This adds a VIP (virtual IP) option to the network configuration of an
interface, which will allow a set of nodes to share a floating IP
address among them. For now, this is restricted to control plane use
and only a single shared IP is supported.
Fixes#3111
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This changes introduces top-level cancellable on signal context to
networkd to abort operations when networkd is being stopped.
This allows for clean restarts of networkd container, and it is required
to support canceallable context for VIP etcd operations.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR fixes a bug where we removed adding attributes during the
RouteAdd call for rtnetlink. The way that code is implemented means that
if *any* attributes are passed, the defaults are ignored. But we were
expecting defaults to be there. No longer!
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This renames existing 'DHCP' implementation to `DHCP4`, new client is
`DHCP6`.
For now, `DHCP6` is disabled by default and should be explicitly enabled
with the config.
QEMU testbed for IPv6 is going to be pushed as separate PR.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
The problem was that our DHCP client was always doing
Discover-Offer-Request-Ack sequence as if it doesn't have any IP lease
which was breaking some DHCP servers leading to an error which in turn
makes Talos retry harder hitting the same error over and over again.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
As of now, we're not using Go profiling, so it's safe to disable it to
save some memory and CPU costs. Once we start using it, we can re-enable
it conditionally.
Each process allocates around 1.4MiB on amd64 for memory profiling
buckets.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This the first iteration of Wireguard network support.
What was done:
- kernel was updated to enable Wireguard kernel module.
- changed networkd to support creating Wireguard device type.
- used wgctrl to configure wireguard.
- updated `talosctl cluster create` to support generating Wireguard
network configuration automatically by just specifying the network cidr.
- added docs about Wireguard support/how to use it.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Looks like the code before change in #1578 returned the first hostname
found while interating over interfaces and addressing methods, but #1578
supposedly inadvertently flipped that to iterate over all interfaces (so
last interface wins).
Problem is that both `DHCP` and `Static` addressing methods provide
hostnames, while DHCP hostname comes from DHCP server, while `Static`
defines hostname as `talos-10-5-0-2` (by IP).
If we were to fix it for real, we should build a list of hostname with
priorities coming from different sources and pick a hostname with the
highest priority, so this fix is more of a bandaid rather than a real
fix.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This probably fixes bonding in general if 2nd link in the bond is down.
For packet, set additional options for the bonded interface. In
networkd, add interfaces filtered out by link status as ignored to make
them available as bond subinterfaces.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
There were two problems:
* `configureInterfaces` was always failing if interface is already set
up, as the routes already exist
* `renew` was halving the renew interval each time `configureInterface`
fails, which starts at (LeaseTime/2) and goes effectively to zero
This was leading to high networkd CPU usage, storm of DHCP requests on
the network.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This allows config to be written to disk without being applied
immediately.
Small refactoring to extract common code paths.
At first, I tried to implement this via the sequencer, but looks like
it's too hard to get it right, as sequencer lacks context and config to
be written is not applied to the runtime.
Fixes#2828
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
While IPv6 were mostly supported already, there was a single segment in
the interface setup which forced everything into an IPv4 route.
This limitation has been removed.
In so doing, route metrics have been cleaned up a small amount.
This change allows the specification of the route metric from the
config.
Fixes#2772
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Fixes were applied automatically.
Import ordering might be questionable, but it's strict:
* stdlib
* other packages
* same package imports
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR makes use of a new merge into the upstream rtnetlink library
that introduces functional args for adding routes.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This covers most of the packages except for those we have to keep on
hold (etcd and grpc because of etcd).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR updates the behavior of our machine configs with respect to
DHCP-enabled interfaces. Now, if MTU is specified by the user, that
value will take precedence over any setting provided by the DHCP server.
Additionally, any routes specified will be appended to routes specified
by the DHCP server.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR adds a "DHCPOptions" field to the config. This field contains a
single subfield currently, "RouteMetric". Setting this well ensure that
any routes provided from the DHCP server are given this metric upon
injection into the routing table.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR allows for the ability to specify neither CIDR nor DHCP in the
talos machine config. The result here should allow for things like SLAAC
addressing with ipv6.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
In order to perform upgrades the way we would like, it is important that
we avoid any bind mounts into containers. This change ensures that all
system services get their config via stdin.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
This moves `pkg/config`, `pkg/client` and `pkg/constants`
under `pkg/machinery` umbrella.
And `pkg/machinery` is published as Go module inside Talos repository.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This make the config provider a pure interface definition by removing
all concrete internal types, and making them an interface.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
This makes `pkg/config` directly importable from other projects.
