Documentation ¶
Overview ¶
Package profile contains definition of the image generation profile.
Index ¶
Constants ¶
const ( // MinRAWDiskSize is the minimum size disk we can create. Used for metal images. MinRAWDiskSize = 1246 * mib // DefaultRAWDiskSize is the value we use for any non-metal images by default. DefaultRAWDiskSize = 8192 * mib )
Variables ¶
var Default = map[string]Profile{ "iso": { Platform: constants.PlatformMetal, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindISO, OutFormat: OutFormatRaw, }, }, "secureboot-iso": { Platform: constants.PlatformMetal, SecureBoot: pointer.To(true), Output: Output{ Kind: OutKindISO, OutFormat: OutFormatRaw, ISOOptions: &ISOOptions{ SDBootEnrollKeys: SDBootEnrollKeysIfSafe, }, }, }, "metal": { Platform: constants.PlatformMetal, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "secureboot-metal": { Platform: constants.PlatformMetal, SecureBoot: pointer.To(true), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "installer": { Platform: "metal", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindInstaller, OutFormat: OutFormatRaw, }, }, "secureboot-installer": { Platform: "metal", SecureBoot: pointer.To(true), Output: Output{ Kind: OutKindInstaller, OutFormat: OutFormatRaw, }, }, "aws": { Platform: "aws", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "azure": { Platform: "azure", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatVPC, DiskFormatOptions: "subformat=fixed,force_size", }, }, }, "digital-ocean": { Platform: "digital-ocean", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatGZ, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "exoscale": { Platform: "exoscale", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: 10 * 1024 * mib, DiskFormat: DiskFormatQCOW2, DiskFormatOptions: "cluster_size=8k", }, }, }, "gcp": { Platform: "gcp", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatTar, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "hcloud": { Platform: "hcloud", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "nocloud": { Platform: "nocloud", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "openstack": { Platform: "openstack", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "oracle": { Platform: "oracle", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatQCOW2, DiskFormatOptions: "cluster_size=8k", }, }, }, "scaleway": { Platform: "scaleway", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "upcloud": { Platform: "upcloud", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, "vmware": { Platform: "vmware", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatRaw, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatOVA, }, }, }, "vultr": { Platform: "vultr", SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: DefaultRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardRPiGeneric: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardRPiGeneric, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardRock64: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardRock64, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardBananaPiM64: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardBananaPiM64, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardLibretechAllH3CCH5: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardLibretechAllH3CCH5, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardRockpi4: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardRockpi4, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardRockpi4c: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardRockpi4c, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardPine64: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardPine64, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardJetsonNano: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardJetsonNano, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, constants.BoardNanoPiR4S: { Arch: "arm64", Platform: constants.PlatformMetal, Board: constants.BoardNanoPiR4S, SecureBoot: pointer.To(false), Output: Output{ Kind: OutKindImage, OutFormat: OutFormatXZ, ImageOptions: &ImageOptions{ DiskSize: MinRAWDiskSize, DiskFormat: DiskFormatRaw, }, }, }, }
Default describes built-in profiles.
Functions ¶
This section is empty.
Types ¶
type ContainerAsset ¶
type ContainerAsset struct { // ImageRef is a reference to the container image. ImageRef string `yaml:"imageRef"` // ForceInsecure forces insecure registry communication. ForceInsecure bool `yaml:"forceInsecure,omitempty"` // TarballPath is a path to the .tar format container image contents. // // If TarballPath is set, ImageRef is ignored. TarballPath string `yaml:"tarballPath,omitempty"` // OCIPath is a path to the OCI format container image contents. // // If OCIPath is set, ImageRef is ignored. OCIPath string `yaml:"ociPath,omitempty"` }
ContainerAsset describes a container asset.
type CustomizationProfile ¶
type CustomizationProfile struct { // ExtraKernelArgs is a list of extra kernel arguments. ExtraKernelArgs []string `yaml:"extraKernelArgs,omitempty"` // MetaContents is a list of META partition contents. MetaContents meta.Values `yaml:"metaContents,omitempty"` }
CustomizationProfile describes customizations that can be applied to the image.
