mirrors/talos
1
0
Fork 0
mirror of https://github.com/siderolabs/talos.git synced 2025-10-29 07:21:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

chore: add ability to rewrite uuids and set unique tokens for Talos

Browse Source 
This PR does those things:
- It allows API calls `MetaWrite` and `MetaRead` in maintenance mode.
- SystemInformation resource now waits for available META
- SystemInformation resource now overwrites UUID from META if there is an override
- META now supports "UUID override" and "unique token" keys
- ProvisionRequest now includes unique token and Talos version

For #7694

Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This commit is contained in:
Dmitriy Matrenichev 2023-11-07 22:52:12 +03:00
parent e9c7ac17a9
commit 6eade3d5ef
No known key found for this signature in database
GPG Key ID: D3363CF894E68892
26 changed files with 1019 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
api/api.descriptors
View File

Binary file not shown.

10
api/resource/definitions/runtime/runtime.proto
View File

@ -64,6 +64,11 @@ message MetaKeySpec {
string value = 1;
}
// MetaLoadedSpec is the spec for meta loaded. The Done field is always true when resource exists.
message MetaLoadedSpec {
bool done = 1;
}
// MountStatusSpec describes status of the defined sysctls.
message MountStatusSpec {
string source = 1;
@ -93,6 +98,11 @@ message SecurityStateSpec {
string pcr_signing_key_fingerprint = 3;
}
// UniqueMachineTokenSpec is the spec for the machine unique token. Token can be empty if machine wasn't assigned any.
message UniqueMachineTokenSpec {
string token = 1;
}
// UnmetCondition is a failure which prevents machine from being ready at the stage.
message UnmetCondition {
string name = 1;

26
cmd/talosctl/cmd/talos/meta.go
View File

@ -13,6 +13,10 @@ import (
"github.com/siderolabs/talos/pkg/machinery/client"
)
var metaCmdFlags struct {
insecure bool
}
var metaCmd = &cobra.Command{
Use: "meta",
Short: "Write and delete keys in the META partition",
@ -26,14 +30,20 @@ var metaWriteCmd = &cobra.Command{
Long: ``,
Args: cobra.ExactArgs(2),
RunE: func(cmd *cobra.Command, args []string) error {
return WithClient(func(ctx context.Context, c *client.Client) error {
fn := func(ctx context.Context, c *client.Client) error {
key, err := strconv.ParseUint(args[0], 0, 8)
if err != nil {
return err
}
return c.MetaWrite(ctx, uint8(key), []byte(args[1]))
})
}
if metaCmdFlags.insecure {
return WithClientMaintenance(nil, fn)
}
return WithClient(fn)
},
}
@ -43,18 +53,26 @@ var metaDeleteCmd = &cobra.Command{
Long: ``,
Args: cobra.ExactArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
return WithClient(func(ctx context.Context, c *client.Client) error {
fn := func(ctx context.Context, c *client.Client) error {
key, err := strconv.ParseUint(args[0], 0, 8)
if err != nil {
return err
}
return c.MetaDelete(ctx, uint8(key))
})
}
if metaCmdFlags.insecure {
return WithClientMaintenance(nil, fn)
}
return WithClient(fn)
},
}
func init() {
metaCmd.PersistentFlags().BoolVarP(&metaCmdFlags.insecure, "insecure", "i", false, "write|delete meta using the insecure (encrypted with no auth) maintenance service")
metaCmd.AddCommand(metaWriteCmd)
metaCmd.AddCommand(metaDeleteCmd)
addCommand(metaCmd)

4
go.mod
View File

@ -117,7 +117,7 @@ require (
github.com/siderolabs/grpc-proxy v0.4.0
github.com/siderolabs/kms-client v0.1.0
github.com/siderolabs/net v0.4.0
github.com/siderolabs/siderolink v0.3.1
github.com/siderolabs/siderolink v0.3.2-0.20231109194336-71dd3084984d
github.com/siderolabs/talos/pkg/machinery v1.6.0-alpha.1
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
@ -305,7 +305,7 @@ require (
golang.org/x/oauth2 v0.12.0 // indirect
golang.org/x/tools v0.12.0 // indirect
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect
golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b // indirect
golang.zx2c4.com/wireguard v0.0.0-20231022001213-2e0774f246fb // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a // indirect

12
go.sum
View File

@ -669,8 +669,8 @@ github.com/siderolabs/net v0.4.0 h1:1bOgVay/ijPkJz4qct98nHsiB/ysLQU0KLoBC4qLm7I=
github.com/siderolabs/net v0.4.0/go.mod h1:/ibG+Hm9HU27agp5r9Q3eZicEfjquzNzQNux5uEk0kM=
github.com/siderolabs/protoenc v0.2.0 h1:QFxWIAo//12+/bm27GNYoK/TpQGTYsRrrZCu9jSghvU=
github.com/siderolabs/protoenc v0.2.0/go.mod h1:mu4gc6pJxhdJYpuloacKE4jsJojj87qDXwn8LUvs2bY=
github.com/siderolabs/siderolink v0.3.1 h1:n0pkf7dEhiqX0nfcwWiEqGKoD5CuBRTrWdPBvmvQ8vs=
github.com/siderolabs/siderolink v0.3.1/go.mod h1:LrkE9BoHzfi/m43EQx/Fk6kSal6Uvthu5AtRC3W5GcI=
github.com/siderolabs/siderolink v0.3.2-0.20231109194336-71dd3084984d h1:05OjO5Ue/UGH6Onq9KLJN1VKl3G3EdKvbtLU2yNtl/E=
github.com/siderolabs/siderolink v0.3.2-0.20231109194336-71dd3084984d/go.mod h1:3a+b/jpRwA+iyumrnyP2/VmkMUWr8AHZBo6LEHqx/rU=
github.com/siderolabs/tcpproxy v0.1.0 h1:IbkS9vRhjMOscc1US3M5P1RnsGKFgB6U5IzUk+4WkKA=
github.com/siderolabs/tcpproxy v0.1.0/go.mod h1:onn6CPPj/w1UNqQ0U97oRPF0CqbrgEApYCw4P9IiCW8=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@ -1014,8 +1014,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 h1:B82qJJgjvYKsXS9jeunTOisW56dUokqW/FOteYJJ/yg=
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2/go.mod h1:deeaetjYA+DHMHg+sMSMI58GrEteJUUzzw7en6TJQcI=
golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b h1:J1CaxgLerRR5lgx3wnr6L04cJFbWoceSK9JWBdglINo=
golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b/go.mod h1:tqur9LnfstdR9ep2LaJT4lFUl0EjlHtge+gAjmsHUG4=
golang.zx2c4.com/wireguard v0.0.0-20231022001213-2e0774f246fb h1:c5tyN8sSp8jSDxdCCDXVOpJwYXXhmTkNMt+g0zTSOic=
golang.zx2c4.com/wireguard v0.0.0-20231022001213-2e0774f246fb/go.mod h1:tkCQ4FQXmpAgYVh++1cq16/dH4QJtmvpRv19DWGAHSA=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 h1:CawjfCvYQH2OU3/TnxLx97WDSUDRABfT18pCOYwc2GE=
golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6/go.mod h1:3rxYc4HtVcSG9gVaTs2GEBdehh+sYPOwKtyUWEOTb80=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
@ -1140,8 +1140,8 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0 h1:Wobr37noukisGxpKo5jAsLREcpj61RxrWYzD8uwveOY=
gvisor.dev/gvisor v0.0.0-20221203005347-703fd9b7fbc0/go.mod h1:Dn5idtptoW1dIos9U6A2rpebLs/MtTwFacjKb8jLdQA=
gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259 h1:TbRPT0HtzFP3Cno1zZo7yPzEEnfu8EjLfl6IU9VfqkQ=
gvisor.dev/gvisor v0.0.0-20230927004350-cbd86285d259/go.mod h1:AVgIgHMwK63XvmAzWG9vLQ41YnVHN0du0tEC46fI7yY=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

