs/talos/internal/pkg/environment" "github.com/siderolabs/talos/internal/pkg/etcd" - "github.com/siderolabs/talos/internal/pkg/selinux" "github.com/siderolabs/talos/pkg/argsbuilder" "github.com/siderolabs/talos/pkg/conditions" "github.com/siderolabs/talos/pkg/filetree" @@ -86,25 +85,6 @@ func (e *Etcd) ID(runtime.Runtime) string { // //nolint:gocyclo func (e *Etcd) PreFunc(ctx context.Context, r runtime.Runtime) error { - if err := os.MkdirAll(constants.EtcdDataPath, 0o700); err != nil { - return err - } - - // Data path might exist after upgrade from previous version of Talos. - if err := os.Chmod(constants.EtcdDataPath, 0o700); err != nil { - return err - } - - // Relabel in case of upgrade from older version or SELinux being disabled and then enabled. - if err := selinux.SetLabel(constants.EtcdDataPath, constants.EtcdDataSELinuxLabel); err != nil { - return err - } - - // Make sure etcd user can access files in the data directory. - if err := filetree.ChownRecursive(constants.EtcdDataPath, constants.EtcdUserID, constants.EtcdUserID); err != nil { - return err - } - client, err := containerdapi.New(constants.CRIContainerdAddress) if err != nil { return err @@ -185,8 +165,11 @@ func (e *Etcd) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (e *Etcd) Volumes() []string { - return nil +func (e *Etcd) Volumes(runtime.Runtime) []string { + return []string{ + "/var/lib", + constants.EtcdDataVolumeID, + } } // Runner implements the Service interface. diff --git a/internal/app/machined/pkg/system/services/extension.go b/internal/app/machined/pkg/system/services/extension.go index 79176818c..ed6e514ed 100644 --- a/internal/app/machined/pkg/system/services/extension.go +++ b/internal/app/machined/pkg/system/services/extension.go @@ -113,7 +113,7 @@ func (svc *Extension) DependsOn(r runtime.Runtime) []string { } // Volumes implements the Service interface. -func (svc *Extension) Volumes() []string { +func (svc *Extension) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/kubelet.go b/internal/app/machined/pkg/system/services/kubelet.go index 77f307beb..c94294025 100644 --- a/internal/app/machined/pkg/system/services/kubelet.go +++ b/internal/app/machined/pkg/system/services/kubelet.go @@ -106,8 +106,18 @@ func (k *Kubelet) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (k *Kubelet) Volumes() []string { - return nil +func (k *Kubelet) Volumes(runtime.Runtime) []string { + return []string{ + "/var/lib", + "/var/lib/kubelet", + "/var/log", + "/var/log/audit", + "/var/log/containers", + "/var/log/pods", + "/var/lib/kubelet/seccomp", + constants.SeccompProfilesDirectory, + constants.KubernetesAuditLogDir, + } } // Runner implements the Service interface. @@ -236,13 +246,11 @@ func kubeletSeccomp(seccomp *specs.LinuxSeccomp) { } func simpleHealthCheck(ctx context.Context, url string) error { - req, err := http.NewRequest(http.MethodGet, url, nil) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil) if err != nil { return err } - req = req.WithContext(ctx) - resp, err := http.DefaultClient.Do(req) //nolint:bodyclose if err != nil { return err diff --git a/internal/app/machined/pkg/system/services/machined.go b/internal/app/machined/pkg/system/services/machined.go index fb91b83fa..1c7543bce 100644 --- a/internal/app/machined/pkg/system/services/machined.go +++ b/internal/app/machined/pkg/system/services/machined.go @@ -228,7 +228,7 @@ func (m *Machined) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (m *Machined) Volumes() []string { +func (m *Machined) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/registryd.go b/internal/app/machined/pkg/system/services/registryd.go index ad0cd9508..93527c08e 100644 --- a/internal/app/machined/pkg/system/services/registryd.go +++ b/internal/app/machined/pkg/system/services/registryd.go @@ -39,7 +39,7 @@ func (r *registryD) PreFunc(context.Context, runtime.Runtime) error { retur func (r *registryD) PostFunc(runtime.Runtime, events.ServiceState) error { return nil } func (r *registryD) Condition(runtime.Runtime) conditions.Condition { return nil } func (r *registryD) DependsOn(runtime.Runtime) []string { return nil } -func (r *registryD) Volumes() []string { return nil } +func (r *registryD) Volumes(runtime.Runtime) []string { return nil } func (r *registryD) HealthFunc(runtime.Runtime) health.Check { return func(ctx context.Context) error { diff --git a/internal/app/machined/pkg/system/services/syslogd.go b/internal/app/machined/pkg/system/services/syslogd.go index 9c481e546..9195137cf 100644 --- a/internal/app/machined/pkg/system/services/syslogd.go +++ b/internal/app/machined/pkg/system/services/syslogd.go @@ -51,7 +51,7 @@ func (s *Syslogd) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (s *Syslogd) Volumes() []string { +func (s *Syslogd) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/trustd.go b/internal/app/machined/pkg/system/services/trustd.go index e1c1e7424..63d349a8f 100644 --- a/internal/app/machined/pkg/system/services/trustd.go +++ b/internal/app/machined/pkg/system/services/trustd.go @@ -136,7 +136,7 @@ func (t *Trustd) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (t *Trustd) Volumes() []string { +func (t *Trustd) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/services/udevd.go b/internal/app/machined/pkg/system/services/udevd.go index 49abcf1dd..5a454ff2e 100644 --- a/internal/app/machined/pkg/system/services/udevd.go +++ b/internal/app/machined/pkg/system/services/udevd.go @@ -67,7 +67,7 @@ func (c *Udevd) DependsOn(runtime.Runtime) []string { } // Volumes implements the Service interface. -func (c *Udevd) Volumes() []string { +func (c *Udevd) Volumes(runtime.Runtime) []string { return nil } diff --git a/internal/app/machined/pkg/system/volumes.go b/internal/app/machined/pkg/system/volumes.go index 2ec9221c5..3cf9ff441 100644 --- a/internal/app/machined/pkg/system/volumes.go +++ b/internal/app/machined/pkg/system/volumes.go @@ -44,20 +44,9 @@ func (svcrunner *ServiceRunner) deleteVolumeMountRequest(ctx context.Context, re } for _, requestID := range requestIDs { - _, err := st.Teardown(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata()) + err := st.Destroy(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata()) if err != nil { - return fmt.Errorf("failed to teardown mount request %q: %w", requestID, err) - } - } - - for _, requestID := range requestIDs { - _, err := st.WatchFor(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata(), state.WithFinalizerEmpty()) - if err != nil { - return fmt.Errorf("failed to wait for teardown of mount request %q: %w", requestID, err) - } - - if err = st.Destroy(ctx, block.NewVolumeMountRequest(block.NamespaceName, requestID).Metadata()); err != nil { - return fmt.Errorf("failed to destroy mount request %q: %w", requestID, err) + return fmt.Errorf("failed to destroy volume mount request %q: %w", requestID, err) } } diff --git a/internal/integration/api/selinux.go b/internal/integration/api/selinux.go index 89aafb07b..39fe8ccd2 100644 --- a/internal/integration/api/selinux.go +++ b/internal/integration/api/selinux.go @@ -18,6 +18,7 @@ import ( "time" "github.com/cosi-project/runtime/pkg/resource/rtestutils" + "github.com/cosi-project/runtime/pkg/safe" "github.com/siderolabs/go-pointer" "github.com/siderolabs/go-procfs/procfs" "github.com/stretchr/testify/assert" @@ -76,8 +77,6 @@ func (suite *SELinuxSuite) getLabel(nodeCtx context.Context, pid int32) string { // to ensure SELinux labels for files are set when they are created and FS's are mounted with correct labels. // FIXME: cancel the test in case system was upgraded. func (suite *SELinuxSuite) TestFileMountLabels() { - suite.T().Skip("skipping this test until it becomes stable enough") - workers := suite.DiscoverNodeInternalIPsByType(suite.ctx, machine.TypeWorker) controlplanes := suite.DiscoverNodeInternalIPsByType(suite.ctx, machine.TypeControlPlane) @@ -85,9 +84,12 @@ func (suite *SELinuxSuite) TestFileMountLabels() { // Mounts constants.SystemPath: constants.SystemSelinuxLabel, constants.EphemeralMountPoint: constants.EphemeralSelinuxLabel, - constants.StateMountPoint: constants.StateSelinuxLabel, + constants.StateMountPoint: constants.SystemSelinuxLabel, constants.SystemVarPath: constants.SystemVarSelinuxLabel, constants.RunPath: constants.RunSelinuxLabel, + "/run/containerd": "system_u:object_r:pod_containerd_run_t:s0", + "/run/lock": "system_u:object_r:var_lock_t:s0", + constants.SystemRunPath: "system_u:object_r:system_run_t:s0", "/var/run": constants.RunSelinuxLabel, // Runtime files constants.APIRuntimeSocketPath: constants.APIRuntimeSocketLabel, @@ -104,8 +106,15 @@ func (suite *SELinuxSuite) TestFileMountLabels() { "/opt/cni": "system_u:object_r:cni_plugin_t:s0", "/opt/containerd": "system_u:object_r:containerd_plugin_t:s0", // Directories - "/var/lib/containerd": "system_u:object_r:containerd_state_t:s0", - "/var/lib/kubelet": "system_u:object_r:kubelet_state_t:s0", + "/var/lib/containerd": "system_u:object_r:containerd_state_t:s0", + "/var/lib/cni": "system_u:object_r:cni_state_t:s0", + "/var/lib/kubelet": "system_u:object_r:kubelet_state_t:s0", + "/var/lib/kubelet/seccomp": "system_u:object_r:seccomp_profile_t:s0", + "/var/log": "system_u:object_r:var_log_t:s0", + "/var/log/audit": "system_u:object_r:audit_log_t:s0", + constants.KubernetesAuditLogDir: "system_u:object_r:kube_log_t:s0", + "/var/log/containers": "system_u:object_r:containers_log_t:s0", + "/var/log/pods": "system_u:object_r:pods_log_t:s0", // Mounts and runtime-generated files constants.SystemEtcPath: constants.EtcSelinuxLabel, "/etc": constants.EtcSelinuxLabel, @@ -157,55 +166,69 @@ func (suite *SELinuxSuite) checkFileLabels(nodes []string, expectedLabels map[st suite.T().Skip("skipping SELinux test since SELinux is disabled") } - // We should check both folders and their contents for proper labels - for _, dir := range []bool{true, false} { - for path, label := range expectedLabels { - req := &machineapi.ListRequest{ - Root: path, - ReportXattrs: true, - } - if dir { - req.Types = []machineapi.ListRequest_Type{machineapi.ListRequest_DIRECTORY} - } + extensions, err := safe.StateListAll[*runtimeres.ExtensionStatus](nodeCtx, suite.Client.COSI) + suite.Require().NoError(err) - stream, err := suite.Client.LS(nodeCtx, req) + if extensions.Len() > 0 { + suite.T().Skip("skipping SELinux test since extensions are running") + } - suite.Require().NoError(err) + for path, label := range expectedLabels { + req := &machineapi.ListRequest{ + Root: path, + ReportXattrs: true, + } - err = helpers.ReadGRPCStream(stream, func(info *machineapi.FileInfo, node string, multipleNodes bool) error { - // E.g. /var/lib should inherit /var label, while /var/run is a new mountpoint - if