Go modules, container images.
Fixup for new COSI version: `ResourceDefinition` signature.
Update for new gRPC version: endpoints interface.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes: #6802
Automatically load kernel modules based on hardware info and modules
alias info. udevd would automatically load modules based on HW
information present.
Signed-off-by: Noel Georgi <git@frezbo.dev>
This fixes the issue when the overlay mount target directory was used as
lowerdir for the mount, creating extra folders in the extension.
Fix the issue by adding support for normal overlay mounts to use a
source directory when specified.
Also fixes a small issue where messages was logged when error is nil.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Not sure how I missed it in the first PR, but that's the only character
which was not quoted properly.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Not all Kubernetes deprecated resources are same - if the old API
version is deprecated, but new one is available, API server handles
trnasition for us. If some resource is removed completely, we need to
check for it. This reduces number of items to check, and simplifies the
check.
Move the check under the umbrella of the 'upgrade pre-checks', and make
it actually fatal.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Wait for the network before trying to access the metadata service.
Retry the calls when appropriate (most platforms use `download.Download`
function which does proper retries).
Co-authored-by: Noel Georgi <git@frezbo.dev>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
One case was missing: when network section is present, but value is
omitted.
Fixes#6825
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use process wrapper introduced in #6814 to drop capabilities. This change
also means the capabilities are dropped per process level and not for
PID 1 (machined), which allows us to drop capabilities per process.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Use a wrapper for starting processes which can setup proper cgroups,
OOMscore, and also drop capabilities for the process, then it calls
`execve`.
The containerd tests is also fixed to support cgroups when
running tests in buildkit. It used to pass previously as we did not
error if cgroup setup failed.
Signed-off-by: Noel Georgi <git@frezbo.dev>
This fixes multiple issues:
* `log.Fatalf` in the machined code leads to kernel panic
* return URL if some expansion fails
* correctly handle destroyed event (wait for the next one)
Fixes#6807
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#6795
This fixes a problem with Talos being stuck if the download attempts
time out - the returned context.Canceled error was triggering a
different flow which treats sequence take over as a special case, while
there is no other sequence to run.
Correct error should be timeout.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
One of the fields in the GRUB config - boot arguments - contains
user-controlled input. Talos supports variable expansion in
`talos.config` parameter, and uses `${var}` syntax.
In GRUB config, `}` is a special character, and introduction of `}`
breaks config parsing both for GRUB and Talos.
Correctly escape and unescape special characters.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Fixes#6747
The setting `mtu: 0` always meant "don't touch MTU", but the presence of
such line is very confusing.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This reduces time needed to navigate docs.
Signed-off-by: Sander Maijers <3374183+sanmai-NL@users.noreply.github.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Use new equality generate check.
It's not being used in Talos a lot, it's almost only in the discovery
API client code.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The previous `udevd` healthcheck was incomplete and if `udevd` took more
time to startup the initial `udevadm trigger` would have silently failed
failing to setup proper devices. `udevadm trigger` returns an exit code
of zero even if `udevd` is not running. This PR fixes by first checking
if the `udevd` control socket exists, which is a faster check, then
making sure `udevd` is up by running `udevadm control` command. This
ensures that `udevd` is properly initialized before running any `udevadm
trigger` commands even if `udevd` is restarted/killed.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Update Talos install guide for the Digital Ocean cloud platform.
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Signed-off-by: Tim Jones <tim.jones@siderolabs.com>
If we don't pre-build, it's getting built each time the `e2e-*` step
runs, and we have some running in parallel.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Set the additional description fields for vscode/monaco/jetbrains editors.
Strip the markdown formatting from the plain description.
Additionally, fix the description of the field `aescbcEncryptionSecret`.
Related to siderolabs/talos#6705.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This excludes it out of the `NodeAddress`.
Needs extra testing to confirm that it actually still works as anchor
IP.
Fixes#6760
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As the client returns wrapped errors, unwrap them using our own method
which does `errors.As` instead of gRPC one which doesn't do unwrapping.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
The supposed format with multiple adverised URLs is:
`name=u1,name=u2`
Previously Talos generated:
`name=u1,u2`
(which is wrong)
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Extend `docgen` tool to generate a JSON schema for `v1alpha1.Config` if a new optional cli arg is provided.
Extend the YAML-structured code comments on config fields to allow overriding the generated schema.
Add custom schemas for complex types.
Related to siderolabs/talos#6705.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Signed-off-by: Steve Francis <steve.francis@talos-systems.com>
Replaced multiple curl examples to get the correct talosctl with a curl that executes the install script.
For some reason `go-mod-outdated` didn't work for me, so I had to do
this manually.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
This improves the performance of the I/O operations if the underlying
filesystem supports it.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Run `depmod` during install/upgrades when extensions provide kernel
modules and `modules.dep` needs to be re-generated. This also allows
modules of same name from kernel to co-exist. Modules in `extras`
folder takes precedence over `in-built` ones.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#6707
There was a race condition between different parts of the service code:
`Stop` waits for the event which is published before the service is
removed from the `running[id]` map, so if one does `Stop` followed by
`Start` (this is what `services restart` API does), by the time it goes
to `Start` it might be still in the `running[id]` map, so `Start` does
nothing.
Overall this code should be rewritten and simplified, but for now move
out sending these "terminal" events out so that by the time the event is
published, the service is stopped and removed from the `running[id]`
map.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This is (still) being used in Talos to handle upgrade rollbacks.
There were multiple problems with this code, and one of them leads to
panic if the tag is written multiple times without deletion:
```
github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux.ADV.SetTagBytes({0xc00175bc00?, 0x1f11dbe?, 0xed4f4d?}, 0x0?, {0xc000afb7f0?, 0x400?, 0x0?})
/src/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux/syslinux.go:125 +0x270
github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux.ADV.SetTag(...)
/src/internal/app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux/syslinux.go:95
github.com/siderolabs/talos/cmd/installer/pkg/install.(*Installer).Install(0xc0004374a0, 0x5)
/src/cmd/installer/pkg/install/install.go
```
The `uint8()` conversion was causing overflow and wrong index when ADV
real length is over 255.
Fix multiple writes of the same tag by deleting previous value first.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Change TCP maximum segment size if it goes through the KubeSpan to match
KubeSpan MTU.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
As with #6724, controlplane node kubelet doesn't use control plane
endpoint anymore, run the test on the worker node instead of cp node.
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
`structprotogen` now supports generating enums directly instead of using predeclared file and hardcoded types. To use this functionality, simply put `structprotogen:gen_enum` in the comment above const block, you want to have the proto definitions for.
Closes#6215
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
While following this guide I found that one reference to rpi_4 wasn't
updated to rpi_generic yet, this commit fixes that.
Signed-off-by: Cees-Jan Kiewiet <ceesjank@gmail.com>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