24
internal/app/machined/pkg/adapters/hardware/system_information.go
View File

@ -24,18 +24,18 @@ type systemInformation struct {
}
// Update current systemInformation info.
func (p systemInformation) Update(systemInformation *smbios.SystemInformation) {
translateSystemInformationInfo := func(in *smbios.SystemInformation) hardware.SystemInformationSpec {
return hardware.SystemInformationSpec{
Manufacturer: in.Manufacturer,
ProductName: in.ProductName,
Version: in.Version,
SerialNumber: in.SerialNumber,
UUID: in.UUID,
WakeUpType: in.WakeUpType.String(),
SKUNumber: in.SKUNumber,
}
func (p systemInformation) Update(systemInformation *smbios.SystemInformation, uuidRewrite string) {
if uuidRewrite == "" {
uuidRewrite = systemInformation.UUID
}
*p.SystemInformation.TypedSpec() = translateSystemInformationInfo(systemInformation)
*p.SystemInformation.TypedSpec() = hardware.SystemInformationSpec{
Manufacturer: systemInformation.Manufacturer,
ProductName: systemInformation.ProductName,
Version: systemInformation.Version,
SerialNumber: systemInformation.SerialNumber,
UUID: uuidRewrite,
WakeUpType: systemInformation.WakeUpType.String(),
SKUNumber: systemInformation.SKUNumber,
}
}

23
internal/app/machined/pkg/controllers/hardware/hardware_test.go
View File

@ -46,21 +46,6 @@ func (suite *HardwareSuite) SetupTest() {
suite.Require().NoError(err)
}
func (suite *HardwareSuite) assertResource(md resource.Metadata, check func(res resource.Resource) error) func() error {
return func() error {
r, err := suite.state.Get(suite.ctx, md)
if err != nil {
if state.IsNotFoundError(err) {
return retry.ExpectedError(err)
}
return err
}
return check(r)
}
}
func (suite *HardwareSuite) assertNoResource(md resource.Metadata) func() error {
return func() error {
_, err := suite.state.Get(suite.ctx, md)
@ -83,3 +68,11 @@ func (suite *HardwareSuite) TearDownTest() {
suite.wg.Wait()
}
func (suite *HardwareSuite) State() state.State {
return suite.state
}
func (suite *HardwareSuite) Ctx() context.Context {
return suite.ctx
}

112
internal/app/machined/pkg/controllers/hardware/system.go
View File

@ -10,14 +10,18 @@ import (
"strings"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/gen/optional"
"github.com/siderolabs/go-smbios/smbios"
"go.uber.org/zap"
hwadapter "github.com/siderolabs/talos/internal/app/machined/pkg/adapters/hardware"
runtimetalos "github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
"github.com/siderolabs/talos/internal/pkg/meta"
pkgSMBIOS "github.com/siderolabs/talos/internal/pkg/smbios"
"github.com/siderolabs/talos/pkg/machinery/resources/hardware"
"github.com/siderolabs/talos/pkg/machinery/resources/runtime"
)
// SystemInfoController populates CPU information of the underlying hardware.
@ -33,7 +37,19 @@ func (ctrl *SystemInfoController) Name() string {
// Inputs implements controller.Controller interface.
func (ctrl *SystemInfoController) Inputs() []controller.Input {
return nil
return []controller.Input{
{
Namespace: runtime.NamespaceName,
Type: runtime.MetaKeyType,
Kind: controller.InputWeak,
},
{
Namespace: runtime.NamespaceName,
Type: runtime.MetaLoadedType,
ID: optional.Some(runtime.MetaLoadedID),
Kind: controller.InputWeak,
},
}
}
// Outputs implements controller.Controller interface.
@ -58,59 +74,83 @@ func (ctrl *SystemInfoController) Outputs() []controller.Output {
//
//nolint:gocyclo
func (ctrl *SystemInfoController) Run(ctx context.Context, r controller.Runtime, logger *zap.Logger) error {
select {
case <-ctx.Done():
return nil
case <-r.EventCh():
}
// smbios info is not available inside container, so skip the controller
if ctrl.V1Alpha1Mode == runtimetalos.ModeContainer {
return nil
}
// controller runs only once
if ctrl.SMBIOS == nil {
s, err := pkgSMBIOS.GetSMBIOSInfo()
for {
select {
case <-ctx.Done():
return nil
case <-r.EventCh():
}
_, err := safe.ReaderGetByID[*runtime.MetaLoaded](ctx, r, runtime.MetaLoadedID)
if err != nil {
return err
if state.IsNotFoundError(err) {
continue
}
return fmt.Errorf("error getting meta loaded resource: %w", err)
}
ctrl.SMBIOS = s
}
if ctrl.SMBIOS == nil {
var s *smbios.SMBIOS
if err := r.Modify(ctx, hardware.NewSystemInformation(hardware.SystemInformationID), func(res resource.Resource) error {
hwadapter.SystemInformation(res.(*hardware.SystemInformation)).Update(&ctrl.SMBIOS.SystemInformation)
s, err = pkgSMBIOS.GetSMBIOSInfo()
if err != nil {
return err
}
return nil
}); err != nil {
return fmt.Errorf("error updating objects: %w", err)
}
ctrl.SMBIOS = s
}
for _, p := range ctrl.SMBIOS.ProcessorInformation {
// replaces `CPU 0` with `CPU-0`
id := strings.ReplaceAll(p.SocketDesignation, " ", "-")
uuidRewriteRes, err := safe.ReaderGetByID[*runtime.MetaKey](ctx, r, runtime.MetaKeyTagToID(meta.UUIDOverride))
if err != nil && !state.IsNotFoundError(err) {
return fmt.Errorf("error getting meta key resource: %w", err)
}
if err := r.Modify(ctx, hardware.NewProcessorInfo(id), func(res resource.Resource) error {
hwadapter.Processor(res.(*hardware.Processor)).Update(&p)
var uuidRewrite string
if uuidRewriteRes != nil && uuidRewriteRes.TypedSpec().Value != "" {
uuidRewrite = uuidRewriteRes.TypedSpec().Value
logger.Info("using UUID rewrite", zap.String("uuid", uuidRewrite))
}
if err := safe.WriterModify(ctx, r, hardware.NewSystemInformation(hardware.SystemInformationID), func(res *hardware.SystemInformation) error {
hwadapter.SystemInformation(res).Update(&ctrl.SMBIOS.SystemInformation, uuidRewrite)
return nil
}); err != nil {
return fmt.Errorf("error updating objects: %w", err)
}
}
for _, m := range ctrl.SMBIOS.MemoryDevices {
// replaces `SIMM 0` with `SIMM-0`
id := strings.ReplaceAll(m.DeviceLocator, " ", "-")
for _, p := range ctrl.SMBIOS.ProcessorInformation {
// replaces `CPU 0` with `CPU-0`
id := strings.ReplaceAll(p.SocketDesignation, " ", "-")
if err := r.Modify(ctx, hardware.NewMemoryModuleInfo(id), func(res resource.Resource) error {
hwadapter.MemoryModule(res.(*hardware.MemoryModule)).Update(&m)
if err := safe.WriterModify(ctx, r, hardware.NewProcessorInfo(id), func(res *hardware.Processor) error {
hwadapter.Processor(res).Update(&p)
return nil
}); err != nil {
return fmt.Errorf("error updating objects: %w", err)
return nil
}); err != nil {
return fmt.Errorf("error updating objects: %w", err)
}
}
for _, m := range ctrl.SMBIOS.MemoryDevices {
// replaces `SIMM 0` with `SIMM-0`
id := strings.ReplaceAll(m.DeviceLocator, " ", "-")
if err := safe.WriterModify(ctx, r, hardware.NewMemoryModuleInfo(id), func(res *hardware.MemoryModule) error {
hwadapter.MemoryModule(res).Update(&m)
return nil
}); err != nil {
return fmt.Errorf("error updating objects: %w", err)
}
}
}
return nil
}

