mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2026-05-05 20:36:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

test: fix enforcing steps in cron

Browse Source 
Build UKI certs in cron.

Also pass `enforcing=1` to the initial step (if applicable).

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This commit is contained in:
Andrey Smirnov 2025-04-02 15:11:12 +04:00
parent 203e02df49
commit 5eaaa7ffa1
No known key found for this signature in database
GPG Key ID: FE042E3D4085A811
9 changed files with 141 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
.github/workflows/ci.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-04-01T10:44:44Z by kres d903dae.
# Generated on 2025-04-02T11:11:10Z by kres d903dae.
name: default
concurrency:
@ -1179,6 +1179,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -1201,6 +1207,7 @@ jobs:
QEMU_MEMORY_WORKERS: "4096"
TAG_SUFFIX_IN: -enforcing
TEST_MODE: fast-conformance
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
@ -2154,6 +2161,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -2175,6 +2188,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "false"
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: e2e-kubespan
@ -2185,6 +2199,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "true"
WITH_ENFORCING: "true"
WITH_KUBESPAN: "true"
run: |
sudo -E make e2e-qemu
@ -2197,6 +2212,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: e2e-min-requirements
@ -2209,6 +2225,7 @@ jobs:
QEMU_SYSTEM_DISK_SIZE: "10240"
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
@ -2557,6 +2574,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -2577,6 +2600,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: "true"
WITH_NETWORK_CHAOS: "yes"
run: |
sudo -E make e2e-qemu
@ -2588,6 +2612,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_INJECTION_METHOD: metal-iso
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: e2e-iommu-pcidriverrebind
@ -2597,6 +2622,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: "true"
WITH_IOMMU: "yes"
run: |
sudo -E make e2e-qemu
@ -2811,6 +2837,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -2832,6 +2864,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_SIDEROLINK_AGENT: "true"
run: |
sudo -E make e2e-qemu
@ -2843,6 +2876,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_SIDEROLINK_AGENT: tunnel
run: |
sudo -E make e2e-qemu
@ -2854,6 +2888,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_SIDEROLINK_AGENT: wireguard+tls
run: |
sudo -E make e2e-qemu
@ -2873,6 +2908,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml'
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts
@ -3790,6 +3826,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -3813,6 +3855,7 @@ jobs:
TAG_SUFFIX_IN: -enforcing
USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_ENFORCING: "true"
WITH_USER_DISK: "true"
run: |
sudo -E make e2e-qemu
@ -4227,6 +4270,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_TRUSTED_BOOT_ISO: "true"
run: |
sudo -E make e2e-qemu

9
.github/workflows/integration-conformance-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
# Generated on 2025-04-02T11:11:10Z by kres d903dae.
name: integration-conformance-enforcing-cron
concurrency:
@ -74,6 +74,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -96,6 +102,7 @@ jobs:
QEMU_MEMORY_WORKERS: "4096"
TAG_SUFFIX_IN: -enforcing
TEST_MODE: fast-conformance
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts

12
.github/workflows/integration-misc-1-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-04-01T10:44:44Z by kres d903dae.
# Generated on 2025-04-02T11:11:10Z by kres d903dae.
name: integration-misc-1-enforcing-cron
concurrency:
@ -74,6 +74,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -95,6 +101,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "false"
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: e2e-kubespan
@ -105,6 +112,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CLUSTER_DISCOVERY: "true"
WITH_ENFORCING: "true"
WITH_KUBESPAN: "true"
run: |
sudo -E make e2e-qemu
@ -117,6 +125,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: e2e-min-requirements
@ -129,6 +138,7 @@ jobs:
QEMU_SYSTEM_DISK_SIZE: "10240"
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts

11
.github/workflows/integration-misc-3-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
# Generated on 2025-04-02T11:11:10Z by kres d903dae.
name: integration-misc-3-enforcing-cron
concurrency:
@ -74,6 +74,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -94,6 +100,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: "true"
WITH_NETWORK_CHAOS: "yes"
run: |
sudo -E make e2e-qemu
@ -105,6 +112,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_INJECTION_METHOD: metal-iso
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: e2e-iommu-pcidriverrebind
@ -114,6 +122,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: "true"
WITH_IOMMU: "yes"
run: |
sudo -E make e2e-qemu

12
.github/workflows/integration-misc-4-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
# Generated on 2025-04-02T11:11:10Z by kres d903dae.
name: integration-misc-4-enforcing-cron
concurrency:
@ -74,6 +74,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -95,6 +101,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_SIDEROLINK_AGENT: "true"
run: |
sudo -E make e2e-qemu
@ -106,6 +113,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_SIDEROLINK_AGENT: tunnel
run: |
sudo -E make e2e-qemu
@ -117,6 +125,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_SIDEROLINK_AGENT: wireguard+tls
run: |
sudo -E make e2e-qemu
@ -136,6 +145,7 @@ jobs:
SHORT_INTEGRATION_TEST: "yes"
TAG_SUFFIX_IN: -enforcing
WITH_CONFIG_PATCH: '@hack/test/patches/usernamespace.yaml'
WITH_ENFORCING: "true"
run: |
sudo -E make e2e-qemu
- name: save artifacts

9
.github/workflows/integration-qemu-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
# Generated on 2025-04-02T11:11:10Z by kres d903dae.
name: integration-qemu-enforcing-cron
concurrency:
@ -74,6 +74,12 @@ jobs:
PUSH: "true"
run: |
make talosctl-linux-amd64 kernel sd-boot sd-stub initramfs installer-base imager talos _out/integration-test-linux-amd64
- name: uki-certs
if: github.event_name == 'schedule'
env:
PLATFORM: linux/amd64
run: |
make uki-certs
- name: talosctl-cni-bundle
if: github.event_name == 'schedule'
run: |
@ -97,6 +103,7 @@ jobs:
TAG_SUFFIX_IN: -enforcing
USER_DISKS_MOUNTS: /var/lib/extra,/var/lib/p1,/var/lib/p2
WITH_CONFIG_PATCH_WORKER: '@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml'
WITH_ENFORCING: "true"
WITH_USER_DISK: "true"
run: |
sudo -E make e2e-qemu

3
.github/workflows/integration-trusted-boot-enforcing-cron.yaml vendored
View File

@ -1,6 +1,6 @@
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
#
# Generated on 2025-04-01T08:14:24Z by kres d903dae.
# Generated on 2025-04-02T11:11:10Z by kres d903dae.
name: integration-trusted-boot-enforcing-cron
concurrency:
@ -108,6 +108,7 @@ jobs:
IMAGE_REGISTRY: registry.dev.siderolabs.io
TAG_SUFFIX_IN: -enforcing
VIA_MAINTENANCE_MODE: "true"
WITH_ENFORCING: "true"
WITH_TRUSTED_BOOT_ISO: "true"
run: |
sudo -E make e2e-qemu

