When set to `disk`, a full block device is used for the volume.
When `volumeType = "disk"`:
- Size specific settings are not allowed in the provisioning block (`minSize`, `maxSize`, `grow`).
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
In certain situations, Talos's shutdown/reboot sequence hangs while
waiting for services/mounts to be gracefully stopped (see:
https://github.com/siderolabs/talos/issues/11775).
This patch adds a forceful mode to the reboot sequence (`talosctl reboot
--mode force`) that bypasses graceful userspace teardown and hard
reboots the machine.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Allows for NVIDIA kernel modules to load on arm arch
Signed-off-by: Justin Garrison <justin.garrison@siderolabs.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
CoreDNS 1.13.0
Linux 6.17.4
Other go.mod dependencies, tools, Helm charts used in tests, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add new `--airgapped` flag to talos cluster create (qemu)
to disable NAT in the VMs to effectively become airgapped.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
* add 'iso', 'pxe', 'disk-image', 'maintenance' and 'secureboot' presets
* swith the image-factory e2e test to use the create qemu command with presets
* add a '--omni-api-endpoint' to simplify connecting machines to omni
Signed-off-by: Orzelius <33936483+Orzelius@users.noreply.github.com>
Use cmdline from the UKI in Talos 1.12+ by default for new installs.
This brings GRUB in line with systemd-boot vs. cmdline behavior.
Fixes#12019
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support disabling kernel module signature verification.
Note that this does not work when SecureBoot is enabled.
Fixes: #11989
Signed-off-by: Noel Georgi <git@frezbo.dev>
This pulls in Linux 6.17.3, Tenstorrent 2.4.1 and NVIDIA LTS 580.95.05.
Also update calico canal manifest for tests to support running without
iptables-legacy
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Most of the work is to add proper test environment for more cases.
Include a test for pulling an image
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
These features don't make any sense right now, so remove them from the
machine config to reduce clutter.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Instead of building images, fetch them from image factory to ensure
proper schematic is used for including default extensions.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Source: 76821aabeb/kernel_hardening_checker/checks.py
Filter some sysctls (if we don't need them because of kernel config), or
try not to break things too much.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See 4b840414be for more information.
Talos versions prior to 1.12 locked to PCR 7 state and PCR 11 for signed policies.
In-order for backwards compatibility newer installs will still default to PCR 7 state. Locking to PCR 7 can be disabled by passing an empty list.
Fixes: #10677
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#11662
The name of the mapped volumes is normalized to be
`/dev/mapper/<id>-luks2`.
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