slices.Contains(paths, info.Name) && info.Name != path { - return nil - } + stream, err := suite.Client.LS(nodeCtx, req) - suite.Require().NotNil(info.Xattrs) - - found := false - - for _, l := range info.Xattrs { - if l.Name == "security.selinux" { - got := string(bytes.Trim(l.Data, "\x00\n")) - suite.Require().Contains(got, label, "expected %s to have label %s, got %s", path, label, got) - - found = true - - break - } - } - - suite.Require().True(found) + suite.Require().NoError(err) + err = helpers.ReadGRPCStream(stream, func(info *machineapi.FileInfo, node string, multipleNodes bool) error { + // E.g. /var/lib should inherit /var label, while /var/run is a new mountpoint + if slices.Contains(paths, info.Name) && info.Name != path { return nil - }) - - if allowMissing { - if err != nil { - suite.Require().Contains(err.Error(), "lstat") - suite.Require().Contains(err.Error(), "no such file or directory") - } - } else { - suite.Require().NoError(err) } + + if slices.Contains( + []string{ + constants.RunPath, + constants.SystemRunPath, + "/run/containerd", + "/var/run", + "/var/log/containers", + }, + path, + ) && info.Name != path { + return nil + } + + suite.Require().NotNil(info.Xattrs) + + found := false + + for _, l := range info.Xattrs { + if l.Name == "security.selinux" { + got := string(bytes.Trim(l.Data, "\x00\n")) + suite.Require().Contains(got, label, "expected %s to have label %s, got %s (checking %s)", info.Name, label, got, path) + + found = true + + break + } + } + + suite.Require().True(found) + + return nil + }) + + if allowMissing { + if err != nil { + suite.Require().Contains(err.Error(), "lstat") + suite.Require().Contains(err.Error(), "no such file or directory") + } + } else { + suite.Require().NoError(err) } } } diff --git a/internal/integration/k8s/tink.go b/internal/integration/k8s/tink.go index 968312f3b..8563f6074 100644 --- a/internal/integration/k8s/tink.go +++ b/internal/integration/k8s/tink.go @@ -22,6 +22,7 @@ import ( "github.com/siderolabs/gen/xslices" "github.com/siderolabs/go-pointer" "github.com/siderolabs/go-retry/retry" + "github.com/stretchr/testify/assert" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -203,7 +204,11 @@ func (suite *TinkSuite) TestDeploy() { suite.T().Log("bootstrapping") - suite.Require().NoError(talosClient.Bootstrap(ctx, &machineapi.BootstrapRequest{})) + suite.Require().EventuallyWithT(func(collect *assert.CollectT) { + asrt := assert.New(collect) + + asrt.NoError(talosClient.Bootstrap(ctx, &machineapi.BootstrapRequest{})) + }, time.Minute, 100*time.Millisecond) clusterAccess := &tinkClusterAccess{ KubernetesClient: cluster.KubernetesClient{ diff --git a/internal/pkg/mount/v2/overlay.go b/internal/pkg/mount/v2/overlay.go deleted file mode 100644 index b4fc871d8..000000000 --- a/internal/pkg/mount/v2/overlay.go +++ /dev/null @@ -1,20 +0,0 @@ -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this -// file, You can obtain one at http://mozilla.org/MPL/2.0/. - -package mount - -import ( - "github.com/siderolabs/gen/xslices" - "golang.org/x/sys/unix" - - "github.com/siderolabs/talos/pkg/machinery/constants" -) - -// OverlayMountPoints returns the mountpoints required to boot the system. -// These mountpoints are used as overlays on top of the read only rootfs. -func OverlayMountPoints() Points { - return xslices.Map(constants.Overlays, func(target constants.SELinuxLabeledPath) *Point { - return NewVarOverlay([]string{target.Path}, target.Path, WithFlags(unix.MS_I_VERSION), WithSelinuxLabel(target.Label)) - }) -} diff --git a/internal/pkg/selinux/selinux.go b/internal/pkg/selinux/selinux.go index 61e68e082..de6a1be45 100644 --- a/internal/pkg/selinux/selinux.go +++ b/internal/pkg/selinux/selinux.go @@ -49,6 +49,25 @@ var IsEnforcing = sync.OnceValue(func() bool { return val != nil && *val == "1" }) +// GetLabel gets label for file, directory or symlink (not following symlinks) +// It does not perform the operation in case SELinux is disabled. +func GetLabel(filename string) (string, error) { + if !IsEnabled() { + return "", nil + } + + label, err := xattr.LGet(filename, "security.selinux") + if err != nil { + return "", err + } + + if label == nil { + return "", nil + } + + return string(bytes.Trim(label, "\x00\n")), nil +} + // SetLabel sets label for file, directory or symlink (not following symlinks) // It does not perform the operation in case SELinux is disabled, provided label is empty or already set. func SetLabel(filename string, label string, excludeLabels ...string) error { @@ -56,22 +75,22 @@ func SetLabel(filename string, label string, excludeLabels ...string) error { return nil } - // We use LGet/LSet so that we manipulate label on the exact path, not the symlink target. - currentLabel, err := xattr.LGet(filename, "security.selinux") + currentLabel, err := GetLabel(filename) if err != nil { return err } // Skip extra FS transactions when labels are okay. - if string(bytes.Trim(currentLabel, "\x00\n")) == label { + if currentLabel == label { return nil } // Skip setting label if it's in excludeLabels. - if currentLabel != nil && slices.Contains(excludeLabels, string(bytes.Trim(currentLabel, "\x00\n"))) { + if currentLabel != "" && slices.Contains(excludeLabels, currentLabel) { return nil } + // We use LGet/LSet so that we manipulate label on the exact path, not the symlink target. if err := xattr.LSet(filename, "security.selinux", []byte(label)); err != nil { return err } diff --git a/pkg/machinery/api/resource/definitions/block/block.pb.go b/pkg/machinery/api/resource/definitions/block/block.pb.go index 4effc2e4e..1af32cdb5 100644 --- a/pkg/machinery/api/resource/definitions/block/block.pb.go +++ b/pkg/machinery/api/resource/definitions/block/block.pb.go @@ -983,6 +983,10 @@ type MountSpec struct { SelinuxLabel string `protobuf:"bytes,2,opt,name=selinux_label,json=selinuxLabel,proto3" json:"selinux_label,omitempty"` ProjectQuotaSupport bool `protobuf:"varint,3,opt,name=project_quota_support,json=projectQuotaSupport,proto3" json:"project_quota_support,omitempty"` ParentId string `protobuf:"bytes,4,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"` + FileMode uint32 `protobuf:"varint,5,opt,name=file_mode,json=fileMode,proto3" json:"file_mode,omitempty"` + Uid int64 `protobuf:"varint,6,opt,name=uid,proto3" json:"uid,omitempty"` + Gid int64 `protobuf:"varint,7,opt,name=gid,proto3" json:"gid,omitempty"` + RecursiveRelabel bool `protobuf:"varint,8,opt,name=recursive_relabel,json=recursiveRelabel,proto3" json:"recursive_relabel,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1045,6 +1049,34 @@ func (x *MountSpec) GetParentId() string { return "" } +func (x *MountSpec) GetFileMode() uint32 { + if x != nil { + return x.FileMode + } + return 0 +} + +func (x *MountSpec) GetUid() int64 { + if x != nil { + return x.Uid + } + return 0 +} + +func (x *MountSpec) GetGid() int64 { + if x != nil { + return x.Gid + } + return 0 +} + +func (x *MountSpec) GetRecursiveRelabel() bool { + if x != nil { + return x.RecursiveRelabel + } + return false +} + // MountStatusSpec is the spec for MountStatus. type MountStatusSpec struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -1284,6 +1316,59 @@ func (x *ProvisioningSpec) GetFilesystemSpec() *FilesystemSpec { return nil } +// SymlinkProvisioningSpec is the spec for volume symlink. +type SymlinkProvisioningSpec struct { + state protoimpl.MessageState `protogen:"open.v1"` + SymlinkTargetPath string `protobuf:"bytes,1,opt,name=symlink_target_path,json=symlinkTargetPath,proto3" json:"symlink_target_path,omitempty"` + Force bool `protobuf:"varint,2,opt,name=force,proto3" json:"force,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SymlinkProvisioningSpec) Reset() { + *x = SymlinkProvisioningSpec{} + mi := &file_resource_definitions_block_block_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SymlinkProvisioningSpec) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SymlinkProvisioningSpec) ProtoMessage() {} + +func (x *SymlinkProvisioningSpec) ProtoReflect() protoreflect.Message { + mi := &file_resource_definitions_block_block_proto_msgTypes[15] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SymlinkProvisioningSpec.ProtoReflect.Descriptor instead. +func (*SymlinkProvisioningSpec) Descriptor() ([]byte, []int) { + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{15} +} + +func (x *SymlinkProvisioningSpec) GetSymlinkTargetPath() string { + if x != nil { + return x.SymlinkTargetPath + } + return "" +} + +func (x *SymlinkProvisioningSpec) GetForce() bool { + if x != nil { + return x.Force + } + return false +} + // SymlinkSpec is the spec for Symlinks resource. type SymlinkSpec struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -1294,7 +1379,7 @@ type SymlinkSpec struct { func (x *SymlinkSpec) Reset() { *x = SymlinkSpec{} - mi := &file_resource_definitions_block_block_proto_msgTypes[15] + mi := &file_resource_definitions_block_block_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1306,7 +1391,7 @@ func (x *SymlinkSpec) String() string { func (*SymlinkSpec) ProtoMessage() {} func (x *SymlinkSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_block_block_proto_msgTypes[15] + mi := &file_resource_definitions_block_block_proto_msgTypes[16] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1319,7 +1404,7 @@ func (x *SymlinkSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use SymlinkSpec.ProtoReflect.Descriptor instead. func (*SymlinkSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{15} + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{16} } func (x *SymlinkSpec) GetPaths() []string { @@ -1340,7 +1425,7 @@ type SystemDiskSpec struct { func (x *SystemDiskSpec) Reset() { *x = SystemDiskSpec{} - mi := &file_resource_definitions_block_block_proto_msgTypes[16] + mi := &file_resource_definitions_block_block_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1352,7 +1437,7 @@ func (x *SystemDiskSpec) String() string { func (*SystemDiskSpec) ProtoMessage() {} func (x *SystemDiskSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_block_block_proto_msgTypes[16] + mi := &file_resource_definitions_block_block_proto_msgTypes[17] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1365,7 +1450,7 @@ func (x *SystemDiskSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use SystemDiskSpec.ProtoReflect.Descriptor instead. func (*SystemDiskSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{16} + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{17} } func (x *SystemDiskSpec) GetDiskId() string { @@ -1393,7 +1478,7 @@ type UserDiskConfigStatusSpec struct { func (x *UserDiskConfigStatusSpec) Reset() { *x = UserDiskConfigStatusSpec{} - mi := &file_resource_definitions_block_block_proto_msgTypes[17] + mi := &file_resource_definitions_block_block_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1405,7 +1490,7 @@ func (x *UserDiskConfigStatusSpec) String() string { func (*UserDiskConfigStatusSpec) ProtoMessage() {} func (x *UserDiskConfigStatusSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_block_block_proto_msgTypes[17] + mi := &file_resource_definitions_block_block_proto_msgTypes[18] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1418,7 +1503,7 @@ func (x *UserDiskConfigStatusSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use UserDiskConfigStatusSpec.ProtoReflect.Descriptor instead. func (*UserDiskConfigStatusSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{17} + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{18} } func (x *UserDiskConfigStatusSpec) GetReady() bool { @@ -1437,20 +1522,21 @@ func (x *UserDiskConfigStatusSpec) GetTornDown() bool { // VolumeConfigSpec is the spec for VolumeConfig resource. type VolumeConfigSpec struct { - state protoimpl.MessageState `protogen:"open.v1"` - ParentId string `protobuf:"bytes,1,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"` - Type enums.BlockVolumeType `protobuf:"varint,2,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"` - Provisioning *ProvisioningSpec `protobuf:"bytes,3,opt,name=provisioning,proto3" json:"provisioning,omitempty"` - Locator *LocatorSpec `protobuf:"bytes,4,opt,name=locator,proto3" json:"locator,omitempty"` - Mount *MountSpec `protobuf:"bytes,5,opt,name=mount,proto3" json:"mount,omitempty"` - Encryption *EncryptionSpec `protobuf:"bytes,6,opt,name=encryption,proto3" json:"encryption,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + ParentId string `protobuf:"bytes,1,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"` + Type enums.BlockVolumeType `protobuf:"varint,2,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"` + Provisioning *ProvisioningSpec `protobuf:"bytes,3,opt,name=provisioning,proto3" json:"provisioning,omitempty"` + Locator *LocatorSpec `protobuf:"bytes,4,opt,name=locator,proto3" json:"locator,omitempty"` + Mount *MountSpec `protobuf:"bytes,5,opt,name=mount,proto3" json:"mount,omitempty"` + Encryption *EncryptionSpec `protobuf:"bytes,6,opt,name=encryption,proto3" json:"encryption,omitempty"` + Symlink *SymlinkProvisioningSpec `protobuf:"bytes,7,opt,name=symlink,proto3" json:"symlink,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *VolumeConfigSpec) Reset() { *x = VolumeConfigSpec{} - mi := &file_resource_definitions_block_block_proto_msgTypes[18] + mi := &file_resource_definitions_block_block_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1462,7 +1548,7 @@ func (x *VolumeConfigSpec) String() string { func (*VolumeConfigSpec) ProtoMessage() {} func (x *VolumeConfigSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_block_block_proto_msgTypes[18] + mi := &file_resource_definitions_block_block_proto_msgTypes[19] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1475,7 +1561,7 @@ func (x *VolumeConfigSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use VolumeConfigSpec.ProtoReflect.Descriptor instead. func (*VolumeConfigSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{18} + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{19} } func (x *VolumeConfigSpec) GetParentId() string { @@ -1520,6 +1606,13 @@ func (x *VolumeConfigSpec) GetEncryption() *EncryptionSpec { return nil } +func (x *VolumeConfigSpec) GetSymlink() *SymlinkProvisioningSpec { + if x != nil { + return x.Symlink + } + return nil +} + // VolumeMountRequestSpec is the spec for VolumeMountRequest. type VolumeMountRequestSpec struct { state protoimpl.MessageState `protogen:"open.v1"` @@ -1532,7 +1625,7 @@ type VolumeMountRequestSpec struct { func (x *VolumeMountRequestSpec) Reset() { *x = VolumeMountRequestSpec{} - mi := &file_resource_definitions_block_block_proto_msgTypes[19] + mi := &file_resource_definitions_block_block_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1544,7 +1637,7 @@ func (x *VolumeMountRequestSpec) String() string { func (*VolumeMountRequestSpec) ProtoMessage() {} func (x *VolumeMountRequestSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_block_block_proto_msgTypes[19] + mi := &file_resource_definitions_block_block_proto_msgTypes[20] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1557,7 +1650,7 @@ func (x *VolumeMountRequestSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use VolumeMountRequestSpec.ProtoReflect.Descriptor instead. func (*VolumeMountRequestSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{19} + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{20} } func (x *VolumeMountRequestSpec) GetVolumeId() string { @@ -1594,7 +1687,7 @@ type VolumeMountStatusSpec struct { func (x *VolumeMountStatusSpec) Reset() { *x = VolumeMountStatusSpec{} - mi := &file_resource_definitions_block_block_proto_msgTypes[20] + mi := &file_resource_definitions_block_block_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1606,7 +1699,7 @@ func (x *VolumeMountStatusSpec) String() string { func (*VolumeMountStatusSpec) ProtoMessage() {} func (x *VolumeMountStatusSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_block_block_proto_msgTypes[20] + mi := &file_resource_definitions_block_block_proto_msgTypes[21] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1619,7 +1712,7 @@ func (x *VolumeMountStatusSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use VolumeMountStatusSpec.ProtoReflect.Descriptor instead. func (*VolumeMountStatusSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{20} + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{21} } func (x *VolumeMountStatusSpec) GetVolumeId() string { @@ -1670,13 +1763,15 @@ type VolumeStatusSpec struct { MountSpec *MountSpec `protobuf:"bytes,15,opt,name=mount_spec,json=mountSpec,proto3" json:"mount_spec,omitempty"` Type enums.BlockVolumeType `protobuf:"varint,16,opt,name=type,proto3,enum=talos.resource.definitions.enums.BlockVolumeType" json:"type,omitempty"` ConfiguredEncryptionKeys []string `protobuf:"bytes,17,rep,name=configured_encryption_keys,json=configuredEncryptionKeys,proto3" json:"configured_encryption_keys,omitempty"` + SymlinkSpec *SymlinkProvisioningSpec `protobuf:"bytes,18,opt,name=symlink_spec,json=symlinkSpec,proto3" json:"symlink_spec,omitempty"` + ParentId string `protobuf:"bytes,19,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *VolumeStatusSpec) Reset() { *x = VolumeStatusSpec{} - mi := &file_resource_definitions_block_block_proto_msgTypes[21] + mi := &file_resource_definitions_block_block_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1688,7 +1783,7 @@ func (x *VolumeStatusSpec) String() string { func (*VolumeStatusSpec) ProtoMessage() {} func (x *VolumeStatusSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_block_block_proto_msgTypes[21] + mi := &file_resource_definitions_block_block_proto_msgTypes[22] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1701,7 +1796,7 @@ func (x *VolumeStatusSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use VolumeStatusSpec.ProtoReflect.Descriptor instead. func (*VolumeStatusSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{21} + return file_resource_definitions_block_block_proto_rawDescGZIP(), []int{22} } func (x *VolumeStatusSpec) GetPhase() enums.BlockVolumePhase { @@ -1823,6 +1918,20 @@ func (x *VolumeStatusSpec) GetConfiguredEncryptionKeys() []string { return nil } +func (x *VolumeStatusSpec) GetSymlinkSpec() *SymlinkProvisioningSpec { + if x != nil { + return x.SymlinkSpec + } + return nil +} + +func (x *VolumeStatusSpec) GetParentId() string { + if x != nil { + return x.ParentId + } + return "" +} + var File_resource_definitions_block_block_proto protoreflect.FileDescriptor var file_resource_definitions_block_block_proto_rawDesc = string([]byte{ @@ -1995,7 +2104,7 @@ var file_resource_definitions_block_block_proto_rawDesc = string([]byte{ 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x49, 0x44, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, - 0xa2, 0x01, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1f, 0x0a, + 0x90, 0x02, 0x0a, 0x09, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x65, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, @@ -2005,182 +2114,208 @@ var file_resource_definitions_block_block_proto_rawDesc = string([]byte{ 0x28, 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, - 0x6e, 0x74, 0x49, 0x64, 0x22, 0xa1, 0x03, 0x0a, 0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x46, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63, - 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x12, 0x55, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, + 0x6e, 0x74, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6d, 0x6f, 0x64, + 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x66, 0x69, 0x6c, 0x65, 0x4d, 0x6f, 0x64, + 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x03, + 0x75, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x67, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x03, + 0x52, 0x03, 0x67, 0x69, 0x64, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, + 0x76, 0x65, 0x5f, 0x72, 0x65, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x10, 0x72, 0x65, 0x63, 0x75, 0x72, 0x73, 0x69, 0x76, 0x65, 0x52, 0x65, 0x6c, 0x61, 0x62, + 0x65, 0x6c, 0x22, 0xa1, 0x03, 0x0a, 0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x46, 0x0a, 0x04, 0x73, 0x70, 0x65, 0x63, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, - 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, - 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, - 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, - 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, - 0x71, 0x75, 0x6f, 0x74, 0x61, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74, - 0x61, 0x53, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72, - 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x45, 0x6e, - 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x54, 0x79, 0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x69, - 0x6e, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x69, - 0x6e, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x5f, 0x73, 0x69, 0x7a, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, - 0x12, 0x12, 0x0a, 0x04, 0x67, 0x72, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, - 0x67, 0x72, 0x6f, 0x77, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, - 0x70, 0x65, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, - 0x79, 0x70, 0x65, 0x55, 0x75, 0x69, 0x64, 0x22, 0xae, 0x02, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x53, 0x0a, 0x0d, - 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x12, 0x56, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, - 