39
.kres.yaml
View File

@ -388,6 +388,11 @@ spec:
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: uki-certs
environment:
PLATFORM: linux/amd64
conditions:
- only-on-schedule
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
@ -410,6 +415,7 @@ spec:
QEMU_EXTRA_DISKS_DRIVERS: "ide,nvme"
WITH_CONFIG_PATCH_WORKER: "@hack/test/patches/ephemeral-nvme.yaml:@hack/test/patches/dm-raid-module.yaml"
WITH_USER_DISK: "true"
WITH_ENFORCING: true
USER_DISKS_MOUNTS: "/var/lib/extra,/var/lib/p1,/var/lib/p2"
- name: save-talos-logs
conditions:
@ -505,6 +511,11 @@ spec:
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: uki-certs
environment:
PLATFORM: linux/amd64
conditions:
- only-on-schedule
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
@ -525,6 +536,7 @@ spec:
QEMU_MEMORY_WORKERS: 4096
TEST_MODE: fast-conformance
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: true
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@ -671,6 +683,7 @@ spec:
VIA_MAINTENANCE_MODE: true
WITH_TRUSTED_BOOT_ISO: true
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: true
EXTRA_TEST_ARGS: "-talos.trustedboot -talos.enforcing"
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
@ -1034,6 +1047,11 @@ spec:
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: uki-certs
environment:
PLATFORM: linux/amd64
conditions:
- only-on-schedule
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
@ -1054,6 +1072,7 @@ spec:
WITH_CLUSTER_DISCOVERY: false
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
WITH_ENFORCING: true
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-kubespan
command: e2e-qemu
@ -1065,6 +1084,7 @@ spec:
WITH_KUBESPAN: true
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
WITH_ENFORCING: true
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-default-hostname
command: e2e-qemu
@ -1076,6 +1096,7 @@ spec:
DISABLE_DHCP_HOSTNAME: true
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
WITH_ENFORCING: true
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-min-requirements
command: e2e-qemu
@ -1088,6 +1109,7 @@ spec:
QEMU_SYSTEM_DISK_SIZE: 10240
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
WITH_ENFORCING: true
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
conditions:
@ -1311,6 +1333,11 @@ spec:
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: uki-certs
environment:
PLATFORM: linux/amd64
conditions:
- only-on-schedule
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
@ -1331,6 +1358,7 @@ spec:
WITH_NETWORK_CHAOS: yes
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
WITH_ENFORCING: true
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-metal-iso
command: e2e-qemu
@ -1341,6 +1369,7 @@ spec:
WITH_CONFIG_INJECTION_METHOD: "metal-iso"
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
WITH_ENFORCING: true
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-iommu-pcidriverrebind
command: e2e-qemu
@ -1351,6 +1380,7 @@ spec:
WITH_IOMMU: yes
TAG_SUFFIX_IN: -enforcing
EXTRA_TEST_ARGS: -talos.enforcing
WITH_ENFORCING: true
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs
conditions:
@ -1482,6 +1512,11 @@ spec:
PLATFORM: linux/amd64,linux/arm64
IMAGE_REGISTRY: registry.dev.siderolabs.io
PUSH: true
- name: uki-certs
environment:
PLATFORM: linux/amd64
conditions:
- only-on-schedule
- name: talosctl-cni-bundle
conditions:
- only-on-schedule
@ -1502,6 +1537,7 @@ spec:
WITH_SIDEROLINK_AGENT: true
VIA_MAINTENANCE_MODE: true
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: true
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-siderolink-tunnel
@ -1513,6 +1549,7 @@ spec:
WITH_SIDEROLINK_AGENT: tunnel
VIA_MAINTENANCE_MODE: true
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: true
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-siderolink-tls
@ -1524,6 +1561,7 @@ spec:
WITH_SIDEROLINK_AGENT: wireguard+tls
VIA_MAINTENANCE_MODE: true
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: true
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: e2e-apparmor
@ -1542,6 +1580,7 @@ spec:
SHORT_INTEGRATION_TEST: yes
WITH_CONFIG_PATCH: "@hack/test/patches/usernamespace.yaml"
TAG_SUFFIX_IN: -enforcing
WITH_ENFORCING: true
EXTRA_TEST_ARGS: -talos.enforcing
IMAGE_REGISTRY: registry.dev.siderolabs.io
- name: save-talos-logs

7
hack/test/e2e-qemu.sh
View File

@ -255,6 +255,13 @@ case "${WITH_USER_DISK:-false}" in
;;
esac
case "${WITH_ENFORCING:-false}" in
false)
;;
*)
QEMU_FLAGS+=("--extra-boot-kernel-args=enforcing=1")
;;
esac
function create_cluster {
build_registry_mirrors