Fixes#9691
This closes the race between the node registration and the moment
`NodeApplyController` would apply the taint.
As the taint is exactly same as added by `NodeApplyController`, it will
be owned by the controller, so it can be removed if
`allowSchedulingOnControlplanes` is enabled in the machine config while
the cluster is running.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
This is going to be used to detect disks that are safe to wipe.
For blockdevices, track secondaries as direct references, e.g. encrypted
`STATE` partition might have secondary `vda5`.
For disks, re-map secondaries to be whole devices names, e.g. `vda`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Addresses old and recent change combination that prevents qemu provisioning on
ArchLinux by adding a default search path and the filenames the package
maintainer used.
Signed-off-by: Sam Stelfox <sstelfox@bedroomprogrammers.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rewrite matcher to take out old go-blockdevice library out of the way,
implementing translation from go-blockdevice format to CEL.
Implement facilities to build CEL expressions programmatically.
Now we can add a machine config disk match expression (CEL) easily.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Save `support.zip` always, also use a different folder for saving logs,
so we can save artifacts of multi cluster tests.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Dashboard now shows the active frequency of each CPU core when cpufreq
is available on non-virtualized systems, enhancing real-time accuracy.
Solves the issue of displaying 0MHz on certain SBCs due to
/proc/cpuinfo limitations.
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Combine the checks for bonded and bridged interfaces to avoid code
duplication. Add new test case for addresses on bridged interfaces.
Update test cases to match rephrased error messages.
Fix test case implementation for addresses on bonded interfaces to
include eth2 which was configured but not used in the test.
Signed-off-by: Joakim Nohlgård <joakim@nohlgard.se>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Conditionally mount selinuxfs only if it's present.
Fix AppArmor tests, `apparmor` and other minor LSM's and set
`apparmor=1`.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Fixes#9607
Use docker CLI syntax, support any kind of mounts supported by docker
CLI.
Also drop modules from `talos` container image, as it's useless to
provide modules in container mode.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Part of: #9127
Label executables and processes, build, load and manage SELinux policy, enable audit support.
Labeling filesystems, devices and runtime files will be done in further changes, see the full PR.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
When we normalize the route with e.g. IPv6 all addresses (`::/0`), we
were wiping the family information. Keep the information, and also fix
the scope for such routes.
Fixes#9624
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Introduce a new operating mode called the metal agent mode.
The mode is activated by the presence of a `/usr/local/etc/is-metal-agent` file under the root FS.
In this mode, Talos will:
- Only run the Initialize sequence, won't follow it up with the install/boot sequences
- Mark STATE partitions as `missing`, so Talos will always be in "not installed" state.
- Block applying configuration via API while in maintenance mode.
This mode can be used, e.g., to collect hardware information from bare-metal servers.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
The Secureboot ISO previously generated has just an EFI parition.
Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.
Fixes: #9565
Signed-off-by: Noel Georgi <git@frezbo.dev>
Allow extensions to opt-in for their logs to be printed in the console, i.e., Talos kernel log buffer as well as their default logging target.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
This PR does those things:
- Fixes race condition where controller could potentially modify upstream, while other controller is copying its internals to the slice.
- Simplifies `run` function in `DNSUpstreamController` by removing all `Idx` handling.
- Removes `Idx` field from `DNSUpstream`. Upstreams are now sorted by their id with №X prefix.
- `Proxy` Stop is now called from the finalizer. In combination with iterators, this ensures that we only stop upstream when it's fully unreachable.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Fixes#9538
Re-do the implementation by using the volume management primitives, so
that we can avoid/skip old code. This should fix all issues related to
the partition/whole disk.
Fix issues in the volume management (exposed, as we haven't used it this
way before).
Build a test case in `talosctl cluster create` to inject machine config
via `metal-iso`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Bring in new tools, pkgs, update Go dependencies and others.
In preparation for Talos 1.9.0-alpha.0.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