0x70, 0x65, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x61, 0x6c, 0x6f, - 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x61, 0x76, - 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x77, 0x61, 0x76, 0x65, 0x12, 0x59, 0x0a, - 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x73, 0x70, 0x65, 0x63, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, - 0x73, 0x74, 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, - 0x73, 0x74, 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x22, 0x23, 0x0a, 0x0b, 0x53, 0x79, 0x6d, 0x6c, - 0x69, 0x6e, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x22, 0x44, 0x0a, - 0x0e, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, - 0x17, 0x0a, 0x07, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x64, 0x69, 0x73, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x76, 0x5f, - 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x76, 0x50, - 0x61, 0x74, 0x68, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x73, 0x65, 0x72, 0x44, 0x69, 0x73, 0x6b, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, - 0x14, 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, - 0x72, 0x65, 0x61, 0x64, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x72, 0x6e, 0x5f, 0x64, 0x6f, - 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x6f, 0x72, 0x6e, 0x44, 0x6f, - 0x77, 0x6e, 0x22, 0xac, 0x03, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, - 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, - 0x6e, 0x74, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x04, 0x73, 0x70, 0x65, 0x63, 0x12, 0x16, + 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x55, + 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, - 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, - 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x56, 0x0a, 0x0c, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, - 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, - 0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x69, 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x53, - 0x70, 0x65, 0x63, 0x52, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x41, 0x0a, 0x05, - 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, - 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, - 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, - 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x05, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, - 0x50, 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x22, 0x70, 0x0a, 0x16, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x76, - 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, - 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, - 0x6e, 0x6c, 0x79, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, 0x6f, - 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, - 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x72, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, - 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xb0, 0x07, - 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, - 0x65, 0x63, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, - 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, - 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, - 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x65, 0x72, 0x72, 0x6f, - 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x12, 0x0a, - 0x04, 0x75, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x75, 0x75, 0x69, - 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, - 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69, - 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x75, 0x69, 0x64, 0x12, 0x58, 0x0a, 0x0e, 0x70, 0x72, 0x65, 0x5f, - 0x66, 0x61, 0x69, 0x6c, 0x5f, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, - 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x50, - 0x68, 0x61, 0x73, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x46, 0x61, 0x69, 0x6c, 0x50, 0x68, 0x61, - 0x73, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x70, 0x61, 0x72, - 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x27, 0x0a, 0x0f, 0x70, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x08, - 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49, - 0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, - 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x55, 0x0a, 0x0a, 0x66, 0x69, 0x6c, 0x65, - 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, - 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, - 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, - 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, - 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, - 0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x4c, 0x6f, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x0c, 0x20, + 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73, + 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, + 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, + 0x6c, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, + 0x6c, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x71, 0x75, + 0x6f, 0x74, 0x61, 0x5f, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x53, + 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, - 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x65, 0x74, 0x74, 0x79, - 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x65, - 0x74, 0x74, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x65, 0x6e, 0x63, 0x72, 0x79, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x5f, 0x73, 0x79, 0x6e, - 0x63, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x53, 0x79, 0x6e, 0x63, 0x73, 0x12, - 0x4a, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x18, 0x0f, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, + 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x22, 0x8c, 0x01, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x69, 0x6e, 0x5f, + 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x69, 0x6e, 0x53, + 0x69, 0x7a, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6d, 0x61, 0x78, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x6d, 0x61, 0x78, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x67, 0x72, 0x6f, 0x77, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x67, 0x72, + 0x6f, 0x77, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x79, 0x70, 0x65, + 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x79, 0x70, + 0x65, 0x55, 0x75, 0x69, 0x64, 0x22, 0xae, 0x02, 0x0a, 0x10, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x53, 0x0a, 0x0d, 0x64, 0x69, + 0x73, 0x6b, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x2e, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, + 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x52, 0x0c, 0x64, 0x69, 0x73, 0x6b, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, + 0x56, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x70, 0x65, + 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x61, 0x72, 0x74, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x77, 0x61, 0x76, 0x65, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x77, 0x61, 0x76, 0x65, 0x12, 0x59, 0x0a, 0x0f, 0x66, + 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x73, 0x70, 0x65, 0x63, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, + 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, + 0x65, 0x6d, 0x53, 0x70, 0x65, 0x63, 0x22, 0x5f, 0x0a, 0x17, 0x53, 0x79, 0x6d, 0x6c, 0x69, 0x6e, + 0x6b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, + 0x63, 0x12, 0x2e, 0x0a, 0x13, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, 0x74, 0x61, 0x72, + 0x67, 0x65, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, + 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x61, 0x74, + 0x68, 0x12, 0x14, 0x0a, 0x05, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x05, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x22, 0x23, 0x0a, 0x0b, 0x53, 0x79, 0x6d, 0x6c, 0x69, + 0x6e, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x22, 0x44, 0x0a, 0x0e, + 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x44, 0x69, 0x73, 0x6b, 0x53, 0x70, 0x65, 0x63, 0x12, 0x17, + 0x0a, 0x07, 0x64, 0x69, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x64, 0x69, 0x73, 0x6b, 0x49, 0x64, 0x12, 0x19, 0x0a, 0x08, 0x64, 0x65, 0x76, 0x5f, 0x70, + 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x76, 0x50, 0x61, + 0x74, 0x68, 0x22, 0x4d, 0x0a, 0x18, 0x55, 0x73, 0x65, 0x72, 0x44, 0x69, 0x73, 0x6b, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, + 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x05, 0x72, + 0x65, 0x61, 0x64, 0x79, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x72, 0x6e, 0x5f, 0x64, 0x6f, 0x77, + 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x74, 0x6f, 0x72, 0x6e, 0x44, 0x6f, 0x77, + 0x6e, 0x22, 0x81, 0x04, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, + 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x49, 0x64, 0x12, 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, + 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x56, 0x0a, 0x0c, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, + 0x6f, 0x63, 0x6b, 0x2e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, + 0x53, 0x70, 0x65, 0x63, 0x52, 0x0c, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, + 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, - 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, 0x45, 0x0a, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, - 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, - 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x3c, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x64, - 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x73, - 0x18, 0x11, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x65, 0x64, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x73, - 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5a, 0x48, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, - 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, - 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x53, 0x70, + 0x65, 0x63, 0x52, 0x07, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x41, 0x0a, 0x05, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c, + 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, + 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, + 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x52, 0x05, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x50, + 0x0a, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, + 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x53, 0x70, 0x65, 0x63, 0x52, 0x0a, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x53, 