75
internal/app/machined/pkg/controllers/hardware/system_test.go
View File

@ -5,19 +5,21 @@
package hardware_test
import (
"fmt"
"os"
"testing"
"time"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/siderolabs/go-retry/retry"
"github.com/siderolabs/go-smbios/smbios"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/suite"
"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
hardwarectrl "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/hardware"
runtimetalos "github.com/siderolabs/talos/internal/app/machined/pkg/runtime"
"github.com/siderolabs/talos/internal/pkg/meta"
"github.com/siderolabs/talos/pkg/machinery/resources/hardware"
"github.com/siderolabs/talos/pkg/machinery/resources/runtime"
)
type SystemInfoSuite struct {
@ -28,8 +30,7 @@ func (suite *SystemInfoSuite) TestPopulateSystemInformation() {
stream, err := os.Open("testdata/SuperMicro-Dual-Xeon.dmi")
suite.Require().NoError(err)
//nolint: errcheck
defer stream.Close()
suite.T().Cleanup(func() { suite.NoError(stream.Close()) })
version := smbios.Version{Major: 3, Minor: 3, Revision: 0} // dummy version
s, err := smbios.Decode(stream, version)
@ -45,6 +46,8 @@ func (suite *SystemInfoSuite) TestPopulateSystemInformation() {
suite.startRuntime()
suite.Require().NoError(suite.state.Create(suite.ctx, runtime.NewMetaLoaded()))
cpuSpecs := map[string]hardware.ProcessorSpec{
"CPU-1": {
Socket: "CPU 1",
@ -95,36 +98,50 @@ func (suite *SystemInfoSuite) TestPopulateSystemInformation() {
}
for k, v := range cpuSpecs {
suite.Assert().NoError(
retry.Constant(1*time.Second, retry.WithUnits(100*time.Millisecond)).Retry(
suite.assertResource(*hardware.NewProcessorInfo(k).Metadata(), func(r resource.Resource) error {
status := *r.(*hardware.Processor).TypedSpec()
if !suite.Assert().Equal(v, status) {
return retry.ExpectedError(fmt.Errorf("cpu status doesn't match: %v != %v", v, status))
}
return nil
}),
),
)
ctest.AssertResource(suite, k, func(r *hardware.Processor, assertions *assert.Assertions) {
assertions.Equal(v, *r.TypedSpec())
})
}
for k, v := range memorySpecs {
suite.Assert().NoError(
retry.Constant(1*time.Second, retry.WithUnits(100*time.Millisecond)).Retry(
suite.assertResource(*hardware.NewMemoryModuleInfo(k).Metadata(), func(r resource.Resource) error {
status := *r.(*hardware.MemoryModule).TypedSpec()
if !suite.Assert().Equal(v, status) {
return retry.ExpectedError(fmt.Errorf("memory status doesn't match: %v != %v", v, status))
}
return nil
}),
),
)
ctest.AssertResource(suite, k, func(r *hardware.MemoryModule, assertions *assert.Assertions) {
assertions.Equal(v, *r.TypedSpec())
})
}
}
func (suite *SystemInfoSuite) TestUUIDOverwrite() {
stream, err := os.Open("testdata/SuperMicro-Dual-Xeon.dmi")
suite.Require().NoError(err)
suite.T().Cleanup(func() { suite.NoError(stream.Close()) })
version := smbios.Version{Major: 3, Minor: 3, Revision: 0} // dummy version
s, err := smbios.Decode(stream, version)
suite.Require().NoError(err)
suite.Require().NoError(
suite.runtime.RegisterController(
&hardwarectrl.SystemInfoController{
SMBIOS: s,
},
),
)
suite.startRuntime()
suite.Require().NoError(suite.state.Create(suite.ctx, runtime.NewMetaLoaded()))
key := runtime.NewMetaKey(runtime.NamespaceName, runtime.MetaKeyTagToID(meta.UUIDOverride))
key.TypedSpec().Value = "00000000-0000-0000-0000-000000000001"
suite.Require().NoError(suite.state.Create(suite.ctx, key))
ctest.AssertResource(suite, hardware.SystemInformationID, func(r *hardware.SystemInformation, assertions *assert.Assertions) {
assertions.Equal("00000000-0000-0000-0000-000000000001", r.TypedSpec().UUID)
})
}
func (suite *SystemInfoSuite) TestPopulateSystemInformationIsDisabledInContainerMode() {
suite.Require().NoError(
suite.runtime.RegisterController(
@ -136,6 +153,8 @@ func (suite *SystemInfoSuite) TestPopulateSystemInformationIsDisabledInContainer
suite.startRuntime()
suite.Require().NoError(suite.state.Create(suite.ctx, runtime.NewMetaLoaded()))
suite.Assert().NoError(retry.Constant(1*time.Second, retry.WithUnits(100*time.Millisecond)).Retry(suite.assertNoResource(*hardware.NewSystemInformation("systeminformation").Metadata())))
}

56
internal/app/machined/pkg/controllers/runtime/unique_token.go Normal file
View File

@ -0,0 +1,56 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package runtime
import (
"context"
"github.com/cosi-project/runtime/pkg/controller"
"github.com/cosi-project/runtime/pkg/controller/generic/transform"
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
"github.com/siderolabs/gen/optional"
"go.uber.org/zap"
"github.com/siderolabs/talos/internal/pkg/meta"
"github.com/siderolabs/talos/pkg/machinery/resources/runtime"
)
// UniqueMachineTokenController provides a unique token the machine.
type UniqueMachineTokenController = transform.Controller[*runtime.MetaLoaded, *runtime.UniqueMachineToken]
// NewUniqueMachineTokenController instanciates the controller.
func NewUniqueMachineTokenController() *UniqueMachineTokenController {
return transform.NewController(
transform.Settings[*runtime.MetaLoaded, *runtime.UniqueMachineToken]{
Name: "runtime.UniqueMachineTokenController",
MapMetadataFunc: func(in *runtime.MetaLoaded) *runtime.UniqueMachineToken {
return runtime.NewUniqueMachineToken()
},
TransformFunc: func(ctx context.Context, r controller.Reader, logger *zap.Logger, _ *runtime.MetaLoaded, out *runtime.UniqueMachineToken) error {
uniqueToken, err := safe.ReaderGetByID[*runtime.MetaKey](ctx, r, runtime.MetaKeyTagToID(meta.UniqueMachineToken))
if state.IsNotFoundError(err) {
out.TypedSpec().Token = ""
return nil
} else if err != nil {
return err
}
out.TypedSpec().Token = uniqueToken.TypedSpec().Value
return nil
},
},
transform.WithExtraInputs(
controller.Input{
Namespace: runtime.NamespaceName,
Type: runtime.MetaKeyType,
ID: optional.Some(runtime.MetaKeyTagToID(meta.UniqueMachineToken)),
Kind: controller.InputWeak,
},
),
)
}

