This simply uses new protobuf package instead of old one.
Old protobuf package is still in use by Talos dependencies.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This removes networkd, updates network ready condition, enables all the
controllers which were previously disabled.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
The structure of the controllers is really similar to addresses and
routes:
* `LinkSpec` resource describes desired link state
* `LinkConfig` controller generates `LinkSpecs` based on machine
configuration and kernel cmdline
* `LinkMerge` controller merges multiple configuration sources into a
single `LinkSpec` paying attention to the config layer priority
* `LinkSpec` controller applies the specs to the kernel state
Controller `LinkStatus` (which was implemented before) watches the
kernel state and publishes current link status.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Very easily reproduced when you start a node with a Dynamic IP.
Normally it should renew lease after TTL/2, but that doesn't happen, so
the node starts to get next IP one after another.
After looking at packets sent by other clients, found out that they
have `Client IP address` equal to the IP given by the DHCP server.
Additionally, changed DHCP client to send Request packets directly to the DHCP server after getting an offer.
It looks like DHCP spec states that you should use unicast request directly to DHCP server, not broadcast.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
This moves implementation of the user-facing APIs to the machined, and
as now all the APIs are implemented by machined, remove routerd and
adjust apid to proxy to machined.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This removes networkd as a separate container and image.
Reasons:
* `machined` becomes more and more bound into the core flow - now it
interacts with `etcd` for VIPs, so container has more and more
mounts/permissions
* it should be easier to COSIfy machined piece by piece if we have it
running in the same process
* initramfs size
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This adds a VIP (virtual IP) option to the network configuration of an
interface, which will allow a set of nodes to share a floating IP
address among them. For now, this is restricted to control plane use
and only a single shared IP is supported.
Fixes#3111
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This changes introduces top-level cancellable on signal context to
networkd to abort operations when networkd is being stopped.
This allows for clean restarts of networkd container, and it is required
to support canceallable context for VIP etcd operations.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR fixes a bug where we removed adding attributes during the
RouteAdd call for rtnetlink. The way that code is implemented means that
if *any* attributes are passed, the defaults are ignored. But we were
expecting defaults to be there. No longer!
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This renames existing 'DHCP' implementation to `DHCP4`, new client is
`DHCP6`.
For now, `DHCP6` is disabled by default and should be explicitly enabled
with the config.
QEMU testbed for IPv6 is going to be pushed as separate PR.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
The problem was that our DHCP client was always doing
Discover-Offer-Request-Ack sequence as if it doesn't have any IP lease
which was breaking some DHCP servers leading to an error which in turn
makes Talos retry harder hitting the same error over and over again.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
As of now, we're not using Go profiling, so it's safe to disable it to
save some memory and CPU costs. Once we start using it, we can re-enable
it conditionally.
Each process allocates around 1.4MiB on amd64 for memory profiling
buckets.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This the first iteration of Wireguard network support.
What was done:
- kernel was updated to enable Wireguard kernel module.
- changed networkd to support creating Wireguard device type.
- used wgctrl to configure wireguard.
- updated `talosctl cluster create` to support generating Wireguard
network configuration automatically by just specifying the network cidr.
- added docs about Wireguard support/how to use it.
Signed-off-by: Artem Chernyshev <artem.0xD2@gmail.com>
Looks like the code before change in #1578 returned the first hostname
found while interating over interfaces and addressing methods, but #1578
supposedly inadvertently flipped that to iterate over all interfaces (so
last interface wins).
Problem is that both `DHCP` and `Static` addressing methods provide
hostnames, while DHCP hostname comes from DHCP server, while `Static`
defines hostname as `talos-10-5-0-2` (by IP).
If we were to fix it for real, we should build a list of hostname with
priorities coming from different sources and pick a hostname with the
highest priority, so this fix is more of a bandaid rather than a real
fix.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This probably fixes bonding in general if 2nd link in the bond is down.
For packet, set additional options for the bonded interface. In
networkd, add interfaces filtered out by link status as ignored to make
them available as bond subinterfaces.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
There were two problems:
* `configureInterfaces` was always failing if interface is already set
up, as the routes already exist
* `renew` was halving the renew interval each time `configureInterface`
fails, which starts at (LeaseTime/2) and goes effectively to zero
This was leading to high networkd CPU usage, storm of DHCP requests on
the network.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This allows config to be written to disk without being applied
immediately.
