fix: do not fail cli action tracker when boot id cannot be read

If the `reboot/reset/shutdown/upgrade` action tracker cannot read the boot ID from the node under `/proc/sys/kernel/random/boot_id` due to insufficient permissions (e.g., when `talosctl reboot` is used over Omni), fall back to skipping boot ID check instead of hard-failing. Closes #7197. Signed-off-by: Utku Ozdemir <[email protected]> (cherry picked from commit 478b862)
siderolabs · May 17, 2024 · 24c3532 · 24c3532
1 parent 4aeb22f
commit 24c3532
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/cmd/talosctl/pkg/talos/action/tracker.go b/cmd/talosctl/pkg/talos/action/tracker.go
@@ -22,6 +22,8 @@ import (
 	"golang.org/x/sync/errgroup"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/backoff"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
 
 	"github.com/siderolabs/talos/cmd/talosctl/cmd/common"
 	"github.com/siderolabs/talos/cmd/talosctl/pkg/talos/global"
@@ -31,6 +33,8 @@ import (
 	"github.com/siderolabs/talos/pkg/reporter"
 )
 
+const unauthorizedBootIDFallback = "(unauthorized)"
+
 var (
 	// MachineReadyEventFn is the predicate function that returns true if the event indicates the machine is ready.
 	MachineReadyEventFn = func(event client.EventResult) bool {
@@ -55,6 +59,10 @@ var (
 
 	// BootIDChangedPostCheckFn is a post check function that returns nil if the boot ID has changed.
 	BootIDChangedPostCheckFn = func(ctx context.Context, c *client.Client, preActionBootID string) error {
+		if preActionBootID == unauthorizedBootIDFallback {
+			return nil
+		}
+
 		currentBootID, err := getBootID(ctx, c)
 		if err != nil {
 			return err
@@ -332,6 +340,10 @@ func getBootID(ctx context.Context, c *client.Client) (string, error) {
 
 	body, err := io.ReadAll(reader)
 	if err != nil {
+		if status.Code(err) == codes.PermissionDenied { // we are not authorized to read the boot ID, skip the check
+			return unauthorizedBootIDFallback, nil
+		}
+
 		return "", err
 	}