This is going to be used to detect disks that are safe to wipe.
For blockdevices, track secondaries as direct references, e.g. encrypted
`STATE` partition might have secondary `vda5`.
For disks, re-map secondaries to be whole devices names, e.g. `vda`.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#8900Closes#9687
(contains splitting of late mounts)
The benefits:
* tasks run _before_ controllers are started
* tasks can register `defer` to undo actions
This decomposes sequencer tasks a bit.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Addresses old and recent change combination that prevents qemu provisioning on
ArchLinux by adding a default search path and the filenames the package
maintainer used.
Signed-off-by: Sam Stelfox <sstelfox@bedroomprogrammers.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Rewrite matcher to take out old go-blockdevice library out of the way,
implementing translation from go-blockdevice format to CEL.
Implement facilities to build CEL expressions programmatically.
Now we can add a machine config disk match expression (CEL) easily.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Split from #9596 (without IPv6 stuff). This PR does this things:
- Refactored `DNSResolveCacheController`. Most of the logic moved to `dns` package types. Simplify and streamline logic.
- Replace most of the goroutine orchestration with suture package.
- Support per-item reaction to the dns listeners/servers failing to start. This allows us to ignore IPv6 errors if it's disabled.
- Support per-item reaction to the dns listeners/servers failing to stop.
Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
Save `support.zip` always, also use a different folder for saving logs,
so we can save artifacts of multi cluster tests.
Signed-off-by: Noel Georgi <git@frezbo.dev>
We should not just rely on the sysctl, also confirm that `UserNamespacesSupport=true`
feature gate is set for apiserver, so that the tests gets skipped if only sysctl is set.
Signed-off-by: Noel Georgi <git@frezbo.dev>
Dashboard now shows the active frequency of each CPU core when cpufreq
is available on non-virtualized systems, enhancing real-time accuracy.
Solves the issue of displaying 0MHz on certain SBCs due to
/proc/cpuinfo limitations.
Signed-off-by: Nico Berlee <nico.berlee@on2it.net>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Combine the checks for bonded and bridged interfaces to avoid code
duplication. Add new test case for addresses on bridged interfaces.
Update test cases to match rephrased error messages.
Fix test case implementation for addresses on bonded interfaces to
include eth2 which was configured but not used in the test.
Signed-off-by: Joakim Nohlgård <joakim@nohlgard.se>
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Conditionally mount selinuxfs only if it's present.
Fix AppArmor tests, `apparmor` and other minor LSM's and set
`apparmor=1`.
Signed-off-by: Noel Georgi <git@frezbo.dev>
The resource in the examples had been retired a while ago, update docs
accordingly.
Fixes#9651
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Fixes#9607
Use docker CLI syntax, support any kind of mounts supported by docker
CLI.
Also drop modules from `talos` container image, as it's useless to
provide modules in container mode.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Part of: #9127
Label executables and processes, build, load and manage SELinux policy, enable audit support.
Labeling filesystems, devices and runtime files will be done in further changes, see the full PR.
Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>
When running in containers, specifically on Docker Desktop VMs, the
securityfs might be missing.
Fixes#9431
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
When we normalize the route with e.g. IPv6 all addresses (`::/0`), we
were wiping the family information. Keep the information, and also fix
the scope for such routes.
Fixes#9624
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Mount them early, they will be moved to the new root in switch root
process as they're under.
Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