type DiskFormat ¶
type DiskFormat int
DiskFormat is disk format specification.
const ( DiskFormatUnknown DiskFormat = iota // unknown DiskFormatRaw // raw DiskFormatQCOW2 // qcow2 DiskFormatVPC // vhd DiskFormatOVA // ova )
DiskFormat values.
func DiskFormatString ¶
func DiskFormatString(s string) (DiskFormat, error)
DiskFormatString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func DiskFormatValues ¶
func DiskFormatValues() []DiskFormat
DiskFormatValues returns all values of the enum
func (DiskFormat) IsADiskFormat ¶
func (i DiskFormat) IsADiskFormat() bool
IsADiskFormat returns "true" if the value is listed in the enum definition. "false" otherwise
func (DiskFormat) MarshalText ¶
func (i DiskFormat) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface for DiskFormat
func (DiskFormat) String ¶
func (i DiskFormat) String() string
func (*DiskFormat) UnmarshalText ¶
func (i *DiskFormat) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface for DiskFormat
type FileAsset ¶
type FileAsset struct { // Path to the file. Path string `yaml:"path"` }
FileAsset describes a file asset.
type ISOOptions ¶ added in v1.6.5
type ISOOptions struct { // SDBootEnrollKeys is a value in loader.conf secure-boot-enroll: off, manual, if-safe, force. // // If not set, it defaults to if-safe. SDBootEnrollKeys SDBootEnrollKeys `yaml:"sdBootEnrollKeys"` }
ISOOptions describes options for the 'iso' output.
type ImageOptions ¶
type ImageOptions struct { // DiskSize is the size of the disk image (bytes). DiskSize int64 `yaml:"diskSize"` // DiskFormat is the format of the disk image: // * raw - raw disk image // * qcow2 - qcow2 disk image // * vhd - VPC disk image // * ova - VMWare disk image DiskFormat DiskFormat `yaml:"diskFormat,omitempty"` // DiskFormatOptions are additional options for the disk format DiskFormatOptions string `yaml:"diskFormatOptions,omitempty"` }
ImageOptions describes options for the 'image' output.
type Input ¶
type Input struct { // Kernel is a vmlinuz file. Kernel FileAsset `yaml:"kernel"` // Initramfs is a initramfs file (without system extensions). Initramfs FileAsset `yaml:"initramfs"` // SDStub is a sd-stub file (only for SecureBoot). SDStub FileAsset `yaml:"sdStub,omitempty"` // SDBoot is a sd-boot file (only for SecureBoot). SDBoot FileAsset `yaml:"sdBoot,omitempty"` // DTB is a path to the device tree blobs (arm64 only). DTB FileAsset `yaml:"dtb,omitempty"` // UBoot is a path to the u-boot binary (arm64 only). UBoot FileAsset `yaml:"uBoot,omitempty"` // RPiFirmware is a path to the Raspberry Pi firmware (arm64 only). RPiFirmware FileAsset `yaml:"rpiFirmware,omitempty"` // Base installer image to mutate. BaseInstaller ContainerAsset `yaml:"baseInstaller,omitempty"` // SecureBoot is a section with secureboot keys, only for SecureBoot enabled builds. SecureBoot *SecureBootAssets `yaml:"secureboot,omitempty"` // SystemExtensions is a list of system extensions to install. SystemExtensions []ContainerAsset `yaml:"systemExtensions,omitempty"` }
Input describes inputs for image generation.
func (*Input) FillDefaults ¶
FillDefaults fills default values for the input.
type OutFormat ¶
type OutFormat int
OutFormat is output format specification.
const ( OutFormatUnknown OutFormat = iota // unknown OutFormatRaw // raw OutFormatTar // .tar.gz OutFormatXZ // .xz OutFormatGZ // .gz )
OutFormat values.
