Include percent-based maxSize, e.g. use 50% of available space.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
(cherry picked from commit 83f2bdb9ce6c9466716a6ac9c94dc2222e569ee8)
When set to `disk`, a full block device is used for the volume.
When `volumeType = "disk"`:
- Size specific settings are not allowed in the provisioning block (`minSize`, `maxSize`, `grow`).
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Previously, system volumes (`META`, `STATE`, etc.) were created by
`VolumeConfigController` and user volumes were created by
`UserVolumeConfigController`. This resulted in these controllers
racing to create volumes, which could cause partitions to be created in
an incorrect order.
This patch fixes this potential race by merging these two controllers
into a single controller, and refactoring a lot of the similar code
paths into one single pipeline for volume config handling.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
In certain situations, Talos's shutdown/reboot sequence hangs while
waiting for services/mounts to be gracefully stopped (see:
https://github.com/siderolabs/talos/issues/11775).
This patch adds a forceful mode to the reboot sequence (`talosctl reboot
--mode force`) that bypasses graceful userspace teardown and hard
reboots the machine.
Signed-off-by: Laura Brehm <laurabrehm@hey.com>
Fixes#10963
Also hides/deprecated `.machine.network.interfaces`, as every piece of
it is now available as proper multi-doc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Also expand internal bond configuration to cover missing fields.
They are not going to be exposed in legacy configuration.
Fixes#10960
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
- Add d_* PSI derivative values to the trigger expression context
- Only trigger OOM action while PSI is rising
- Make OOM test fail if controller kills a cgroup without stress-ng
- Wait for stress-mem to terminate before proceeding with the next tests
- Skip OOM test when running with race detector
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Update COSI, and stop using a fork of `gopkg.in/yaml.v3`, now we use new
supported for of this library.
Drop `MarshalYAMLBytes` for the machine config, as we actually marshal
config as a string, and we don't need this at all.
Make `talosctl` stop doing hacks on machine config for newer Talos, keep
hacks for backwards compatibility.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rework the assertion to be more specific.
The root cause that now LVM marks device mapper devices in a different
way, and we see just two of them.
Co-authored-by: Laura Brehm <laurabrehm@hey.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
CoreDNS 1.13.0
Linux 6.17.4
Other go.mod dependencies, tools, Helm charts used in tests, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Scale the number of replicas according to available resources.
The problem was that `qemu-race` has more memory available.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add new `--airgapped` flag to talos cluster create (qemu)
to disable NAT in the VMs to effectively become airgapped.
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
Use `e1000` emulation instead of `virtio-net`, as with new network
config if we create another `virtion-net` link, Talos is confused which
one should be aliased, and networking config is broken.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
- Improve docs
- Disable OOM controller in container mode
- Log OOM events
- Add an integration test verifying the system can sustain an OOM event
Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>
Use cmdline from the UKI in Talos 1.12+ by default for new installs.
This brings GRUB in line with systemd-boot vs. cmdline behavior.
Fixes#12019
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support disabling kernel module signature verification.
Note that this does not work when SecureBoot is enabled.
Fixes: #11989
Signed-off-by: Noel Georgi <git@frezbo.dev>
Add new command that takes Talos version (semver) and generates a list
of images that are used in Image Factory for building talos.
Fixes#11927
Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
New multi-doc way to apply static configuration to network links.
Fixes#10957
Also implements related changes:
* new-style auto-DHCP mode - run DHCP as long as there is no new-style
config document
* refactoring of controllers/tests which were touched in this PR
* implemented embedded config structs handling in docgen -> Markdown and
docgen -> JSON schema
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
One issue is with update hostname tests which runs against Talos v1.11
machine config which contains legacy fields which need to be removed.
Another is an attempt to refactor apply-try tests.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We test for labels immediately after volume status is ready, but we
should instead wait a bit for labels to be discovered.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#11780
Couple of changes:
* clear connection refused before apply config with reboot (no-op CRI
patch test)
* improve log output in volume tests
* drop locking in vgcreate, as it seems to conflict with background disk
scans (by Talos or udevd)
Co-authored-by: Noel Georgi <git@frezbo.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#10953
This the very first migrated document. I picked up a very simple
configuration document to build some initial idea how we handle
migration of the config documents to the new format.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
See 4b840414be for more information.
Talos versions prior to 1.12 locked to PCR 7 state and PCR 11 for signed policies.
In-order for backwards compatibility newer installs will still default to PCR 7 state. Locking to PCR 7 can be disabled by passing an empty list.
Fixes: #10677
Signed-off-by: Noel Georgi <git@frezbo.dev>
Move stuff into `tools/go.mod`.
Also fix linting issues on the way (updating golangci-lint).
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When upgrading from pre-1.11 versions of Talos, there was a failure on
mismatch to unmarshal "old" encryption config into new structure.
Fix that by providing a proper fallback.
Add both unit-test verifying compatibility, as well as
a full integration upgrade test with encrypted disks.
Fixes#11502
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Deprecate/hide old v1alpha1 disk encryption config, and move to
unified approach via `VolumeConfig` resource.
Allow only encryption configuration for `STATE` (for now).
Fixes#10749
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