Small refactoring to extract common code paths.
At first, I tried to implement this via the sequencer, but looks like
it's too hard to get it right, as sequencer lacks context and config to
be written is not applied to the runtime.
Fixes#2828
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
While IPv6 were mostly supported already, there was a single segment in
the interface setup which forced everything into an IPv4 route.
This limitation has been removed.
In so doing, route metrics have been cleaned up a small amount.
This change allows the specification of the route metric from the
config.
Fixes#2772
Signed-off-by: Seán C McCord <ulexus@gmail.com>
Fixes were applied automatically.
Import ordering might be questionable, but it's strict:
* stdlib
* other packages
* same package imports
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR makes use of a new merge into the upstream rtnetlink library
that introduces functional args for adding routes.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This covers most of the packages except for those we have to keep on
hold (etcd and grpc because of etcd).
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR updates the behavior of our machine configs with respect to
DHCP-enabled interfaces. Now, if MTU is specified by the user, that
value will take precedence over any setting provided by the DHCP server.
Additionally, any routes specified will be appended to routes specified
by the DHCP server.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR adds a "DHCPOptions" field to the config. This field contains a
single subfield currently, "RouteMetric". Setting this well ensure that
any routes provided from the DHCP server are given this metric upon
injection into the routing table.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
This PR allows for the ability to specify neither CIDR nor DHCP in the
talos machine config. The result here should allow for things like SLAAC
addressing with ipv6.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
In order to perform upgrades the way we would like, it is important that
we avoid any bind mounts into containers. This change ensures that all
system services get their config via stdin.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
This moves `pkg/config`, `pkg/client` and `pkg/constants`
under `pkg/machinery` umbrella.
And `pkg/machinery` is published as Go module inside Talos repository.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This make the config provider a pure interface definition by removing
all concrete internal types, and making them an interface.
Signed-off-by: Andrew Rynhard <andrew@rynhard.io>
This makes `pkg/config` directly importable from other projects.
There should be no functional changes.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
Fixes#2272
`gofumpt` is now included into `golangci-lint`, but not the
`gofumports`, so we keep it using it as separate binary, but we keep
versions in sync with `golangci-lint`.
This contains fixes from:
* `gofumpt` (automated, mostly around octal constants)
* `exhaustive` in `switch` statements
* `noctx` (adding context with default timeout to http requests)
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This linter makes sure tests are excercising only public package API.
I fixed all the tests which touch only public API of the packages. For
other test packages I added proper `//nolint` directive.
Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
This PR will introduce a new field to v1alpha1 configs that allows users
to set `dummy: true` when specifying interfaces. If present, we will
create a dummy interface with the CIDR information given. This is useful
for users that don't want to use loopback for things like ECMP (or want
more than one dummy interface).
The created dummy interface looked like this with `ip a`:
```
3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether 66:4a:e3:5f:38:10 brd ff:ff:ff:ff:ff:ff
inet 10.254.0.5/32 brd 10.254.0.5 scope global dummy0
valid_lft forever preferred_lft forever
```
Will close#2186.
Signed-off-by: Spencer Smith <robertspencersmith@gmail.com>
The source address is set by default, which leads to RNETLINK
errors, when the Global Unicast Address is passed as a Source
to a LL Unicast Gateway. Errors of RTNETLINK are now logged.
Signed-off-by: Frederik Schwan <frederik.schwan@linux.com>
This is a rewrite of machined. It addresses some of the limitations and
complexity in the implementation. This introduces the idea of a
controller. A controller is responsible for managing the runtime, the
sequencer, and a new state type introduced in this PR.
A few highlights are:
- no more event bus
- functional approach to tasks (no more types defined for each task)
- the task function definition now offers a lot more context, like
access to raw API requests, the current sequence, a logger, the new
state interface, and the runtime interface.
- no more panics to handle reboots
- additional initialize and reboot sequences
- graceful gRPC server shutdown on critical errors
- config is now stored at install time to avoid having to download it at
install time and at boot time
- upgrades now use the local config instead of downloading it
- the upgrade API's preserve option takes precedence over the config's
install force option
Additionally, this pulls various packes in under machined to make the
code easier to navigate.
Signed-off-by: Andrew Rynhard <andrew@andrewrynhard.com>
