From 478b862b4c38bd5a5ba1313a3779f9395e4ba38d Mon Sep 17 00:00:00 2001 From: Utku Ozdemir Date: Mon, 6 May 2024 13:25:31 +0200 Subject: [PATCH] fix: do not fail cli action tracker when boot id cannot be read If the `reboot/reset/shutdown/upgrade` action tracker cannot read the boot ID from the node under `/proc/sys/kernel/random/boot_id` due to insufficient permissions (e.g., when `talosctl reboot` is used over Omni), fall back to skipping boot ID check instead of hard-failing. Closes siderolabs/talos#7197. Signed-off-by: Utku Ozdemir --- cmd/talosctl/pkg/talos/action/tracker.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/cmd/talosctl/pkg/talos/action/tracker.go b/cmd/talosctl/pkg/talos/action/tracker.go index ea66fec9fc..eb1bbae648 100644 --- a/cmd/talosctl/pkg/talos/action/tracker.go +++ b/cmd/talosctl/pkg/talos/action/tracker.go @@ -22,6 +22,8 @@ import ( "golang.org/x/sync/errgroup" "google.golang.org/grpc" "google.golang.org/grpc/backoff" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "github.com/siderolabs/talos/cmd/talosctl/cmd/common" "github.com/siderolabs/talos/cmd/talosctl/pkg/talos/global" @@ -31,6 +33,8 @@ import ( "github.com/siderolabs/talos/pkg/reporter" ) +const unauthorizedBootIDFallback = "(unauthorized)" + var ( // MachineReadyEventFn is the predicate function that returns true if the event indicates the machine is ready. MachineReadyEventFn = func(event client.EventResult) bool { @@ -55,6 +59,10 @@ var ( // BootIDChangedPostCheckFn is a post check function that returns nil if the boot ID has changed. BootIDChangedPostCheckFn = func(ctx context.Context, c *client.Client, preActionBootID string) error { + if preActionBootID == unauthorizedBootIDFallback { + return nil + } + currentBootID, err := getBootID(ctx, c) if err != nil { return err @@ -332,6 +340,10 @@ func getBootID(ctx context.Context, c *client.Client) (string, error) { body, err := io.ReadAll(reader) if err != nil { + if status.Code(err) == codes.PermissionDenied { // we are not authorized to read the boot ID, skip the check + return unauthorizedBootIDFallback, nil + } + return "", err }