func OutFormatString ¶
OutFormatString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func OutFormatValues ¶
func OutFormatValues() []OutFormat
OutFormatValues returns all values of the enum
func (OutFormat) IsAOutFormat ¶
IsAOutFormat returns "true" if the value is listed in the enum definition. "false" otherwise
func (OutFormat) MarshalText ¶
MarshalText implements the encoding.TextMarshaler interface for OutFormat
func (*OutFormat) UnmarshalText ¶
UnmarshalText implements the encoding.TextUnmarshaler interface for OutFormat
type Output ¶
type Output struct { // Kind of the output: // * iso - ISO image // * image - disk image (Talos pre-installed) // * installer - installer container // * kernel - Linux kernel // * initramfs - initramfs image Kind OutputKind `yaml:"kind"` // Options for the 'image' output. ImageOptions *ImageOptions `yaml:"imageOptions,omitempty"` // Options for the 'iso' output. ISOOptions *ISOOptions `yaml:"isoOptions,omitempty"` // OutFormat is the format for the output: // * raw - output raw file // * .tar.gz - output tar.gz archive // * .xz - output xz archive // * .gz - output gz archive OutFormat OutFormat `yaml:"outFormat"` }
Output describes image generation result.
type OutputKind ¶
type OutputKind int
OutputKind is output specification.
const ( OutKindUnknown OutputKind = iota // unknown OutKindISO // iso OutKindImage // image OutKindInstaller // installer OutKindKernel // kernel OutKindInitramfs // initramfs OutKindUKI // uki OutKindCmdline // cmdline )
OutputKind values.
func OutputKindString ¶
func OutputKindString(s string) (OutputKind, error)
OutputKindString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func OutputKindValues ¶
func OutputKindValues() []OutputKind
OutputKindValues returns all values of the enum
func (OutputKind) IsAOutputKind ¶
func (i OutputKind) IsAOutputKind() bool
IsAOutputKind returns "true" if the value is listed in the enum definition. "false" otherwise
func (OutputKind) MarshalText ¶
func (i OutputKind) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface for OutputKind
func (OutputKind) String ¶
func (i OutputKind) String() string
func (*OutputKind) UnmarshalText ¶
func (i *OutputKind) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface for OutputKind
type Profile ¶
type Profile struct { // BaseProfileName is the profile name to inherit from. BaseProfileName string `yaml:"baseProfileName,omitempty"` // Architecture of the image: amd64 or arm64. Arch string `yaml:"arch"` // Platform name of the image: qemu, aws, gcp, etc. Platform string `yaml:"platform"` // Board name of the image: rpi4, etc. (only for metal image and arm64). Board string `yaml:"board,omitempty"` // SecureBoot enables SecureBoot (only for UEFI build). SecureBoot *bool `yaml:"secureboot"` // Version is Talos version. Version string `yaml:"version"` // Various customizations than can be applied to the image. Customization CustomizationProfile `yaml:"customization,omitempty"` // Input describes inputs for image generation. Input Input `yaml:"input"` // Output describes image generation result. Output Output `yaml:"output"` }
Profile describes image generation result.
func (*Profile) OutputPath ¶
OutputPath generates the output path for the profile.
func (*Profile) SecureBootEnabled ¶
SecureBootEnabled derefences SecureBoot.
type SDBootEnrollKeys ¶ added in v1.6.5
type SDBootEnrollKeys int
SDBootEnrollKeys is a value in loader.conf secure-boot-enroll: off, manual, if-safe, force.
const ( SDBootEnrollKeysIfSafe SDBootEnrollKeys = iota // if-safe SDBootEnrollKeysManual // manual SDBootEnrollKeysForce // force SDBootEnrollKeysOff // off )
SDBootEnrollKeys values.
func SDBootEnrollKeysString ¶ added in v1.6.5
func SDBootEnrollKeysString(s string) (SDBootEnrollKeys, error)
SDBootEnrollKeysString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.