29
internal/app/machined/pkg/controllers/siderolink/manager.go
View File

@ -36,7 +36,9 @@ import (
"github.com/siderolabs/talos/pkg/machinery/resources/config"
"github.com/siderolabs/talos/pkg/machinery/resources/hardware"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
"github.com/siderolabs/talos/pkg/machinery/resources/runtime"
"github.com/siderolabs/talos/pkg/machinery/resources/siderolink"
"github.com/siderolabs/talos/pkg/version"
)
// ManagerController interacts with SideroLink API and brings up the SideroLink Wireguard interface.
@ -90,6 +92,12 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
ID: optional.Some(hardware.SystemInformationID),
Kind: controller.InputWeak,
},
{
Namespace: runtime.NamespaceName,
Type: runtime.UniqueMachineTokenType,
ID: optional.Some(runtime.UniqueMachineTokenID),
Kind: controller.InputWeak,
},
},
); err != nil {
return fmt.Errorf("error waiting for network: %w", err)
@ -138,7 +146,7 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
case <-r.EventCh():
}
cfg, err := safe.ReaderGet[*siderolink.Config](ctx, r, siderolink.NewConfig(config.NamespaceName, siderolink.ConfigID).Metadata())
cfg, err := safe.ReaderGetByID[*siderolink.Config](ctx, r, siderolink.ConfigID)
if err != nil {
if state.IsNotFoundError(err) {
if cleanupErr := ctrl.cleanup(ctx, r, nil, nil, logger); cleanupErr != nil {
@ -152,7 +160,7 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
return fmt.Errorf("failed to get siderolink config: %w", err)
}
sysInfo, err := safe.ReaderGet[*hardware.SystemInformation](ctx, r, hardware.NewSystemInformation(hardware.SystemInformationID).Metadata())
sysInfo, err := safe.ReaderGetByID[*hardware.SystemInformation](ctx, r, hardware.SystemInformationID)
if err != nil {
if state.IsNotFoundError(err) {
// no system information
@ -198,10 +206,17 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
}
}()
uniqTokenRes, rdrErr := safe.ReaderGetByID[*runtime.UniqueMachineToken](ctx, r, runtime.UniqueMachineTokenID)
if rdrErr != nil {
return nil, fmt.Errorf("failed to get unique token: %w", rdrErr)
}
sideroLinkClient := pb.NewProvisionServiceClient(conn)
request := &pb.ProvisionRequest{
NodeUuid: nodeUUID,
NodePublicKey: ctrl.nodeKey.PublicKey().String(),
NodeUuid: nodeUUID,
NodePublicKey: ctrl.nodeKey.PublicKey().String(),
NodeUniqueToken: pointer.To(uniqTokenRes.TypedSpec().Token),
TalosVersion: pointer.To(version.Tag),
}
token := parsedEndpoint.GetParam("jointoken")
@ -231,7 +246,7 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
linkSpec := network.NewLinkSpec(network.ConfigNamespaceName, network.LayeredID(network.ConfigOperator, network.LinkID(constants.SideroLinkName)))
addressSpec := network.NewAddressSpec(network.ConfigNamespaceName, network.LayeredID(network.ConfigOperator, network.AddressID(constants.SideroLinkName, nodeAddress)))
if err = safe.WriterModify(ctx, r, linkSpec,
if err := safe.WriterModify(ctx, r, linkSpec,
func(res *network.LinkSpec) error {
spec := res.TypedSpec()
@ -265,7 +280,7 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
return fmt.Errorf("error creating siderolink spec: %w", err)
}
if err = safe.WriterModify(ctx, r, addressSpec,
if err := safe.WriterModify(ctx, r, addressSpec,
func(res *network.AddressSpec) error {
spec := res.TypedSpec()
@ -289,7 +304,7 @@ func (ctrl *ManagerController) Run(ctx context.Context, r controller.Runtime, lo
addressSpec.Metadata().ID(): {},
}
if err = ctrl.cleanup(ctx, r, keepLinkSpecSet, keepAddressSpecSet, logger); err != nil {
if err := ctrl.cleanup(ctx, r, keepLinkSpecSet, keepAddressSpecSet, logger); err != nil {
return err
}

6
internal/app/machined/pkg/controllers/siderolink/manager_test.go
View File

@ -27,6 +27,7 @@ import (
"github.com/siderolabs/talos/pkg/machinery/resources/config"
"github.com/siderolabs/talos/pkg/machinery/resources/hardware"
"github.com/siderolabs/talos/pkg/machinery/resources/network"
"github.com/siderolabs/talos/pkg/machinery/resources/runtime"
"github.com/siderolabs/talos/pkg/machinery/resources/siderolink"
)
@ -89,6 +90,11 @@ func (suite *ManagerSuite) TestReconcile() {
suite.Require().NoError(suite.State().Create(suite.Ctx(), systemInformation))
uniqToken := runtime.NewUniqueMachineToken()
uniqToken.TypedSpec().Token = "random-token"
suite.Require().NoError(suite.State().Create(suite.Ctx(), uniqToken))
nodeAddress := netip.MustParsePrefix(mockNodeAddressPrefix)
addressSpec := network.NewAddressSpec(network.ConfigNamespaceName, network.LayeredID(network.ConfigOperator, network.AddressID(constants.SideroLinkName, nodeAddress)))

22
internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go
View File

@ -25,6 +25,7 @@ import (
"github.com/containerd/cgroups/v3/cgroup1"
"github.com/containerd/cgroups/v3/cgroup2"
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/safe"
"github.com/cosi-project/runtime/pkg/state"
"github.com/dustin/go-humanize"
"github.com/hashicorp/go-multierror"
@ -2190,6 +2191,8 @@ func CleanupLegacyStaticPodFiles(runtime.Sequence, any) (runtime.TaskExecutionFu
}
// ReloadMeta reloads META partition after disk mount, installer run, etc.
//
//nolint:gocyclo
func ReloadMeta(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
return func(ctx context.Context, logger *log.Logger, r runtime.Runtime) error {
err := r.State().Machine().Meta().Reload(ctx)
@ -2222,6 +2225,25 @@ func ReloadMeta(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) {
}
}
if _, err := safe.ReaderGetByID[*resourceruntime.MetaLoaded](
ctx,
r.State().V1Alpha2().Resources(),
resourceruntime.MetaLoadedID,
); err != nil {
if !state.IsNotFoundError(err) {
return fmt.Errorf("error reading MetaLoaded resource: %w", err)
}
// create MetaLoaded resource signaling that META is now loaded
loaded := resourceruntime.NewMetaLoaded()
loaded.TypedSpec().Done = true
err = r.State().V1Alpha2().Resources().Create(ctx, loaded)
if err != nil {
return fmt.Errorf("error creating MetaLoaded resource: %w", err)
}
}
return nil
}, "reloadMeta"
}

1
internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_controller.go
View File

@ -281,6 +281,7 @@ func (ctrl *Controller) Run(ctx context.Context, drainer *runtime.Drainer) error
&runtimecontrollers.SecurityStateController{
V1Alpha1Mode: ctrl.v1alpha1Runtime.State().Platform().Mode(),
},
runtimecontrollers.NewUniqueMachineTokenController(),
&secrets.APICertSANsController{},
&secrets.APIController{},
&secrets.EtcdController{},

2
internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_state.go
View File

@ -180,9 +180,11 @@ func NewState() (*State, error) {
&runtime.MaintenanceServiceRequest{},
&runtime.MachineStatus{},
&runtime.MetaKey{},
&runtime.MetaLoaded{},
&runtime.MountStatus{},
&runtime.PlatformMetadata{},
&runtime.SecurityState{},
&runtime.UniqueMachineToken{},
&secrets.API{},
&secrets.CertSAN{},
&secrets.Etcd{},

