Support generating unsigned UKI's.
Also plumb in support to `talosctl cluster create` to boot off UKI's.
This doesn't work yet as installer needs more work.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#10097
See https://github.com/siderolabs/go-blockdevice/pull/121
I added an option to QEMU provisioner to create disks with custom block
sizes (supported for some disk types).
Unfortunately, this case can't be built as a regression as QEMU's
firmware boots fine with ESP partition at 256/1024/2048 LBA.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This way it's easy to re-enable NRI plugins with a simple change.
See https://github.com/siderolabs/talos/discussions/10068
I tested that it works e2e with NRI plugins repository.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This ensures that even in the event of a DHCP downtime that exceeds the
lease time, the current IP can be maintained.
Signed-off-by: TomyLobo <tomylobo@nurfuerspam.de>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixed command to wait for ceph-rook HEALTH_OK
Signed-off-by: Tim Olson <shamme@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Having selinuxfs mounted might confuse some software, as conventional Linux systems do not have selinuxfs mounted when SELinux is disabled and no policy is loaded.
Fixes#10083
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
Bring in parity with systemd 257 by supporting more UKI sections.
The output of `sd-measure` and our measure code will be different until
https://github.com/systemd/systemd/pull/35765 is fixed upstream.
Fixes: #10075
Signed-off-by: Noel Georgi <git@frezbo.dev>
The file which is exported back to source via `make generate` is using
short tag (vX.Y.Z), while the one generated for the actual build comes
with full version tag.
Fixes#8898
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Drop Equinix Metal e2e tests, due to EM machines mostly not booting
properly over PXE, drop the test as it adds no value.
Fixes: #10034
Signed-off-by: Noel Georgi <git@frezbo.dev>
The code from `talosctl` imports transitively tpm package, so make it
build on non-Linux.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#10040
Sometimes etcd after 'server stoppped' error actually removes a member,
so the next attempt returns member not found, ignore it, as our goal was
to remove a member.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
1. Don't set max cgroups limit if race mode is enabled (only in test
mode). When e.g. apid/trustd are built with race detector on, they
consume 10x the memory.
2. Fix a data race in `talosctl support` when showing UI progress.
3. Fix an issue pulling `kubeconfig` in `talosctl support` - pull from
endpoints (controlplanes) without setting any nodes.
Fixes#10036
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This should improve watch reliability, as it was failing on channel
being closed.
Fixes#10039
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Search domain should be domain name of the hostname, not the FQDN.
Bug introduced in #9844
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
We need a field named `name` to distinguish between named documents, as
decoder expects a `name` yaml key.
Fixes: https://github.com/siderolabs/talos/discussions/10025
Fixes by using standard `name` field instead of `pciID`.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Assert on exact allocation for different filesystem size.
Note: this test only reliably works in buildkit, with a specific version
of `xfsprogs`.
Fixes#10021
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Make default args depend on quirks, and also pass quirks down to
platform code.
Reduces amount of hacks, but it is functionally equivalent.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Create a dummy SELinux file_contexts file to mitigate the warning. We do not rely on libselinux for labeling, so empty file suffices.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