0x0a, 0x07, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x39, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, + 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x53, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x50, 0x72, 0x6f, 0x76, + 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x07, 0x73, 0x79, + 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x22, 0x70, 0x0a, 0x16, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x4d, + 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, + 0x1b, 0x0a, 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, + 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, + 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0x87, 0x01, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75, + 0x6d, 0x65, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, + 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1c, + 0x0a, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, + 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, + 0x79, 0x22, 0xab, 0x08, 0x0a, 0x10, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x48, 0x0a, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x05, 0x70, 0x68, 0x61, 0x73, 0x65, + 0x12, 0x1a, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, + 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0c, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x75, 0x75, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x75, 0x75, 0x69, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x70, + 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x75, 0x69, 0x64, 0x12, 0x58, 0x0a, 0x0e, + 0x70, 0x72, 0x65, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x5f, 0x70, 0x68, 0x61, 0x73, 0x65, 0x18, 0x06, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, + 0x75, 0x6d, 0x65, 0x50, 0x68, 0x61, 0x73, 0x65, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x46, 0x61, 0x69, + 0x6c, 0x50, 0x68, 0x61, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, + 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0e, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x27, 0x0a, 0x0f, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x64, + 0x65, 0x78, 0x18, 0x08, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, + 0x18, 0x09, 0x20, 0x01, 0x28, 0x04, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x55, 0x0a, 0x0a, + 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, + 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, + 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, + 0x74, 0x65, 0x6d, 0x12, 0x25, 0x0a, 0x0e, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x6d, 0x6f, 0x75, + 0x6e, 0x74, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x6e, 0x0a, 0x13, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, + 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x54, 0x79, 0x70, 0x65, 0x52, 0x12, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, + 0x65, 0x74, 0x74, 0x79, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x70, 0x72, 0x65, 0x74, 0x74, 0x79, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x65, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x65, 0x64, + 0x5f, 0x73, 0x79, 0x6e, 0x63, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x53, 0x79, + 0x6e, 0x63, 0x73, 0x12, 0x4a, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x73, 0x70, 0x65, + 0x63, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x4d, 0x6f, 0x75, 0x6e, 0x74, + 0x53, 0x70, 0x65, 0x63, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x70, 0x65, 0x63, 0x12, + 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x31, 0x2e, + 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, + 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, + 0x2e, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, + 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3c, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x75, 0x72, 0x65, 0x64, 0x5f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x6b, 0x65, 0x79, 0x73, 0x18, 0x11, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x75, 0x72, 0x65, 0x64, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x4b, 0x65, 0x79, 0x73, 0x12, 0x5c, 0x0a, 0x0c, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x5f, + 0x73, 0x70, 0x65, 0x63, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x74, 0x61, 0x6c, + 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, + 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x2e, 0x53, 0x79, + 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, + 0x67, 0x53, 0x70, 0x65, 0x63, 0x52, 0x0b, 0x73, 0x79, 0x6d, 0x6c, 0x69, 0x6e, 0x6b, 0x53, 0x70, + 0x65, 0x63, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, + 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x42, + 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5a, 0x48, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, + 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, + 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, + 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, }) var ( @@ -2195,7 +2330,7 @@ func file_resource_definitions_block_block_proto_rawDescGZIP() []byte { return file_resource_definitions_block_block_proto_rawDescData } -var file_resource_definitions_block_block_proto_msgTypes = make([]protoimpl.MessageInfo, 22) +var file_resource_definitions_block_block_proto_msgTypes = make([]protoimpl.MessageInfo, 23) var file_resource_definitions_block_block_proto_goTypes = []any{ (*DeviceSpec)(nil), // 0: talos.resource.definitions.block.DeviceSpec (*DiscoveredVolumeSpec)(nil), // 1: talos.resource.definitions.block.DiscoveredVolumeSpec @@ -2212,49 +2347,52 @@ var file_resource_definitions_block_block_proto_goTypes = []any{ (*MountStatusSpec)(nil), // 12: talos.resource.definitions.block.MountStatusSpec (*PartitionSpec)(nil), // 13: talos.resource.definitions.block.PartitionSpec (*ProvisioningSpec)(nil), // 14: talos.resource.definitions.block.ProvisioningSpec - (*SymlinkSpec)(nil), // 15: talos.resource.definitions.block.SymlinkSpec - (*SystemDiskSpec)(nil), // 16: talos.resource.definitions.block.SystemDiskSpec - (*UserDiskConfigStatusSpec)(nil), // 17: talos.resource.definitions.block.UserDiskConfigStatusSpec - (*VolumeConfigSpec)(nil), // 18: talos.resource.definitions.block.VolumeConfigSpec - (*VolumeMountRequestSpec)(nil), // 19: talos.resource.definitions.block.VolumeMountRequestSpec - (*VolumeMountStatusSpec)(nil), // 20: talos.resource.definitions.block.VolumeMountStatusSpec - (*VolumeStatusSpec)(nil), // 21: talos.resource.definitions.block.VolumeStatusSpec - (*v1alpha1.CheckedExpr)(nil), // 22: google.api.expr.v1alpha1.CheckedExpr - (enums.BlockEncryptionKeyType)(0), // 23: talos.resource.definitions.enums.BlockEncryptionKeyType - (enums.BlockEncryptionProviderType)(0), // 24: talos.resource.definitions.enums.BlockEncryptionProviderType - (enums.BlockFilesystemType)(0), // 25: talos.resource.definitions.enums.BlockFilesystemType - (enums.BlockVolumeType)(0), // 26: talos.resource.definitions.enums.BlockVolumeType - (enums.BlockVolumePhase)(0), // 27: talos.resource.definitions.enums.BlockVolumePhase + (*SymlinkProvisioningSpec)(nil), // 15: talos.resource.definitions.block.SymlinkProvisioningSpec + (*SymlinkSpec)(nil), // 16: talos.resource.definitions.block.SymlinkSpec + (*SystemDiskSpec)(nil), // 17: talos.resource.definitions.block.SystemDiskSpec + (*UserDiskConfigStatusSpec)(nil), // 18: talos.resource.definitions.block.UserDiskConfigStatusSpec + (*VolumeConfigSpec)(nil), // 19: talos.resource.definitions.block.VolumeConfigSpec + (*VolumeMountRequestSpec)(nil), // 20: talos.resource.definitions.block.VolumeMountRequestSpec + (*VolumeMountStatusSpec)(nil), // 21: talos.resource.definitions.block.VolumeMountStatusSpec + (*VolumeStatusSpec)(nil), // 22: talos.resource.definitions.block.VolumeStatusSpec + (*v1alpha1.CheckedExpr)(nil), // 23: google.api.expr.v1alpha1.CheckedExpr + (enums.BlockEncryptionKeyType)(0), // 24: talos.resource.definitions.enums.BlockEncryptionKeyType + (enums.BlockEncryptionProviderType)(0), // 25: talos.resource.definitions.enums.BlockEncryptionProviderType + (enums.BlockFilesystemType)(0), // 26: talos.resource.definitions.enums.BlockFilesystemType + (enums.BlockVolumeType)(0), // 27: talos.resource.definitions.enums.BlockVolumeType + (enums.BlockVolumePhase)(0), // 28: talos.resource.definitions.enums.BlockVolumePhase } var file_resource_definitions_block_block_proto_depIdxs = []int32{ - 22, // 0: talos.resource.definitions.block.DiskSelector.match:type_name -> google.api.expr.v1alpha1.CheckedExpr - 23, // 1: talos.resource.definitions.block.EncryptionKey.type:type_name -> talos.resource.definitions.enums.BlockEncryptionKeyType - 24, // 2: talos.resource.definitions.block.EncryptionSpec.provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType + 23, // 0: talos.resource.definitions.block.DiskSelector.match:type_name -> google.api.expr.v1alpha1.CheckedExpr + 24, // 1: talos.resource.definitions.block.EncryptionKey.type:type_name -> talos.resource.definitions.enums.BlockEncryptionKeyType + 25, // 2: talos.resource.definitions.block.EncryptionSpec.provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType 6, // 3: talos.resource.definitions.block.EncryptionSpec.keys:type_name -> talos.resource.definitions.block.EncryptionKey - 25, // 4: talos.resource.definitions.block.FilesystemSpec.type:type_name -> talos.resource.definitions.enums.BlockFilesystemType - 22, // 5: talos.resource.definitions.block.LocatorSpec.match:type_name -> google.api.expr.v1alpha1.CheckedExpr + 26, // 4: talos.resource.definitions.block.FilesystemSpec.type:type_name -> talos.resource.definitions.enums.BlockFilesystemType + 23, // 5: talos.resource.definitions.block.LocatorSpec.match:type_name -> google.api.expr.v1alpha1.CheckedExpr 10, // 6: talos.resource.definitions.block.MountStatusSpec.spec:type_name -> talos.resource.definitions.block.MountRequestSpec - 25, // 7: talos.resource.definitions.block.MountStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType - 24, // 8: talos.resource.definitions.block.MountStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType + 26, // 7: talos.resource.definitions.block.MountStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType + 25, // 8: talos.resource.definitions.block.MountStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType 4, // 9: talos.resource.definitions.block.ProvisioningSpec.disk_selector:type_name -> talos.resource.definitions.block.DiskSelector 13, // 10: talos.resource.definitions.block.ProvisioningSpec.partition_spec:type_name -> talos.resource.definitions.block.PartitionSpec 8, // 11: talos.resource.definitions.block.ProvisioningSpec.filesystem_spec:type_name -> talos.resource.definitions.block.FilesystemSpec - 26, // 12: talos.resource.definitions.block.VolumeConfigSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType + 27, // 12: talos.resource.definitions.block.VolumeConfigSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType 14, // 13: talos.resource.definitions.block.VolumeConfigSpec.provisioning:type_name -> talos.resource.definitions.block.ProvisioningSpec 9, // 14: talos.resource.definitions.block.VolumeConfigSpec.locator:type_name -> talos.resource.definitions.block.LocatorSpec 11, // 15: talos.resource.definitions.block.VolumeConfigSpec.mount:type_name -> talos.resource.definitions.block.MountSpec 7, // 16: talos.resource.definitions.block.VolumeConfigSpec.encryption:type_name -> talos.resource.definitions.block.EncryptionSpec - 27, // 17: talos.resource.definitions.block.VolumeStatusSpec.phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase - 27, // 18: talos.resource.definitions.block.VolumeStatusSpec.pre_fail_phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase - 25, // 19: talos.resource.definitions.block.VolumeStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType - 24, // 20: talos.resource.definitions.block.VolumeStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType - 11, // 21: talos.resource.definitions.block.VolumeStatusSpec.mount_spec:type_name -> talos.resource.definitions.block.MountSpec - 26, // 22: talos.resource.definitions.block.VolumeStatusSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType - 23, // [23:23] is the sub-list for method output_type - 23, // [23:23] is the sub-list for method input_type - 23, // [23:23] is the sub-list for extension type_name - 23, // [23:23] is the sub-list for extension extendee - 0, // [0:23] is the sub-list for field type_name + 15, // 17: talos.resource.definitions.block.VolumeConfigSpec.symlink:type_name -> talos.resource.definitions.block.SymlinkProvisioningSpec + 28, // 18: talos.resource.definitions.block.VolumeStatusSpec.phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase + 28, // 19: talos.resource.definitions.block.VolumeStatusSpec.pre_fail_phase:type_name -> talos.resource.definitions.enums.BlockVolumePhase + 26, // 20: talos.resource.definitions.block.VolumeStatusSpec.filesystem:type_name -> talos.resource.definitions.enums.BlockFilesystemType + 25, // 21: talos.resource.definitions.block.VolumeStatusSpec.encryption_provider:type_name -> talos.resource.definitions.enums.BlockEncryptionProviderType + 11, // 22: talos.resource.definitions.block.VolumeStatusSpec.mount_spec:type_name -> talos.resource.definitions.block.MountSpec + 27, // 23: talos.resource.definitions.block.VolumeStatusSpec.type:type_name -> talos.resource.definitions.enums.BlockVolumeType + 15, // 24: talos.resource.definitions.block.VolumeStatusSpec.symlink_spec:type_name -> talos.resource.definitions.block.SymlinkProvisioningSpec + 25, // [25:25] is the sub-list for method output_type + 25, // [25:25] is the sub-list for method input_type + 25, // [25:25] is the sub-list for extension type_name + 25, // [25:25] is the sub-list for extension extendee + 0, // [0:25] is the sub-list for field type_name } func init() { file_resource_definitions_block_block_proto_init() } @@ -2268,7 +2406,7 @@ func file_resource_definitions_block_block_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_resource_definitions_block_block_proto_rawDesc), len(file_resource_definitions_block_block_proto_rawDesc)), NumEnums: 0, - NumMessages: 22, + NumMessages: 23, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go b/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go index f32f90ca4..76f6d4604 100644 --- a/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go +++ b/pkg/machinery/api/resource/definitions/block/block_vtproto.pb.go @@ -924,6 +924,31 @@ func (m *MountSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) { i -= len(m.unknownFields) copy(dAtA[i:], m.unknownFields) } + if m.RecursiveRelabel { + i-- + if m.RecursiveRelabel { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x40 + } + if m.Gid != 0 { + i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Gid)) + i-- + dAtA[i] = 0x38 + } + if m.Uid != 0 { + i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Uid)) + i-- + dAtA[i] = 0x30 + } + if m.FileMode != 0 { + i = protohelpers.EncodeVarint(dAtA, i, uint64(m.FileMode)) + i-- + dAtA[i] = 0x28 + } if len(m.ParentId) > 0 { i -= len(m.ParentId) copy(dAtA[i:], m.ParentId) @@ -1180,6 +1205,56 @@ func (m *ProvisioningSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *SymlinkProvisioningSpec) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *SymlinkProvisioningSpec) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *SymlinkProvisioningSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.Force { + i-- + if m.Force { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x10 + } + if len(m.SymlinkTargetPath) > 0 { + i -= len(m.SymlinkTargetPath) + copy(dAtA[i:], m.SymlinkTargetPath) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.SymlinkTargetPath))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *SymlinkSpec) MarshalVT() (dAtA []byte, err error) { if m == nil { return nil, nil @@ -1352,6 +1427,16 @@ func (m *VolumeConfigSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) { i -= len(m.unknownFields) copy(dAtA[i:], m.unknownFields) } + if m.Symlink != nil { + size, err := m.Symlink.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x3a + } if m.Encryption != nil { size, err := m.Encryption.MarshalToSizedBufferVT(dAtA[:i]) if err != nil { @@ -1558,6 +1643,27 @@ func (m *VolumeStatusSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) { i -= len(m.unknownFields) copy(dAtA[i:], m.unknownFields) } + if len(m.ParentId) > 0 { + i -= len(m.ParentId) + copy(dAtA[i:], m.ParentId) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.ParentId))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x9a + } + if m.SymlinkSpec != nil { + size, err := m.SymlinkSpec.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x92 + } if len(m.ConfiguredEncryptionKeys) > 0 { for iNdEx := len(m.ConfiguredEncryptionKeys) - 1; iNdEx >= 0; iNdEx-- { i -= len(m.ConfiguredEncryptionKeys[iNdEx]) @@ -2079,6 +2185,18 @@ func (m *MountSpec) SizeVT() (n int) { if l > 0 { n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) } + if m.FileMode != 0 { + n += 1 + protohelpers.SizeOfVarint(uint64(m.FileMode)) + } + if m.Uid != 0 { + n += 1 + protohelpers.SizeOfVarint(uint64(m.Uid)) + } + if m.Gid != 0 { + n += 1 + protohelpers.SizeOfVarint(uint64(m.Gid)) + } + if m.RecursiveRelabel { + n += 2 + } n += len(m.unknownFields) return n } @@ -2169,6 +2287,23 @@ func (m *ProvisioningSpec) SizeVT() (n int) { return n } +func (m *SymlinkProvisioningSpec) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.SymlinkTargetPath) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.Force { + n += 2 + } + n += len(m.unknownFields) + return n +} + func (m *SymlinkSpec) SizeVT() (n int) { if m == nil { return 0 @@ -2248,6 +2383,10 @@ func (m *VolumeConfigSpec) SizeVT() (n int) { l = m.Encryption.SizeVT() n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) } + if m.Symlink != nil { + l = m.Symlink.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } n += len(m.unknownFields) return n } @@ -2369,6 +2508,14 @@ func (m *VolumeStatusSpec) SizeVT() (n int) { n += 2 + l + protohelpers.SizeOfVarint(uint64(l)) } } + if m.SymlinkSpec != nil { + l = m.SymlinkSpec.SizeVT() + n += 2 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.ParentId) + if l > 0 { + n += 2 + l + protohelpers.SizeOfVarint(uint64(l)) + } n += len(m.unknownFields) return n } @@ -4937,6 +5084,83 @@ func (m *MountSpec) UnmarshalVT(dAtA []byte) error { } m.ParentId = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field FileMode", wireType) + } + m.FileMode = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.FileMode |= uint32(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Uid", wireType) + } + m.Uid = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Uid |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 7: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Gid", wireType) + } + m.Gid = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Gid |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 8: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RecursiveRelabel", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.RecursiveRelabel = bool(v != 0) default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) @@ -5539,6 +5763,109 @@ func (m *ProvisioningSpec) UnmarshalVT(dAtA []byte) error { } return nil } +func (m *SymlinkProvisioningSpec) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: SymlinkProvisioningSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: SymlinkProvisioningSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SymlinkTargetPath", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SymlinkTargetPath = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Force", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Force = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *SymlinkSpec) UnmarshalVT(dAtA []byte) error { l := len(dAtA) iNdEx := 0 @@ -6052,6 +6379,42 @@ func (m *VolumeConfigSpec) UnmarshalVT(dAtA []byte) error { return err } iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Symlink", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Symlink == nil { + m.Symlink = &SymlinkProvisioningSpec{} + } + if err := m.Symlink.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) @@ -6862,6 +7225,74 @@ func (m *VolumeStatusSpec) UnmarshalVT(dAtA []byte) error { } m.ConfiguredEncryptionKeys = append(m.ConfiguredEncryptionKeys, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 18: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SymlinkSpec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.SymlinkSpec == nil { + m.SymlinkSpec = &SymlinkProvisioningSpec{} + } + if err := m.SymlinkSpec.