The QEMU VM launcher's /poweroff HTTP endpoint now accepts an optional grace-period query parameter (Go duration format, e.g. "5m"). When set, it sends an ACPI power button event via the QEMU monitor socket instead of immediately killing the process, allowing the guest OS to shut down cleanly. If the guest does not shut down within the grace period, the process is force-killed as a fallback.
Without the parameter, the behavior is unchanged (immediate kill).
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Add a test that covers all maintenance APIs in general.
Add a test for transition from SideroLink.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Via tools/pkgs, also pulling in Clang-built Linux
Update go.mod dependencies
Fix linter errors with new golangci-lint, modernize, use new()
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Re-generate, fix new linting issues.
Update containerd library to the latest 2.2.1 to address the new cgroups
package import (via tools update).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This change prevents user-specified exposed ports from overriding the
default ones.
This allows one e.g. to export the Kubernetes endpoint both at the
default random port and at a specified host address.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Update pkgs with Linux 6.18.6 and dm-integrity module added.
Drops some crc kmods, as they are now compiled in.
See https://github.com/siderolabs/pkgs/pull/1447
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add a test for this case
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Co-authored-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Set the MTU in QEMU launch args. MTU is already sent by DHCP to Talos
machines, so the rest should just work.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update COSI, and stop using a fork of `gopkg.in/yaml.v3`, now we use new
supported for of this library.
Drop `MarshalYAMLBytes` for the machine config, as we actually marshal
config as a string, and we don't need this at all.
Make `talosctl` stop doing hacks on machine config for newer Talos, keep
hacks for backwards compatibility.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The command `talosctl cluster create` injects some extra cmdline though SMBIOS OEM variable `io.systemd.stub.kernel-cmdline-extra` when systemd-boot is used (e.g., when UEFI is enabled).
Introduce a new flag to optionally disable this behavior. This allows getting more consistent behavior when testing with a mixed set of UKI and non-UKI machines.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Return an error when attempting to destroy a cluster that was created
with a different provisioner.
This fixes a bug where the qemu cluster state is removed without any actual
cleanup being done when running `talosctl cluster destroy` (provisioner defaults to docker).
* move the the `vm.State` logic into -> `provision.State` as it's now reused by the docker provisioner as well.
* move "cluster create" command -> "cluster create dev"
* hide the "cluster create" command from docs
* fix omni api url validation
* fix machineconfig.yaml being unnecessarily written to disk on the qemu command
Signed-off-by: Orzelius <33936483+Orzelius@users.noreply.github.com>
CoreDNS 1.13.0
Linux 6.17.4
Other go.mod dependencies, tools, Helm charts used in tests, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add new `--airgapped` flag to talos cluster create (qemu)
to disable NAT in the VMs to effectively become airgapped.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Use `e1000` emulation instead of `virtio-net`, as with new network
config if we create another `virtion-net` link, Talos is confused which
one should be aliased, and networking config is broken.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Use cmdline from the UKI in Talos 1.12+ by default for new installs.
This brings GRUB in line with systemd-boot vs. cmdline behavior.
Fixes#12019
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See 4b840414be for more information.
Talos versions prior to 1.12 locked to PCR 7 state and PCR 11 for signed policies.
In-order for backwards compatibility newer installs will still default to PCR 7 state. Locking to PCR 7 can be disabled by passing an empty list.
Fixes: #10677
Signed-off-by: Noel Georgi <git@frezbo.dev>
When one of the image cache volumes (ISO/disk) is missing,
the controller locks up on shutdown as one of the `VolumeStatus`es is
gone, while other one is locked up on the mount status which is being
held by the finalizer from the controller.
Drop the early exit from the controller to ensure it will keep
processing volumes even if one of them is missing, so that we reach the
code which removes the finalizer.
Fixes#11341Fixes#11540
Also, unrelated fix for the problem in `talosctl cluster create` with
ISO and bootloader disabled: on reboot QEMU still boots from disk, while
we want to boot from compiled initramfs.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Move stuff into `tools/go.mod`.
Also fix linting issues on the way (updating golangci-lint).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
SBOMs from /usr/local/share/spdx will now also be read, this is to be
used by system extensions. Add a sample for testing this feature.
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Old implementation didn't work if the interface to be created wasn't the biggest index.
For example if interfaces `bridge100` and `bridge102` already existed, vmnet would create a `bridge 101`,
but the old logic expected a `bridge103`.
Signed-off-by: Orzelius <albert.kostusev@siderolabs.com>