74
internal/app/maintenance/server.go
View File

@ -6,7 +6,9 @@ package maintenance
import (
"context"
"errors"
"fmt"
"io/fs"
"log"
"strings"
@ -34,7 +36,7 @@ import (
"github.com/siderolabs/talos/pkg/version"
)
// Server implements machine.MachineService, network.NetworkService, and storage.StorageService.
// Server implements [machine.MachineServiceServer], network.NetworkService, and [storage.StorageServiceServer].
type Server struct {
machine.UnimplementedMachineServiceServer
@ -43,7 +45,7 @@ type Server struct {
server *grpc.Server
}
// New initializes and returns a `Server`.
// New initializes and returns a [Server].
func New(cfgCh chan<- config.Provider) *Server {
if runtimeController == nil {
panic("runtime controller is not set")
@ -68,7 +70,7 @@ func (s *Server) Register(obj *grpc.Server) {
cosiv1alpha1.RegisterStateServer(obj, server.NewState(resourceState))
}
// ApplyConfiguration implements machine.MachineService.
// ApplyConfiguration implements [machine.MachineServiceServer].
func (s *Server) ApplyConfiguration(ctx context.Context, in *machine.ApplyConfigurationRequest) (*machine.ApplyConfigurationResponse, error) {
//nolint:exhaustive
switch in.Mode {
@ -112,7 +114,7 @@ Node is running in maintenance mode and does not have a config yet.`
return reply, nil
}
// GenerateConfiguration implements the machine.MachineServer interface.
// GenerateConfiguration implements the [machine.MachineServiceServer] interface.
func (s *Server) GenerateConfiguration(ctx context.Context, in *machine.GenerateConfigurationRequest) (*machine.GenerateConfigurationResponse, error) {
if in.MachineConfig == nil {
return nil, fmt.Errorf("invalid generate request")
@ -127,7 +129,7 @@ func (s *Server) GenerateConfiguration(ctx context.Context, in *machine.Generate
return configuration.Generate(ctx, in)
}
// GenerateClientConfiguration implements the machine.MachineServer interface.
// GenerateClientConfiguration implements the [machine.MachineServiceServer] interface.
func (s *Server) GenerateClientConfiguration(ctx context.Context, in *machine.GenerateClientConfigurationRequest) (*machine.GenerateClientConfigurationResponse, error) {
return nil, status.Error(codes.Unimplemented, "client configuration (talosconfig) can't be generated in the maintenance mode")
}
@ -288,3 +290,65 @@ func (s *Server) Reset(ctx context.Context, in *machine.ResetRequest) (reply *ma
return reply, nil
}
// MetaWrite implements the [machine.MachineServiceServer] interface.
func (s *Server) MetaWrite(ctx context.Context, req *machine.MetaWriteRequest) (*machine.MetaWriteResponse, error) {
if err := assertPeerSideroLink(ctx); err != nil {
return nil, err
}
if uint32(uint8(req.Key)) != req.Key {
return nil, status.Errorf(codes.InvalidArgument, "key must be a uint8")
}
ok, err := s.controller.Runtime().State().Machine().Meta().SetTagBytes(ctx, uint8(req.Key), req.Value)
if err != nil {
return nil, err
}
if !ok {
// META overflowed
return nil, status.Errorf(codes.ResourceExhausted, "meta write failed")
}
err = s.controller.Runtime().State().Machine().Meta().Flush()
if err != nil && !errors.Is(err, fs.ErrNotExist) {
// ignore not exist error, as it's possible that the meta partition is not created yet
return nil, err
}
return &machine.MetaWriteResponse{
Messages: []*machine.MetaWrite{{}},
}, nil
}
// MetaDelete implements the [machine.MachineServiceServer] interface.
func (s *Server) MetaDelete(ctx context.Context, req *machine.MetaDeleteRequest) (*machine.MetaDeleteResponse, error) {
if err := assertPeerSideroLink(ctx); err != nil {
return nil, err
}
if uint32(uint8(req.Key)) != req.Key {
return nil, status.Errorf(codes.InvalidArgument, "key must be a uint8")
}
ok, err := s.controller.Runtime().State().Machine().Meta().DeleteTag(ctx, uint8(req.Key))
if err != nil {
return nil, err
}
if !ok {
// META key not found
return nil, status.Errorf(codes.NotFound, "meta key not found")
}
err = s.controller.Runtime().State().Machine().Meta().Flush()
if err != nil && !errors.Is(err, fs.ErrNotExist) {
// ignore not exist error, as it's possible that the meta partition is not created yet
return nil, err
}
return &machine.MetaDeleteResponse{
Messages: []*machine.MetaDelete{{}},
}, nil
}

4
internal/pkg/meta/constants.go
View File

@ -23,4 +23,8 @@ const (
UserReserved2
// UserReserved3 is reserved for user-defined metadata.
UserReserved3
// UUIDOverride stores the UUID that this machine will use instead of the one from the hardware.
UUIDOverride
// UniqueMachineToken store the unique token for this machine. It's useful because UUID may repeat or be filled with zeros.
UniqueMachineToken
)