There should be no functional changes.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes#2272
`gofumpt` is now included into `golangci-lint`, but not the
`gofumports`, so we keep it using it as separate binary, but we keep
versions in sync with `golangci-lint`.
This contains fixes from:
* `gofumpt` (automated, mostly around octal constants)
* `exhaustive` in `switch` statements
* `noctx` (adding context with default timeout to http requests)
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This linter makes sure tests are excercising only public package API.
I fixed all the tests which touch only public API of the packages. For
other test packages I added proper `//nolint` directive.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will introduce a new field to v1alpha1 configs that allows users
to set `dummy: true` when specifying interfaces. If present, we will
create a dummy interface with the CIDR information given. This is useful
for users that don't want to use loopback for things like ECMP (or want
more than one dummy interface).
The created dummy interface looked like this with `ip a`:
```
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether 66:4a:e3:5f:38:10 brd ff:ff:ff:ff:ff:ff
inet 10.254.0.5/32 brd 10.254.0.5 scope global dummy0
valid_lft forever preferred_lft forever
```
Will close#2186.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
The source address is set by default, which leads to RNETLINK
errors, when the Global Unicast Address is passed as a Source
to a LL Unicast Gateway. Errors of RTNETLINK are now logged.
Signed-off-by: Frederik Schwan <frederik.schwan@linux.com>
This is a rewrite of machined. It addresses some of the limitations and
complexity in the implementation. This introduces the idea of a
controller. A controller is responsible for managing the runtime, the
sequencer, and a new state type introduced in this PR.
A few highlights are:
- no more event bus
- functional approach to tasks (no more types defined for each task)
- the task function definition now offers a lot more context, like
access to raw API requests, the current sequence, a logger, the new
state interface, and the runtime interface.
- no more panics to handle reboots
- additional initialize and reboot sequences
- graceful gRPC server shutdown on critical errors
- config is now stored at install time to avoid having to download it at
install time and at boot time
- upgrades now use the local config instead of downloading it
- the upgrade API's preserve option takes precedence over the config's
install force option
Additionally, this pulls various packes in under machined to make the
code easier to navigate.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This fixes random markdown linting issues. The previous `sentences-per-line`
library seems to be broken now, and unmaintained. This moves to using
`textlint` instead.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will fix some unexpected behavior where we were using Interfaces
as an unordered map, which led to varying behavior with hostname
determination. We will now go through the list of interfaces
alphabetically by name.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR will allow users to configure /etc/hosts through the network
config section, as opposed to having to use a file append operation.
Example usage might look something like:
```
...
...
machine:
...
...
network:
extraHostEntries:
- ip: 192.168.1.100
aliases:
- test
- test.wtf.bbq
...
...
```
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
We saw strange behavior in this health check, and think that it is due
to ARP table cache. In practice, the health check caused nodes to hang.
We decided to not use the ARP table to determine the health of networkd.
The fact that networkd can respond to the health API should be
sufficient enough since network will fail to start upon any error in the
initial setup of the network.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
Adding VLAN as option to machine config under devices.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
feat: Add addressing support for VLAN devices.
- Refactors static addressing to not be dependent on machine.Device
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
feat: Add addressing support for VLAN devices.
- Support of VLAN being the default network to use by removing need of addressing on master device.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: Fix the fmt of go files
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: refactor based on review comment.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: remove unused function
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
feat: initial work for supporting vlans
Adding VLAN as option to machine config under devices.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
feat: Add addressing support for VLAN devices.
- Refactors static addressing to not be dependent on machine.Device
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
feat: Add addressing support for VLAN devices.
- Support of VLAN being the default network to use by removing need of addressing on master device.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: Fix the fmt of go files
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: refactor based on review comment.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: fix test case function arguments
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: Add log for debugging address configuration failures
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: fix lint issues.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: fix the lint error.
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
fix: Fix when addressing set with kernel options
Signed-off-by: Niklas Wik <niklas.wik@nokia.com>
According to `rtnetlink(7)` field `state` is a bitmask of states, so
update the check to test accordingly.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This fixes a case when the domain name DHCP option is set, but hostname
is missing, causing the node to be setup without a hostname.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
This PR will allow users to set the `persist: true` value in their
config data to tell talos not to re-pull the config data at each reboot.
The default will still remain as a "pull every time" methodolgy in order
to encourage immutability by default.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This makes use of the external procfs pacakge that is based on the
pacakge we are removing here.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>