WithParentCgroupDevices uses the default cgroup setup to inherit the container's parent cgroup's allowed and denied devices
Without this, we get 'operation not permitted' when attempting to read the block devices.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
We should still support username and password for backwards compatibility.
This also sets us up for for implementing auth for users using something like LDAP in the future.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This implements insecure over-file-socket gRPC API for init with two
first simplest APIs: reboot and shutdown (poweroff).
File socket is mounted only to `osd` service, so it is the only service
which can access init API. Osd forwards reboot/shutdown already
implemented APIs to init which actually executes these.
This enables graceful shutdown/reboot with service shutdown, sync, etc.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Most crucial changes in `init/main.go`: on shutdown now Talos tries
to stop gracefully all the services. All the shutdown paths are unified,
including poweroff, reboot and panic handling on startup.
While I was at it, I also fixed bug with containers failing to start
when old snapshot is still around.
Service lifecycle is wrapped with `ServiceRunner` object now which
handles state transitions and captures events related to state changes.
Every change goes to the log as well.
There's no way to capture service state yet, but that is planned to be
implemented as RPC API for `init` which is exposed via `osd` to `osctl`.
Future steps:
1. Implement service dependencies for correct startup order and
shutdown order.
2. Implement service health, so that we can say "start trustd when
containerd is up and healthy".
3. Implement gRPC API for init, expose via osd (service status, restart,
poweroff, ...)
4. Impement 'String()' for conditions, so that we can see what service
is waiting on right now.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
* feat(osctl): Automatic sizing of top window
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
* feat(osctl): Format top output in proper columns
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
* feat(osctl): Add sort by cpu/rss options
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
* feat(osctl): Add ability to run once (no gui)
Signed-off-by: Brad Beam <brad.beam@talos-systems.com>
This changes `runner.Runner` API to support more methods to allow for
containerd runner to create container object only once, and start/stop
tasks to implement restarts.
New API: `Open()` (initialize), `Run()` (run once until exits), `Stop()`
(stop running instance), `Close()` (free resource, no longer available
for new `Run()`).
So the sequence might be: `Open`, `Run`, `Stop`, `Run`, `Stop`, `Close`.
Process and containerd runners were updated for the new API, and
'restart' part was removed, now both runners only run the task once.
Restart piece was implemented in an abstract way for any wrapped
`runner.Runner` in the `runner/restart` package. Restart supports three
restart policies: `Once`, `UntilSuccess` and `Forever`.
Service API was changed slightly to return the `runner.Runner`
interface, and `system.Services` now handles running the service.
For all the services, code was adjusted to either return runner (run
once), or was wrapped with `restart` runner to provide restart policy.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
