Validate capabilities are dropped and cgroup, UID, environment and OOM adjustments are set
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Bring in new tools, pkgs, update Go dependencies and others.
In preparation for Talos 1.9.0-alpha.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Add an option to `talosctl cluster create` to start a JSON log receiver,
and enabled it optionally.
Enable in `integration-qemu`.
See #9510
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update NVIDIA docs on proprietary/OSS driver requirements.
Signed-off-by: Ryan Borstelmann <ryan@ryanb.tv>
Documentation didn't outline why one would use OSS vs Proprietary Nvidia drivers, so added details for each. Biggest issue is hardware support, which differs between the two.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Unify usage of proto codec v2 across our projects.
Bump grpc library to 1.67.1 and ensure that we it still works with HTTP/2 ALPN value changes.
For https://github.com/siderolabs/talos/issues/9404
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
When fetching the machine configuration in the hcloud platform implementation,
try to decode the data returned from the 'userdata' endpoint as a base64 string.
If the data is not in base64 format, decoding does not succeed and the unmodified data is used.
Signed-off-by: Philipp Kleber <philipp.t.kleber@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This PR adds most of the recommended labels.
Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When using `iso` and `extra-disks` we're getting errors like below for
any nodes than the first node.
```text
qemu-system-aarch64: -cdrom _out/metal-arm64-secureboot.iso: drive with bus=0, unit=2 (index=2) exists
```
Fix by explicitly specifying the the media is cdrom, so qemu doesn't
index.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#9466
There are two fixes:
* fix the actual panic via https://github.com/siderolabs/go-circular/pull/5
* prevent similar issues in the future by installing a panic handler
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Modules pflag and cobra use csv.Reader for `StringSliceVar` method. This doesn't work well with JSON, and we do not need this at all.
Drop it.
Fixes#9493
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This PR adds a list of the domains I had to allow for a Talos cluster to pull all assets needed to install and bootstrap. I've added these docs back to 1.6 of Talos, as I'm not certain they would apply to anything earlier.
Signed-off-by: Spencer Smith <spencer.smith@talos-systems.com>
Use `DiscoveredVolumes` instead of `VolumeStatus`, force reboot to avoid
confusion in the volume controller.
Fixes#9448
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fix the flow when a failing key slot leads to repeated attempts to open
the volume, while it's already open, but the failure was to sync other
keys.
Refactor the code to get rid of variable assignment in the outer block
from closures.
Fixes#9415
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Support legacy-style region values.
Disable DHCPv4 for external interface when public IPv4 is disabled.
Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
As udevd is required by cryptsetup which will timeout if udevd is not working, do not stop it in StopServicesEphemeral, but let StopAllServices handle udev shutdown after cryptsetup close is called
Ref: https://bbs.archlinux.org/viewtopic.php?id=162415
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Instead of relying on cmdline (which will not work in case it's TinK on Talos, for example), add a file to container rootfs to signal the platform to machined.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Update pkgs to include a fixed version of systemd-udevd which searches for udev rules under /usr/etc/udev/rules.d as used by our system extensions.
Re-enable the affected test
Fixes#9423
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
For new installs, simply symlink to `/run` (which is `tmpfs`).
For old installs, simulate by cleaning up the contents.
Fixes#9432
Related to #9365
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Two fixes were in pkgs/lvm2:
* https://github.com/siderolabs/pkgs/pull/1041
* https://github.com/siderolabs/pkgs/pull/1042
Other fixes in this PR:
* adjust the controller a bit for some interactions
* make Rook test use more complicated, encrypted setup which uses LVM
* adjust LVM test to handle a case when there's more than one worker
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Eudev has seen less development effort recently with Gentoo and others moving towards using systemd-udevd which can now be built independently
Update pkgs, include more libraries, change udevd executable name
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
See #9412
I'll keep the issue open to track upstream PR status and remove replace
directives.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
The new command `talosctl cgroups` fetches cgroups snapshot from the
machine, parses it fully, enhances with additional information (e.g.
resolves pod names), and presents a customizable view of cgroups
configuration (e.g. limits) and current consumption.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is to suppress warnings on failure to load plugins, which were
harmless, but confusing.
Fixes#9393
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Update tools, pkgs, extras.
Brings in Go 1.23.1, Linux 6.6.52, new xfsprogs, etc.
Fork docs.
Add new version contract, etc.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We do it for Talos itself to minimize the memory footprint and binary
size for the `dashboard` when part of Talos, while for `talosctl` we
want to have better support of various terminals.
Fixes#9377
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