285
pkg/machinery/api/resource/definitions/runtime/runtime.pb.go
View File

@ -560,6 +560,54 @@ func (x *MetaKeySpec) GetValue() string {
return ""
}
// MetaLoadedSpec is the spec for meta loaded. The Done field is always true when resource exists.
type MetaLoadedSpec struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Done bool `protobuf:"varint,1,opt,name=done,proto3" json:"done,omitempty"`
}
func (x *MetaLoadedSpec) Reset() {
*x = MetaLoadedSpec{}
if protoimpl.UnsafeEnabled {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[10]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *MetaLoadedSpec) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MetaLoadedSpec) ProtoMessage() {}
func (x *MetaLoadedSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[10]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MetaLoadedSpec.ProtoReflect.Descriptor instead.
func (*MetaLoadedSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{10}
}
func (x *MetaLoadedSpec) GetDone() bool {
if x != nil {
return x.Done
}
return false
}
// MountStatusSpec describes status of the defined sysctls.
type MountStatusSpec struct {
state protoimpl.MessageState
@ -577,7 +625,7 @@ type MountStatusSpec struct {
func (x *MountStatusSpec) Reset() {
*x = MountStatusSpec{}
if protoimpl.UnsafeEnabled {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[10]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[11]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -590,7 +638,7 @@ func (x *MountStatusSpec) String() string {
func (*MountStatusSpec) ProtoMessage() {}
func (x *MountStatusSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[10]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[11]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -603,7 +651,7 @@ func (x *MountStatusSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use MountStatusSpec.ProtoReflect.Descriptor instead.
func (*MountStatusSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{10}
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{11}
}
func (x *MountStatusSpec) GetSource() string {
@ -667,7 +715,7 @@ type PlatformMetadataSpec struct {
func (x *PlatformMetadataSpec) Reset() {
*x = PlatformMetadataSpec{}
if protoimpl.UnsafeEnabled {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[11]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[12]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -680,7 +728,7 @@ func (x *PlatformMetadataSpec) String() string {
func (*PlatformMetadataSpec) ProtoMessage() {}
func (x *PlatformMetadataSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[11]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[12]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -693,7 +741,7 @@ func (x *PlatformMetadataSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use PlatformMetadataSpec.ProtoReflect.Descriptor instead.
func (*PlatformMetadataSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{11}
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{12}
}
func (x *PlatformMetadataSpec) GetPlatform() string {
@ -766,7 +814,7 @@ type SecurityStateSpec struct {
func (x *SecurityStateSpec) Reset() {
*x = SecurityStateSpec{}
if protoimpl.UnsafeEnabled {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[12]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[13]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -779,7 +827,7 @@ func (x *SecurityStateSpec) String() string {
func (*SecurityStateSpec) ProtoMessage() {}
func (x *SecurityStateSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[12]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[13]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -792,7 +840,7 @@ func (x *SecurityStateSpec) ProtoReflect() protoreflect.Message {
// Deprecated: Use SecurityStateSpec.ProtoReflect.Descriptor instead.
func (*SecurityStateSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{12}
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{13}
}
func (x *SecurityStateSpec) GetSecureBoot() bool {
@ -816,6 +864,54 @@ func (x *SecurityStateSpec) GetPcrSigningKeyFingerprint() string {
return ""
}
// UniqueMachineTokenSpec is the spec for the machine unique token. Token can be empty if machine wasn't assigned any.
type UniqueMachineTokenSpec struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
}
func (x *UniqueMachineTokenSpec) Reset() {
*x = UniqueMachineTokenSpec{}
if protoimpl.UnsafeEnabled {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[14]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *UniqueMachineTokenSpec) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*UniqueMachineTokenSpec) ProtoMessage() {}
func (x *UniqueMachineTokenSpec) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[14]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use UniqueMachineTokenSpec.ProtoReflect.Descriptor instead.
func (*UniqueMachineTokenSpec) Descriptor() ([]byte, []int) {
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{14}
}
func (x *UniqueMachineTokenSpec) GetToken() string {
if x != nil {
return x.Token
}
return ""
}
// UnmetCondition is a failure which prevents machine from being ready at the stage.
type UnmetCondition struct {
state protoimpl.MessageState
@ -829,7 +925,7 @@ type UnmetCondition struct {
func (x *UnmetCondition) Reset() {
*x = UnmetCondition{}
if protoimpl.UnsafeEnabled {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[13]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[15]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
@ -842,7 +938,7 @@ func (x *UnmetCondition) String() string {
func (*UnmetCondition) ProtoMessage() {}
func (x *UnmetCondition) ProtoReflect() protoreflect.Message {
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[13]
mi := &file_resource_definitions_runtime_runtime_proto_msgTypes[15]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
@ -855,7 +951,7 @@ func (x *UnmetCondition) ProtoReflect() protoreflect.Message {
// Deprecated: Use UnmetCondition.ProtoReflect.Descriptor instead.
func (*UnmetCondition) Descriptor() ([]byte, []int) {
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{13}
return file_resource_definitions_runtime_runtime_proto_rawDescGZIP(), []int{15}
}
func (x *UnmetCondition) GetName() string {
@ -941,57 +1037,62 @@ var file_resource_definitions_runtime_runtime_proto_rawDesc = []byte{
0x74, 0x49, 0x50, 0x52, 0x12, 0x72, 0x65, 0x61, 0x63, 0x68, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x64,
0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x22, 0x23, 0x0a, 0x0b, 0x4d, 0x65, 0x74, 0x61, 0x4b,
0x65, 0x79, 0x53, 0x70, 0x65, 0x63, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18,
0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0xd5, 0x01, 0x0a,
0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x70, 0x65, 0x63,
0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x61, 0x72, 0x67,
0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74,
0x12, 0x27, 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x74,
0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73,
0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x70, 0x74,
0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x70, 0x74, 0x69,
0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64,
0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65,
0x64, 0x12, 0x31, 0x0a, 0x14, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f,
0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52,
0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69,
0x64, 0x65, 0x72, 0x73, 0x22, 0xf5, 0x01, 0x0a, 0x14, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72,
0x6d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1a, 0x0a,
0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73,
0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73,
0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x18,
0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a,
0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e,
0x65, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x74, 0x79,
0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e,
0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e,
0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x6e, 0x73,
0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x6f, 0x76, 0x69,
0x64, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72,
0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x70, 0x6f, 0x74,
0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x73, 0x70, 0x6f, 0x74, 0x22, 0xb2, 0x01, 0x0a,
0x11, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x53, 0x70,
0x65, 0x63, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f,
0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42,
0x6f, 0x6f, 0x74, 0x12, 0x3d, 0x0a, 0x1b, 0x75, 0x6b, 0x69, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69,
0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69,
0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x18, 0x75, 0x6b, 0x69, 0x53, 0x69, 0x67,
0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69,
0x6e, 0x74, 0x12, 0x3d, 0x0a, 0x1b, 0x70, 0x63, 0x72, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e,
0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e,
0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x18, 0x70, 0x63, 0x72, 0x53, 0x69, 0x67, 0x6e,
0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e,
0x74, 0x22, 0x3c, 0x0a, 0x0e, 0x55, 0x6e, 0x6d, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74,
0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f,
0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x42,
0x4c, 0x5a, 0x4a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69,
0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70,
0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69,
0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69,
0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x72, 0x75, 0x6e, 0x74, 0x69, 0x6d, 0x65, 0x62, 0x06, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x33,
0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x24, 0x0a, 0x0e,
0x4d, 0x65, 0x74, 0x61, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12,
0x0a, 0x04, 0x64, 0x6f, 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x64, 0x6f,
0x6e, 0x65, 0x22, 0xd5, 0x01, 0x0a, 0x0f, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x74,
0x75, 0x73, 0x53, 0x70, 0x65, 0x63, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x16,
0x0a, 0x06, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79,
0x73, 0x74, 0x65, 0x6d, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
0x0e, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x54, 0x79, 0x70, 0x65, 0x12,
0x18, 0x0a, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09,
0x52, 0x07, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x65, 0x6e, 0x63,
0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x65, 0x6e,
0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x12, 0x31, 0x0a, 0x14, 0x65, 0x6e, 0x63, 0x72, 0x79,
0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18,
0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f,
0x6e, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0xf5, 0x01, 0x0a, 0x14, 0x50,
0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x53,
0x70, 0x65, 0x63, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18,
0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12,
0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72,
0x65, 0x67, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x67,
0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28,
0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61,
0x6e, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c,
0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1f, 0x0a, 0x0b,
0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28,
0x09, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x12, 0x1f, 0x0a,
0x0b, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01,
0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x49, 0x64, 0x12, 0x12,
0x0a, 0x04, 0x73, 0x70, 0x6f, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x73, 0x70,
0x6f, 0x74, 0x22, 0xb2, 0x01, 0x0a, 0x11, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53,
0x74, 0x61, 0x74, 0x65, 0x53, 0x70, 0x65, 0x63, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75,
0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x73,
0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x3d, 0x0a, 0x1b, 0x75, 0x6b, 0x69,
0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6e,
0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x18,
0x75, 0x6b, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x46, 0x69, 0x6e,
0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x12, 0x3d, 0x0a, 0x1b, 0x70, 0x63, 0x72, 0x5f,
0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6e, 0x67,
0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x18, 0x70,
0x63, 0x72, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x46, 0x69, 0x6e, 0x67,
0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x22, 0x2e, 0x0a, 0x16, 0x55, 0x6e, 0x69, 0x71, 0x75,
0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x53, 0x70, 0x65,
0x63, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x3c, 0x0a, 0x0e, 0x55, 0x6e, 0x6d, 0x65, 0x74,
0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a,
0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72,
0x65, 0x61, 0x73, 0x6f, 0x6e, 0x42, 0x4c, 0x5a, 0x4a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74,
0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65,
0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f,
0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x72, 0x75, 0x6e, 0x74,
0x69, 0x6d, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@ -1006,7 +1107,7 @@ func file_resource_definitions_runtime_runtime_proto_rawDescGZIP() []byte {
return file_resource_definitions_runtime_runtime_proto_rawDescData
}
var file_resource_definitions_runtime_runtime_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
var file_resource_definitions_runtime_runtime_proto_msgTypes = make([]protoimpl.MessageInfo, 16)
var file_resource_definitions_runtime_runtime_proto_goTypes = []interface{}{
(*DevicesStatusSpec)(nil), // 0: talos.resource.definitions.runtime.DevicesStatusSpec
(*EventSinkConfigSpec)(nil), // 1: talos.resource.definitions.runtime.EventSinkConfigSpec
@ -1018,20 +1119,22 @@ var file_resource_definitions_runtime_runtime_proto_goTypes = []interface{}{
(*MachineStatusStatus)(nil), // 7: talos.resource.definitions.runtime.MachineStatusStatus
(*MaintenanceServiceConfigSpec)(nil), // 8: talos.resource.definitions.runtime.MaintenanceServiceConfigSpec
(*MetaKeySpec)(nil), // 9: talos.resource.definitions.runtime.MetaKeySpec
(*MountStatusSpec)(nil), // 10: talos.resource.definitions.runtime.MountStatusSpec
(*PlatformMetadataSpec)(nil), // 11: talos.resource.definitions.runtime.PlatformMetadataSpec
(*SecurityStateSpec)(nil), // 12: talos.resource.definitions.runtime.SecurityStateSpec
(*UnmetCondition)(nil), // 13: talos.resource.definitions.runtime.UnmetCondition
(*common.URL)(nil), // 14: common.URL
(enums.RuntimeMachineStage)(0), // 15: talos.resource.definitions.enums.RuntimeMachineStage
(*common.NetIP)(nil), // 16: common.NetIP
(*MetaLoadedSpec)(nil), // 10: talos.resource.definitions.runtime.MetaLoadedSpec
(*MountStatusSpec)(nil), // 11: talos.resource.definitions.runtime.MountStatusSpec
(*PlatformMetadataSpec)(nil), // 12: talos.resource.definitions.runtime.PlatformMetadataSpec
(*SecurityStateSpec)(nil), // 13: talos.resource.definitions.runtime.SecurityStateSpec
(*UniqueMachineTokenSpec)(nil), // 14: talos.resource.definitions.runtime.UniqueMachineTokenSpec
(*UnmetCondition)(nil), // 15: talos.resource.definitions.runtime.UnmetCondition
(*common.URL)(nil), // 16: common.URL
(enums.RuntimeMachineStage)(0), // 17: talos.resource.definitions.enums.RuntimeMachineStage
(*common.NetIP)(nil), // 18: common.NetIP
}
var file_resource_definitions_runtime_runtime_proto_depIdxs = []int32{
14, // 0: talos.resource.definitions.runtime.KmsgLogConfigSpec.destinations:type_name -> common.URL
15, // 1: talos.resource.definitions.runtime.MachineStatusSpec.stage:type_name -> talos.resource.definitions.enums.RuntimeMachineStage
16, // 0: talos.resource.definitions.runtime.KmsgLogConfigSpec.destinations:type_name -> common.URL
17, // 1: talos.resource.definitions.runtime.MachineStatusSpec.stage:type_name -> talos.resource.definitions.enums.RuntimeMachineStage
7, // 2: talos.resource.definitions.runtime.MachineStatusSpec.status:type_name -> talos.resource.definitions.runtime.MachineStatusStatus
13, // 3: talos.resource.definitions.runtime.MachineStatusStatus.unmet_conditions:type_name -> talos.resource.definitions.runtime.UnmetCondition
16, // 4: talos.resource.definitions.runtime.MaintenanceServiceConfigSpec.reachable_addresses:type_name -> common.NetIP
15, // 3: talos.resource.definitions.runtime.MachineStatusStatus.unmet_conditions:type_name -> talos.resource.definitions.runtime.UnmetCondition
18, // 4: talos.resource.definitions.runtime.MaintenanceServiceConfigSpec.reachable_addresses:type_name -> common.NetIP
5, // [5:5] is the sub-list for method output_type
5, // [5:5] is the sub-list for method input_type
5, // [5:5] is the sub-list for extension type_name
@ -1166,7 +1269,7 @@ func file_resource_definitions_runtime_runtime_proto_init() {
}
}
file_resource_definitions_runtime_runtime_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*MountStatusSpec); i {
switch v := v.(*MetaLoadedSpec); i {
case 0:
return &v.state
case 1:
@ -1178,7 +1281,7 @@ func file_resource_definitions_runtime_runtime_proto_init() {
}
}
file_resource_definitions_runtime_runtime_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*PlatformMetadataSpec); i {
switch v := v.(*MountStatusSpec); i {
case 0:
return &v.state
case 1:
@ -1190,7 +1293,7 @@ func file_resource_definitions_runtime_runtime_proto_init() {
}
}
file_resource_definitions_runtime_runtime_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecurityStateSpec); i {
switch v := v.(*PlatformMetadataSpec); i {
case 0:
return &v.state
case 1:
@ -1202,6 +1305,30 @@ func file_resource_definitions_runtime_runtime_proto_init() {
}
}
file_resource_definitions_runtime_runtime_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecurityStateSpec); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_resource_definitions_runtime_runtime_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UniqueMachineTokenSpec); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_resource_definitions_runtime_runtime_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*UnmetCondition); i {
case 0:
return &v.state
@ -1220,7 +1347,7 @@ func file_resource_definitions_runtime_runtime_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_resource_definitions_runtime_runtime_proto_rawDesc,
NumEnums: 0,
NumMessages: 14,
NumMessages: 16,
NumExtensions: 0,
NumServices: 0,
},

