Conversation
nenkoru
force-pushed
the
network-openziti-extension
branch
from
7c6d295 to
3cebc5a
Compare
|
Idk how to solve gpg-identity EOF issue |
nenkoru
force-pushed
the
network-openziti-extension
branch
from
3cebc5a to
9e26b1e
Compare
Adds OpenZiti's system extension to be run on the talos node, allowing to serve Talos nodes network resources over the overlay network. Signed-off-by: Chernenko Ruslan <ractyfree@gmail.com>
nenkoru
force-pushed
the
network-openziti-extension
branch
from
9e26b1e to
e983aff
Compare
you can ignore the gpg check, it checks if the commit is also signed by a member of org
the checks is passing, so all good |
| - ninja | ||
| - zlib-static | ||
| dependencies: | ||
| - image: "ghcr.io/siderolabs/tools:v1.7.0-4-gc844dc3" |
There was a problem hiding this comment.
this looks a bit strange... we usually build from base layer which contains toolchain (tools) and don't use alpine for the build. is there anything missing?
There was a problem hiding this comment.
There is no zlib-static, zip, unzip when using scratch and its impossible to use install directive as apk manager doesnt exist in `scratch' variant.
Vcpkg relies on having zip, unzip as it downloads dependencies in that format.
Zlib-static is required to link an executable against it as there is no zlib on the host /usr/lib folder
the build process doesn't build zlib from sources and it has to be manually retrieved from the alpine packages repo in this case.
There was a problem hiding this comment.
zlib should be available though, zip and unzip, there will be no apk of course.
vcpkg downloads dependencies? does it pin them in a secure way?
There was a problem hiding this comment.
I guess I could just change to using 'base' stage instead of explicitly binding to a tools image here.
Build seems to work fine with that. But idk what to do with those zip, unzip, zlib-static, ninja deps
There was a problem hiding this comment.
zlib should be available though, zip and unzip, there will be no
apkof course.
vcpkgdownloads dependencies? does it pin them in a secure way?
Yes it does by verifying their sha512sum as I skimmed the code.
There was a problem hiding this comment.
hmm, then this extension needs to add it's build time dependencies as like qemu-guest-agent for example
There was a problem hiding this comment.
hmm, then this extension needs to add it's build time dependencies as like qemu-guest-agent for example
I guess would be hard to do as it heavily depends on vcpkg as the dependency manager.
Maybe I could try working on creating static builds and then pulling them within the build process. Would this be okay?
There was a problem hiding this comment.
I mean pulling them from the releases page, as you suggested above.
There was a problem hiding this comment.
yes, let's try static builds from the releases page. how big are those?
There was a problem hiding this comment.
yes, let's try static builds from the releases page. how big are those?
Well, around 5MB, I am currently working on buildin those using gh workflows, just having a linker issue with CMAKE trying to link libpthread.so instead of libpthread.a.
openziti/ziti-tunnel-sdk-c#938
| sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml | ||
|
|
||
| - | | ||
| mkdir -p /vcpkg-git /vcpkg /ziti-tunnel-sdk-c/build |
There was a problem hiding this comment.
why are we building an sdk? doesn't make sense, shouldn't it be using this https://github.com/openziti/ziti/?
There was a problem hiding this comment.
why are we building an sdk? doesn't make sense, shouldn't it be using this https://github.com/openziti/ziti/?
No we shouldn't. OpenZiti tunneler is exactly for hosting or tunneling. Main ziti repo is for the other part of the OpenZiti project which provides a controller, router and etc.
There was a problem hiding this comment.
Tunneler is just a daemon that runs on the host machines and allows to put the network communication on or from the overlay network it creates. For Talos its impossible to change routing from the extension, so the tunneler runs in a 'run-host' mode which allows offloading of a overlay traffic on the underlay network.
|
This PR is stale because it has been open 45 days with no activity. |
|
@nenkoru Do you have any news on this? Now openziti has static binaries. |
Unfortunately, they are not ➜ Downloads file ziti-edge-tunnelt1712x64
ziti-edge-tunnelt1712x64: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=8510e9ced615a6b8b9e790db3a23462c52424931, with debug_info, not strippedWell, as far as I remember the team has decided to do not build static because of the issues they had with some devices and/or environments. |
|
This PR is stale because it has been open 45 days with no activity. |
4 participants
Adds system extension to run OpenZiti edge tunneler which allows serving Talos nodes network resources over the overlay network.