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 19: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ParentId", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ParentId = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := protohelpers.Skip(dAtA[iNdEx:]) diff --git a/pkg/machinery/api/resource/definitions/enums/enums.pb.go b/pkg/machinery/api/resource/definitions/enums/enums.pb.go index 5ec4a2ea0..b1e61af3c 100644 --- a/pkg/machinery/api/resource/definitions/enums/enums.pb.go +++ b/pkg/machinery/api/resource/definitions/enums/enums.pb.go @@ -2108,6 +2108,8 @@ const ( BlockVolumeType_VOLUME_TYPE_DISK BlockVolumeType = 1 BlockVolumeType_VOLUME_TYPE_TMPFS BlockVolumeType = 2 BlockVolumeType_VOLUME_TYPE_DIRECTORY BlockVolumeType = 3 + BlockVolumeType_VOLUME_TYPE_SYMLINK BlockVolumeType = 4 + BlockVolumeType_VOLUME_TYPE_OVERLAY BlockVolumeType = 5 ) // Enum value maps for BlockVolumeType. @@ -2117,12 +2119,16 @@ var ( 1: "VOLUME_TYPE_DISK", 2: "VOLUME_TYPE_TMPFS", 3: "VOLUME_TYPE_DIRECTORY", + 4: "VOLUME_TYPE_SYMLINK", + 5: "VOLUME_TYPE_OVERLAY", } BlockVolumeType_value = map[string]int32{ "VOLUME_TYPE_PARTITION": 0, "VOLUME_TYPE_DISK": 1, "VOLUME_TYPE_TMPFS": 2, "VOLUME_TYPE_DIRECTORY": 3, + "VOLUME_TYPE_SYMLINK": 4, + "VOLUME_TYPE_OVERLAY": 5, } ) @@ -2941,87 +2947,90 @@ var file_resource_definitions_enums_enums_proto_rawDesc = string([]byte{ 0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x45, 0x44, 0x10, 0x05, 0x12, 0x16, 0x0a, 0x12, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x50, 0x48, 0x41, 0x53, 0x45, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x06, 0x12, 0x17, 0x0a, 0x13, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x50, 0x48, 0x41, - 0x53, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10, 0x07, 0x2a, 0x74, 0x0a, 0x0f, 0x42, - 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, - 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x41, - 0x52, 0x54, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x4f, 0x4c, - 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x4b, 0x10, 0x01, 0x12, - 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54, - 0x4d, 0x50, 0x46, 0x53, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, - 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x59, 0x10, - 0x03, 0x2a, 0x96, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, - 0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1e, 0x0a, 0x1a, 0x49, 0x4d, 0x41, - 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, - 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b, 0x49, 0x4d, 0x41, - 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, - 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x49, 0x4d, - 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, - 0x5f, 0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x1c, 0x0a, 0x18, + 0x53, 0x45, 0x5f, 0x43, 0x4c, 0x4f, 0x53, 0x45, 0x44, 0x10, 0x07, 0x2a, 0xa6, 0x01, 0x0a, 0x0f, + 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, + 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, + 0x41, 0x52, 0x54, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x56, 0x4f, + 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x53, 0x4b, 0x10, 0x01, + 0x12, 0x15, 0x0a, 0x11, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, + 0x54, 0x4d, 0x50, 0x46, 0x53, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x56, 0x4f, 0x4c, 0x55, 0x4d, + 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x59, + 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, + 0x45, 0x5f, 0x53, 0x59, 0x4d, 0x4c, 0x49, 0x4e, 0x4b, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x56, + 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4f, 0x56, 0x45, 0x52, 0x4c, + 0x41, 0x59, 0x10, 0x05, 0x2a, 0x96, 0x01, 0x0a, 0x13, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, + 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1e, 0x0a, 0x1a, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, - 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0xab, 0x01, 0x0a, 0x17, 0x43, - 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x70, 0x79, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, - 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, - 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x49, - 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, - 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x50, 0x45, 0x44, 0x10, 0x01, - 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, - 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, 0x45, 0x4e, 0x44, - 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, - 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, - 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0x53, 0x0a, 0x11, 0x4b, 0x75, 0x62, 0x65, - 0x73, 0x70, 0x61, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, - 0x12, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, - 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, - 0x41, 0x54, 0x45, 0x5f, 0x55, 0x50, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x45, 0x45, 0x52, - 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x02, 0x2a, 0x88, 0x01, - 0x0a, 0x12, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4c, - 0x61, 0x79, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x44, - 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46, - 0x49, 0x47, 0x5f, 0x43, 0x4d, 0x44, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, - 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x50, 0x4c, 0x41, 0x54, 0x46, 0x4f, 0x52, 0x4d, 0x10, - 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, - 0x41, 0x54, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, - 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x55, - 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x4b, 0x0a, 0x0f, 0x4e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x4f, - 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50, 0x34, 0x10, 0x00, 0x12, - 0x12, 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50, - 0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, - 0x56, 0x49, 0x50, 0x10, 0x02, 0x2a, 0x9b, 0x02, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, - 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x19, 0x0a, - 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, - 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48, - 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x42, 0x4f, 0x4f, 0x54, 0x49, 0x4e, - 0x47, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, - 0x54, 0x41, 0x47, 0x45, 0x5f, 0x49, 0x4e, 0x53, 0x54, 0x41, 0x4c, 0x4c, 0x49, 0x4e, 0x47, 0x10, - 0x02, 0x12, 0x1d, 0x0a, 0x19, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, - 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, 0x45, 0x10, 0x03, + 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b, + 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, + 0x55, 0x53, 0x5f, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a, + 0x1c, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, 0x54, 0x41, + 0x54, 0x55, 0x53, 0x5f, 0x50, 0x52, 0x45, 0x50, 0x41, 0x52, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, + 0x1c, 0x0a, 0x18, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x53, + 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0xab, 0x01, + 0x0a, 0x17, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, + 0x6f, 0x70, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, + 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, + 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x23, + 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, + 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x4b, 0x49, 0x50, 0x50, 0x45, + 0x44, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x49, 0x4d, 0x41, 0x47, 0x45, 0x5f, 0x43, 0x41, 0x43, + 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x50, + 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x49, 0x4d, 0x41, 0x47, + 0x45, 0x5f, 0x43, 0x41, 0x43, 0x48, 0x45, 0x5f, 0x43, 0x4f, 0x50, 0x59, 0x5f, 0x53, 0x54, 0x41, + 0x54, 0x55, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x59, 0x10, 0x03, 0x2a, 0x53, 0x0a, 0x11, 0x4b, + 0x75, 0x62, 0x65, 0x73, 0x70, 0x61, 0x6e, 0x50, 0x65, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, + 0x12, 0x16, 0x0a, 0x12, 0x50, 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, + 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x50, 0x45, 0x45, 0x52, + 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x55, 0x50, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, + 0x45, 0x45, 0x52, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x02, + 0x2a, 0x88, 0x01, 0x0a, 0x12, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x4c, 0x61, 0x79, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x4f, 0x4e, 0x46, 0x49, + 0x47, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x43, + 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x43, 0x4d, 0x44, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12, + 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x50, 0x4c, 0x41, 0x54, 0x46, 0x4f, + 0x52, 0x4d, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x4f, + 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x4f, 0x4e, + 0x46, 0x49, 0x47, 0x5f, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, + 0x49, 0x47, 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x4b, 0x0a, 0x0f, 0x4e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x12, 0x12, + 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, 0x48, 0x43, 0x50, 0x34, + 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x44, + 0x48, 0x43, 0x50, 0x36, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, + 0x4f, 0x52, 0x5f, 0x56, 0x49, 0x50, 0x10, 0x02, 0x2a, 0x9b, 0x02, 0x0a, 0x13, 0x52, 0x75, 0x6e, + 0x74, 0x69, 0x6d, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, - 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x1b, 0x0a, 0x17, 0x4d, - 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45, 0x42, - 0x4f, 0x4f, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x41, 0x43, 0x48, - 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x48, 0x55, 0x54, 0x54, 0x49, - 0x4e, 0x47, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x06, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43, - 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45, 0x53, 0x45, 0x54, - 0x54, 0x49, 0x4e, 0x47, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, - 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x49, 0x4e, - 0x47, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x53, 0x45, - 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x53, 0x45, - 0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x44, 0x49, 0x53, - 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x53, 0x45, 0x5f, 0x4c, 0x49, - 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, - 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4e, - 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x46, 0x4f, 0x52, 0x43, 0x49, - 0x4e, 0x47, 0x10, 0x02, 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, - 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, - 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, - 0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, - 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, - 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x45, 0x5f, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x4d, + 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x42, 