func SDBootEnrollKeysValues ¶ added in v1.6.5
func SDBootEnrollKeysValues() []SDBootEnrollKeys
SDBootEnrollKeysValues returns all values of the enum
func (SDBootEnrollKeys) IsASDBootEnrollKeys ¶ added in v1.6.5
func (i SDBootEnrollKeys) IsASDBootEnrollKeys() bool
IsASDBootEnrollKeys returns "true" if the value is listed in the enum definition. "false" otherwise
func (SDBootEnrollKeys) MarshalText ¶ added in v1.6.5
func (i SDBootEnrollKeys) MarshalText() ([]byte, error)
MarshalText implements the encoding.TextMarshaler interface for SDBootEnrollKeys
func (SDBootEnrollKeys) String ¶ added in v1.6.5
func (i SDBootEnrollKeys) String() string
func (*SDBootEnrollKeys) UnmarshalText ¶ added in v1.6.5
func (i *SDBootEnrollKeys) UnmarshalText(text []byte) error
UnmarshalText implements the encoding.TextUnmarshaler interface for SDBootEnrollKeys
type SecureBootAssets ¶
type SecureBootAssets struct { // SecureBoot signing key & cert. SecureBootSigner SigningKeyAndCertificate `yaml:"secureBootSigner"` // PCR signing key. PCRSigner SigningKey `yaml:"pcrSigner"` // Optional, auto-enrollment paths. PlatformKeyPath string `yaml:"platformKeyPath,omitempty"` KeyExchangeKeyPath string `yaml:"keyExchangeKeyPath,omitempty"` SignatureKeyPath string `yaml:"signatureKeyPath,omitempty"` }
SecureBootAssets describes secureboot assets.
type SigningKey ¶ added in v1.6.0
type SigningKey struct { // File-based. // // Static key path. KeyPath string `yaml:"keyPath,omitempty"` // Azure. // // Azure Vault URL and key ID. // AzureKeyVersion might be left empty to use the latest key version. AzureVaultURL string `yaml:"azureVaultURL,omitempty"` AzureKeyID string `yaml:"azureKeyID,omitempty"` AzureKeyVersion string `yaml:"azureKeyVersion,omitempty"` // AWS. // // AWS KMS Key ID and region. AwsKMSKeyID string `yaml:"awsKMSKeyID,omitempty"` AwsRegion string `yaml:"awsRegion,omitempty"` }
SigningKey describes a signing key.
type SigningKeyAndCertificate ¶ added in v1.6.0
type SigningKeyAndCertificate struct { // File-based. // // Static key and certificate paths. KeyPath string `yaml:"keyPath,omitempty"` CertPath string `yaml:"certPath,omitempty"` // Azure. // // Azure Vault URL and certificate ID, key will be found from the certificate. AzureVaultURL string `yaml:"azureVaultURL,omitempty"` AzureCertificateID string `yaml:"azureCertificateID,omitempty"` // AWS. // // AWS KMS Key ID and region. // AWS doesn't have a good way to store a certificate, so it's expected to be a file. AwsKMSKeyID string `yaml:"awsKMSKeyID,omitempty"` AwsRegion string `yaml:"awsRegion,omitempty"` AwsCertPath string `yaml:"awsCertPath,omitempty"` }
SigningKeyAndCertificate describes a signing key & certificate.
func (SigningKeyAndCertificate) GetSigner ¶ added in v1.6.0
func (keyAndCert SigningKeyAndCertificate) GetSigner(ctx context.Context) (pesign.CertificateSigner, error)
GetSigner returns the signer.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
internal
|
|
signer/aws
Package aws implements SecureBoot/PCR signers via AWS Key Management Service.
|
Package aws implements SecureBoot/PCR signers via AWS Key Management Service. |
signer/azure
Package azure implements SecureBoot/PCR signers via Azure Key Vault.
|
Package azure implements SecureBoot/PCR signers via Azure Key Vault. |
signer/file
Package file implements SecureBoot/PCR signers via plain filesystem files.
|
Package file implements SecureBoot/PCR signers via plain filesystem files. |