264
pkg/machinery/api/resource/definitions/runtime/runtime_vtproto.pb.go
View File

@ -526,6 +526,49 @@ func (m *MetaKeySpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
return len(dAtA) - i, nil
}
func (m *MetaLoadedSpec) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
}
size := m.SizeVT()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBufferVT(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MetaLoadedSpec) MarshalToVT(dAtA []byte) (int, error) {
size := m.SizeVT()
return m.MarshalToSizedBufferVT(dAtA[:size])
}
func (m *MetaLoadedSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
if m == nil {
return 0, nil
}
i := len(dAtA)
_ = i
var l int
_ = l
if m.unknownFields != nil {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
if m.Done {
i--
if m.Done {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *MountStatusSpec) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
@ -757,6 +800,46 @@ func (m *SecurityStateSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
return len(dAtA) - i, nil
}
func (m *UniqueMachineTokenSpec) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
}
size := m.SizeVT()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBufferVT(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UniqueMachineTokenSpec) MarshalToVT(dAtA []byte) (int, error) {
size := m.SizeVT()
return m.MarshalToSizedBufferVT(dAtA[:size])
}
func (m *UniqueMachineTokenSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) {
if m == nil {
return 0, nil
}
i := len(dAtA)
_ = i
var l int
_ = l
if m.unknownFields != nil {
i -= len(m.unknownFields)
copy(dAtA[i:], m.unknownFields)
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarint(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UnmetCondition) MarshalVT() (dAtA []byte, err error) {
if m == nil {
return nil, nil
@ -998,6 +1081,19 @@ func (m *MetaKeySpec) SizeVT() (n int) {
return n
}
func (m *MetaLoadedSpec) SizeVT() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Done {
n += 2
}
n += len(m.unknownFields)
return n
}
func (m *MountStatusSpec) SizeVT() (n int) {
if m == nil {
return 0
@ -1097,6 +1193,20 @@ func (m *SecurityStateSpec) SizeVT() (n int) {
return n
}
func (m *UniqueMachineTokenSpec) SizeVT() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Token)
if l > 0 {
n += 1 + l + sov(uint64(l))
}
n += len(m.unknownFields)
return n
}
func (m *UnmetCondition) SizeVT() (n int) {
if m == nil {
return 0
@ -2140,6 +2250,77 @@ func (m *MetaKeySpec) UnmarshalVT(dAtA []byte) error {
}
return nil
}
func (m *MetaLoadedSpec) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: MetaLoadedSpec: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: MetaLoadedSpec: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Done", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.Done = bool(v != 0)
default:
iNdEx = preIndex
skippy, err := skip(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLength
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *MountStatusSpec) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@ -2801,6 +2982,89 @@ func (m *SecurityStateSpec) UnmarshalVT(dAtA []byte) error {
}
return nil
}
func (m *UniqueMachineTokenSpec) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: UniqueMachineTokenSpec: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: UniqueMachineTokenSpec: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflow
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLength
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLength
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Token = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skip(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLength
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *UnmetCondition) UnmarshalVT(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0

14
pkg/machinery/resources/runtime/deep_copy.generated.go
View File

@ -2,7 +2,7 @@
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Code generated by "deep-copy -type DevicesStatusSpec -type EventSinkConfigSpec -type KernelModuleSpecSpec -type KernelParamSpecSpec -type KernelParamStatusSpec -type KmsgLogConfigSpec -type MaintenanceServiceConfigSpec -type MaintenanceServiceRequestSpec -type MachineStatusSpec -type MetaKeySpec -type MountStatusSpec -type PlatformMetadataSpec -type SecurityStateSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go ."; DO NOT EDIT.
// Code generated by "deep-copy -type DevicesStatusSpec -type EventSinkConfigSpec -type KernelModuleSpecSpec -type KernelParamSpecSpec -type KernelParamStatusSpec -type KmsgLogConfigSpec -type MaintenanceServiceConfigSpec -type MaintenanceServiceRequestSpec -type MachineStatusSpec -type MetaKeySpec -type MountStatusSpec -type PlatformMetadataSpec -type SecurityStateSpec -type MetaLoadedSpec -type UniqueMachineTokenSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go ."; DO NOT EDIT.
package runtime
@ -122,3 +122,15 @@ func (o SecurityStateSpec) DeepCopy() SecurityStateSpec {
var cp SecurityStateSpec = o
return cp
}
// DeepCopy generates a deep copy of MetaLoadedSpec.
func (o MetaLoadedSpec) DeepCopy() MetaLoadedSpec {
var cp MetaLoadedSpec = o
return cp
}
// DeepCopy generates a deep copy of UniqueMachineTokenSpec.
func (o UniqueMachineTokenSpec) DeepCopy() UniqueMachineTokenSpec {
var cp UniqueMachineTokenSpec = o
return cp
}