0x4f, 0x4f, + 0x54, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, + 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x49, 0x4e, 0x53, 0x54, 0x41, 0x4c, 0x4c, 0x49, + 0x4e, 0x47, 0x10, 0x02, 0x12, 0x1d, 0x0a, 0x19, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, + 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, + 0x45, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, + 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x55, 0x4e, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x1b, + 0x0a, 0x17, 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, + 0x52, 0x45, 0x42, 0x4f, 0x4f, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, + 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x53, 0x48, 0x55, + 0x54, 0x54, 0x49, 0x4e, 0x47, 0x5f, 0x44, 0x4f, 0x57, 0x4e, 0x10, 0x06, 0x12, 0x1b, 0x0a, 0x17, + 0x4d, 0x41, 0x43, 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x52, 0x45, + 0x53, 0x45, 0x54, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x07, 0x12, 0x1b, 0x0a, 0x17, 0x4d, 0x41, 0x43, + 0x48, 0x49, 0x4e, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x47, 0x45, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, + 0x44, 0x49, 0x4e, 0x47, 0x10, 0x08, 0x2a, 0x6f, 0x0a, 0x13, 0x52, 0x75, 0x6e, 0x74, 0x69, 0x6d, + 0x65, 0x53, 0x45, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, + 0x17, 0x53, 0x45, 0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, + 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x53, 0x45, + 0x5f, 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x50, 0x45, 0x52, + 0x4d, 0x49, 0x53, 0x53, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x53, 0x45, 0x5f, + 0x4c, 0x49, 0x4e, 0x55, 0x58, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x46, 0x4f, + 0x52, 0x43, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x42, 0x74, 0x0a, 0x28, 0x64, 0x65, 0x76, 0x2e, 0x74, + 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, + 0x75, 0x6d, 0x73, 0x5a, 0x48, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, + 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, + 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, }) var ( diff --git a/pkg/machinery/constants/constants.go b/pkg/machinery/constants/constants.go index 622acd749..5f3007738 100644 --- a/pkg/machinery/constants/constants.go +++ b/pkg/machinery/constants/constants.go @@ -477,6 +477,9 @@ const ( // EtcdDataPath is the path where etcd stores its' data. EtcdDataPath = "/var/lib/etcd" + // EtcdDataVolumeID is the ID of the etcd data volume. + EtcdDataVolumeID = "ETCD" + // EtcdDataSELinuxLabel is the SELinux label for the etcd data directory. EtcdDataSELinuxLabel = "system_u:object_r:etcd_data_t:s0" diff --git a/pkg/machinery/gendata/data/pkgs b/pkg/machinery/gendata/data/pkgs index d5619ac18..6b376ae21 100644 --- a/pkg/machinery/gendata/data/pkgs +++ b/pkg/machinery/gendata/data/pkgs @@ -1 +1 @@ -v1.10.0-alpha.0-69-g665f782 \ No newline at end of file +v1.10.0-alpha.0-72-g7d7323b \ No newline at end of file diff --git a/pkg/machinery/resources/block/volume_config.go b/pkg/machinery/resources/block/volume_config.go index 8ae2f25f0..8f7b54a53 100644 --- a/pkg/machinery/resources/block/volume_config.go +++ b/pkg/machinery/resources/block/volume_config.go @@ -5,6 +5,8 @@ package block import ( + "os" + "github.com/cosi-project/runtime/pkg/resource" "github.com/cosi-project/runtime/pkg/resource/meta" "github.com/cosi-project/runtime/pkg/resource/protobuf" @@ -41,6 +43,9 @@ type VolumeConfigSpec struct { // Mount options for the volume. Mount MountSpec `yaml:"mount,omitempty" protobuf:"5"` + + // Symlink options for the volume. + Symlink SymlinkProvisioningSpec `yaml:"symlink,omitempty" protobuf:"7"` } // Wave constants. @@ -154,6 +159,24 @@ type MountSpec struct { ProjectQuotaSupport bool `yaml:"projectQuotaSupport" protobuf:"3"` // Parent mount request ID. ParentID string `yaml:"parentId,omitempty" protobuf:"4"` + // FileMode is the file mode for the mount target. + FileMode os.FileMode `yaml:"fileMode,omitempty" protobuf:"5"` + // UID is the user ID for the mount target. + UID int `yaml:"uid,omitempty" protobuf:"6"` + // GID is the group ID for the mount target. + GID int `yaml:"gid,omitempty" protobuf:"7"` + // RecursiveRelabel is the recursive relabel/chown flag for the mount target. + RecursiveRelabel bool `yaml:"recursiveRelabel,omitempty" protobuf:"8"` +} + +// SymlinkProvisioningSpec is the spec for volume symlink. +// +//gotagsrewrite:gen +type SymlinkProvisioningSpec struct { + // Symlink target path for the volume. + SymlinkTargetPath string `yaml:"symlinkTargetPath" protobuf:"1"` + // Force symlink creation. + Force bool `yaml:"force" protobuf:"2"` } // NewVolumeConfig initializes a BlockVolumeConfig resource. diff --git a/pkg/machinery/resources/block/volume_status.go b/pkg/machinery/resources/block/volume_status.go index 04c568ae6..99d25cb39 100644 --- a/pkg/machinery/resources/block/volume_status.go +++ b/pkg/machinery/resources/block/volume_status.go @@ -27,7 +27,8 @@ type VolumeStatusSpec struct { Phase VolumePhase `yaml:"phase" protobuf:"1"` PreFailPhase VolumePhase `yaml:"preFailPhase,omitempty" protobuf:"6"` - Type VolumeType `yaml:"type" protobuf:"16"` + Type VolumeType `yaml:"type" protobuf:"16"` + ParentID string `yaml:"parentID,omitempty" protobuf:"19"` // Location is the path to the block device (raw). Location string `yaml:"location,omitempty" protobuf:"2"` @@ -56,6 +57,9 @@ type VolumeStatusSpec struct { // MountSpec is the mount specification. MountSpec MountSpec `yaml:"mountSpec,omitempty" protobuf:"15"` + // Symlink is the symlink specification. + SymlinkSpec SymlinkProvisioningSpec `yaml:"symlink,omitempty" protobuf:"18"` + ErrorMessage string `yaml:"errorMessage,omitempty" protobuf:"3"` } diff --git a/pkg/machinery/resources/block/volumetype.go b/pkg/machinery/resources/block/volumetype.go index a7711a7a1..c973330f4 100644 --- a/pkg/machinery/resources/block/volumetype.go +++ b/pkg/machinery/resources/block/volumetype.go @@ -15,4 +15,6 @@ const ( VolumeTypeDisk // disk VolumeTypeTmpfs // tmpfs VolumeTypeDirectory // directory + VolumeTypeSymlink // symlink + VolumeTypeOverlay // overlay ) diff --git a/pkg/machinery/resources/block/volumetype_enumer.go b/pkg/machinery/resources/block/volumetype_enumer.go index 219444ebc..0b8ab63dd 100644 --- a/pkg/machinery/resources/block/volumetype_enumer.go +++ b/pkg/machinery/resources/block/volumetype_enumer.go @@ -7,11 +7,11 @@ import ( "strings" ) -const _VolumeTypeName = "partitiondisktmpfsdirectory" +const _VolumeTypeName = "partitiondisktmpfsdirectorysymlinkoverlay" -var _VolumeTypeIndex = [...]uint8{0, 9, 13, 18, 27} +var _VolumeTypeIndex = [...]uint8{0, 9, 13, 18, 27, 34, 41} -const _VolumeTypeLowerName = "partitiondisktmpfsdirectory" +const _VolumeTypeLowerName = "partitiondisktmpfsdirectorysymlinkoverlay" func (i VolumeType) String() string { if i < 0 || i >= VolumeType(len(_VolumeTypeIndex)-1) { @@ -28,9 +28,11 @@ func _VolumeTypeNoOp() { _ = x[VolumeTypeDisk-(1)] _ = x[VolumeTypeTmpfs-(2)] _ = x[VolumeTypeDirectory-(3)] + _ = x[VolumeTypeSymlink-(4)] + _ = x[VolumeTypeOverlay-(5)] } -var _VolumeTypeValues = []VolumeType{VolumeTypePartition, VolumeTypeDisk, VolumeTypeTmpfs, VolumeTypeDirectory} +var _VolumeTypeValues = []VolumeType{VolumeTypePartition, VolumeTypeDisk, VolumeTypeTmpfs, VolumeTypeDirectory, VolumeTypeSymlink, VolumeTypeOverlay} var _VolumeTypeNameToValueMap = map[string]VolumeType{ _VolumeTypeName[0:9]: VolumeTypePartition, @@ -41,6 +43,10 @@ var _VolumeTypeNameToValueMap = map[string]VolumeType{ _VolumeTypeLowerName[13:18]: VolumeTypeTmpfs, _VolumeTypeName[18:27]: VolumeTypeDirectory, _VolumeTypeLowerName[18:27]: VolumeTypeDirectory, + _VolumeTypeName[27:34]: VolumeTypeSymlink, + _VolumeTypeLowerName[27:34]: VolumeTypeSymlink, + _VolumeTypeName[34:41]: VolumeTypeOverlay, + _VolumeTypeLowerName[34:41]: VolumeTypeOverlay, } var _VolumeTypeNames = []string{ @@ -48,6 +54,8 @@ var _VolumeTypeNames = []string{ _VolumeTypeName[9:13], _VolumeTypeName[13:18], _VolumeTypeName[18:27], + _VolumeTypeName[27:34], + _VolumeTypeName[34:41], } // VolumeTypeString retrieves an enum value from the enum constants string name. diff --git a/website/content/v1.10/reference/api.md b/website/content/v1.10/reference/api.md index d3546eefb..87e1cf8eb 100644 --- a/website/content/v1.10/reference/api.md +++ b/website/content/v1.10/reference/api.md @@ -42,6 +42,7 @@ description: Talos gRPC API reference. - [MountStatusSpec](#talos.resource.definitions.block.MountStatusSpec) - [PartitionSpec](#talos.resource.definitions.block.PartitionSpec) - [ProvisioningSpec](#talos.resource.definitions.block.ProvisioningSpec) + - [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec) - [SymlinkSpec](#talos.resource.definitions.block.SymlinkSpec) - [SystemDiskSpec](#talos.resource.definitions.block.SystemDiskSpec) - [UserDiskConfigStatusSpec](#talos.resource.definitions.block.UserDiskConfigStatusSpec) @@ -1058,6 +1059,10 @@ MountSpec is the spec for volume mount. | selinux_label | [string](#string) | | | | project_quota_support | [bool](#bool) | | | | parent_id | [string](#string) | | | +| file_mode | [uint32](#uint32) | | | +| uid | [int64](#int64) | | | +| gid | [int64](#int64) | | | +| recursive_relabel | [bool](#bool) | | | @@ -1122,6 +1127,22 @@ ProvisioningSpec is the spec for volume provisioning. + + +### SymlinkProvisioningSpec +SymlinkProvisioningSpec is the spec for volume symlink. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| symlink_target_path | [string](#string) | | | +| force | [bool](#bool) | | | + + + + + + ### SymlinkSpec @@ -1183,6 +1204,7 @@ VolumeConfigSpec is the spec for VolumeConfig resource. | locator | [LocatorSpec](#talos.resource.definitions.block.LocatorSpec) | | | | mount | [MountSpec](#talos.resource.definitions.block.MountSpec) | | | | encryption | [EncryptionSpec](#talos.resource.definitions.block.EncryptionSpec) | | | +| symlink | [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec) | | | @@ -1249,6 +1271,8 @@ VolumeStatusSpec is the spec for VolumeStatus resource. | mount_spec | [MountSpec](#talos.resource.definitions.block.MountSpec) | | | | type | [talos.resource.definitions.enums.BlockVolumeType](#talos.resource.definitions.enums.BlockVolumeType) | | | | configured_encryption_keys | [string](#string) | repeated | | +| symlink_spec | [SymlinkProvisioningSpec](#talos.resource.definitions.block.SymlinkProvisioningSpec) | | | +| parent_id | [string](#string) | | | @@ -1654,6 +1678,8 @@ BlockVolumeType describes volume type. | VOLUME_TYPE_DISK | 1 | | | VOLUME_TYPE_TMPFS | 2 | | | VOLUME_TYPE_DIRECTORY | 3 | | +| VOLUME_TYPE_SYMLINK | 4 | | +| VOLUME_TYPE_OVERLAY | 5 | |