65
pkg/machinery/resources/runtime/meta_loaded.go Normal file
View File

@ -0,0 +1,65 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package runtime
import (
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/resource/meta"
"github.com/cosi-project/runtime/pkg/resource/protobuf"
"github.com/cosi-project/runtime/pkg/resource/typed"
"github.com/siderolabs/talos/pkg/machinery/proto"
)
// MetaLoadedType is type of [MetaLoaded] resource.
const MetaLoadedType = resource.Type("MetaLoads.runtime.talos.dev")
// MetaLoaded resource appears when all meta keys are loaded.
type MetaLoaded = typed.Resource[MetaLoadedSpec, MetaLoadedExtension]
// MetaLoadedID is the ID of [MetaLoaded] resource.
const MetaLoadedID = resource.ID("meta-loaded")
// MetaLoadedSpec is the spec for meta loaded. The Done field is always true when resource exists.
//
//gotagsrewrite:gen
type MetaLoadedSpec struct {
Done bool `yaml:"done" protobuf:"1"`
}
// NewMetaLoaded initializes a [MetaLoaded] resource.
func NewMetaLoaded() *MetaLoaded {
return typed.NewResource[MetaLoadedSpec, MetaLoadedExtension](
resource.NewMetadata(NamespaceName, MetaLoadedType, MetaLoadedID, resource.VersionUndefined),
MetaLoadedSpec{},
)
}
// MetaLoadedExtension is auxiliary resource data for [MetaLoaded].
type MetaLoadedExtension struct{}
// ResourceDefinition implements [meta.ResourceDefinitionProvider] interface.
func (MetaLoadedExtension) ResourceDefinition() meta.ResourceDefinitionSpec {
return meta.ResourceDefinitionSpec{
Type: MetaLoadedType,
Aliases: []resource.Type{},
DefaultNamespace: NamespaceName,
PrintColumns: []meta.PrintColumn{
{
Name: "Done",
JSONPath: `{.done}`,
},
},
}
}
func init() {
proto.RegisterDefaultTypes()
err := protobuf.RegisterDynamic[MetaLoadedSpec](MetaLoadedType, &MetaLoaded{})
if err != nil {
panic(err)
}
}

2
pkg/machinery/resources/runtime/runtime.go
View File

@ -4,4 +4,4 @@
package runtime
//go:generate deep-copy -type DevicesStatusSpec -type EventSinkConfigSpec -type KernelModuleSpecSpec -type KernelParamSpecSpec -type KernelParamStatusSpec -type KmsgLogConfigSpec -type MaintenanceServiceConfigSpec -type MaintenanceServiceRequestSpec -type MachineStatusSpec -type MetaKeySpec -type MountStatusSpec -type PlatformMetadataSpec -type SecurityStateSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go .
//go:generate deep-copy -type DevicesStatusSpec -type EventSinkConfigSpec -type KernelModuleSpecSpec -type KernelParamSpecSpec -type KernelParamStatusSpec -type KmsgLogConfigSpec -type MaintenanceServiceConfigSpec -type MaintenanceServiceRequestSpec -type MachineStatusSpec -type MetaKeySpec -type MountStatusSpec -type PlatformMetadataSpec -type SecurityStateSpec -type MetaLoadedSpec -type UniqueMachineTokenSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go .

2
pkg/machinery/resources/runtime/runtime_test.go
View File

@ -36,9 +36,11 @@ func TestRegisterResource(t *testing.T) {
&runtime.MaintenanceServiceConfig{},
&runtime.MaintenanceServiceRequest{},
&runtime.MetaKey{},
&runtime.MetaLoaded{},
&runtime.MountStatus{},
&runtime.PlatformMetadata{},
&runtime.SecurityState{},
&runtime.UniqueMachineToken{},
} {
assert.NoError(t, resourceRegistry.Register(ctx, resource))
}

67
pkg/machinery/resources/runtime/unique_machine_token.go Normal file
View File

@ -0,0 +1,67 @@
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
package runtime
import (
"github.com/cosi-project/runtime/pkg/resource"
"github.com/cosi-project/runtime/pkg/resource/meta"
"github.com/cosi-project/runtime/pkg/resource/protobuf"
"github.com/cosi-project/runtime/pkg/resource/typed"
"github.com/siderolabs/talos/pkg/machinery/proto"
)
const (
// UniqueMachineTokenType is type of [UniqueMachineToken] resource.
UniqueMachineTokenType = resource.Type("UniqueMachineTokens.runtime.talos.dev")
// UniqueMachineTokenID is the ID of [UniqueMachineToken] resource.
UniqueMachineTokenID = resource.ID("unique-machine-token")
)
// UniqueMachineToken resource appears when all meta keys are loaded.
type UniqueMachineToken = typed.Resource[UniqueMachineTokenSpec, UniqueMachineTokenExtension]
// UniqueMachineTokenSpec is the spec for the machine unique token. Token can be empty if machine wasn't assigned any.
//
//gotagsrewrite:gen
type UniqueMachineTokenSpec struct {
Token string `yaml:"token" protobuf:"1"`
}
// NewUniqueMachineToken initializes a [UniqueMachineToken] resource.
func NewUniqueMachineToken() *UniqueMachineToken {
return typed.NewResource[UniqueMachineTokenSpec, UniqueMachineTokenExtension](
resource.NewMetadata(NamespaceName, UniqueMachineTokenType, UniqueMachineTokenID, resource.VersionUndefined),
UniqueMachineTokenSpec{},
)
}
// UniqueMachineTokenExtension is auxiliary resource data for [UniqueMachineToken].
type UniqueMachineTokenExtension struct{}
// ResourceDefinition implements [meta.ResourceDefinitionProvider] interface.
func (UniqueMachineTokenExtension) ResourceDefinition() meta.ResourceDefinitionSpec {
return meta.ResourceDefinitionSpec{
Type: UniqueMachineTokenType,
Aliases: []resource.Type{},
DefaultNamespace: NamespaceName,
PrintColumns: []meta.PrintColumn{
{
Name: "Token",
JSONPath: `{.token}`,
},
},
}
}
func init() {
proto.RegisterDefaultTypes()
err := protobuf.RegisterDynamic[UniqueMachineTokenSpec](UniqueMachineTokenType, &UniqueMachineToken{})
if err != nil {
panic(err)
}
}

32
website/content/v1.6/reference/api.md
View File

@ -199,9 +199,11 @@ description: Talos gRPC API reference.
- [MachineStatusStatus](#talos.resource.definitions.runtime.MachineStatusStatus)
- [MaintenanceServiceConfigSpec](#talos.resource.definitions.runtime.MaintenanceServiceConfigSpec)
- [MetaKeySpec](#talos.resource.definitions.runtime.MetaKeySpec)
- [MetaLoadedSpec](#talos.resource.definitions.runtime.MetaLoadedSpec)
- [MountStatusSpec](#talos.resource.definitions.runtime.MountStatusSpec)
- [PlatformMetadataSpec](#talos.resource.definitions.runtime.PlatformMetadataSpec)
- [SecurityStateSpec](#talos.resource.definitions.runtime.SecurityStateSpec)
- [UniqueMachineTokenSpec](#talos.resource.definitions.runtime.UniqueMachineTokenSpec)
- [UnmetCondition](#talos.resource.definitions.runtime.UnmetCondition)
- [resource/definitions/secrets/secrets.proto](#resource/definitions/secrets/secrets.proto)
@ -3624,6 +3626,21 @@ MetaKeySpec describes status of the defined sysctls.
<a name="talos.resource.definitions.runtime.MetaLoadedSpec"></a>
### MetaLoadedSpec
MetaLoadedSpec is the spec for meta loaded. The Done field is always true when resource exists.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| done | [bool](#bool) | | |
<a name="talos.resource.definitions.runtime.MountStatusSpec"></a>
### MountStatusSpec
@ -3683,6 +3700,21 @@ SecurityStateSpec describes the security state resource properties.
<a name="talos.resource.definitions.runtime.UniqueMachineTokenSpec"></a>
### UniqueMachineTokenSpec
UniqueMachineTokenSpec is the spec for the machine unique token. Token can be empty if machine wasn't assigned any.
| Field | Type | Label | Description |
| ----- | ---- | ----- | ----------- |
| token | [string](#string) | | |
<a name="talos.resource.definitions.runtime.UnmetCondition"></a>
### UnmetCondition

5
website/content/v1.6/reference/cli.md
View File

@ -2234,6 +2234,7 @@ talosctl meta delete key [flags]
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-i, --insecure write|delete meta using the insecure (encrypted with no auth) maintenance service
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
```
@ -2262,6 +2263,7 @@ talosctl meta write key value [flags]
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-i, --insecure write|delete meta using the insecure (encrypted with no auth) maintenance service
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
```
@ -2277,7 +2279,8 @@ Write and delete keys in the META partition
### Options
```
-h, --help help for meta
-h, --help help for meta
-i, --insecure write|delete meta using the insecure (encrypted with no auth) maintenance service
```
### Options inherited from parent commands