ci: add full-node tests (#920)
diff --git a/.ansible-lint b/.ansible-lint
index b2dde88..c21cd67 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -5,10 +5,17 @@
- charts
- molecule
- playbooks
+ - plugins/filter
- roles/defaults/vars/main.yml
- roles/kube_prometheus_stack/files/jsonnet
- vendir.lock.yml
-warn_list:
+mock_roles:
+ - opendev.container_registry
+
+skip_list:
- jinja[invalid]
- jinja[spacing]
+ - var-naming[no-reserved]
+ - var-naming[no-role-prefix]
+ - yaml[line-length]
diff --git a/.earthlyignore b/.earthlyignore
new file mode 120000
index 0000000..3e4e48b
--- /dev/null
+++ b/.earthlyignore
@@ -0,0 +1 @@
+.gitignore
\ No newline at end of file
diff --git a/.envrc b/.envrc
index 1d953f4..3550a30 100644
--- a/.envrc
+++ b/.envrc
@@ -1 +1 @@
-use nix
+use flake
diff --git a/.github/workflows/ceph.yml b/.github/workflows/ceph.yml
deleted file mode 100644
index 143350b..0000000
--- a/.github/workflows/ceph.yml
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-name: ceph
-
-on:
- pull_request:
- paths-ignore:
- - images/**
- - go.mod
- - go.sum
- workflow_dispatch:
- inputs:
- debug_enabled:
- type: boolean
- description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
- required: false
- default: false
- network_backend:
- type: choice
- description: 'Network backend type'
- required: true
- default: 'ovn'
- options:
- - openvswitch
- - ovn
-
-jobs:
- debug:
- runs-on: v3-standard-16
- if: github.event_name == 'workflow_dispatch' && inputs.debug_enabled
- strategy:
- fail-fast: false
- concurrency:
- group: ${{ github.ref }}-${{ inputs.network_backend }}
- cancel-in-progress: true
- steps:
- - name: Checkout project
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
- - name: Install Poetry
- run: pipx install poetry
-
- - name: Setup Python
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
- with:
- cache: poetry
-
- - name: Install dependencies
- run: poetry install --no-interaction --with dev
-
- # NOTE(mnaser): LVM commands take a long time if there are any existing
- # loop devices created by "snapd", so we uninstall it.
- - name: Uninstall "snapd"
- run: sudo apt-get purge -y snapd
-
- - name: Turn off swap
- run: sudo swapoff -a
-
- - name: Run Molecule Converge
- run: poetry run molecule converge -s ceph
- env:
- ATMOSPHERE_NETWORK_BACKEND: ${{ inputs.network_backend }}
-
- # Enable tmate debugging of manually-triggered workflows if the input option was provided
- - name: Setup tmate session
- if: ${{ failure() }}
- uses: mxschmitt/action-tmate@a283f9441d2d96eb62436dc46d7014f5d357ac22 # v3
- timeout-minutes: 60
-
- - name: Run Molecule Destroy
- run: poetry run molecule destroy -s ceph
-
- test:
- runs-on: v3-standard-16
- if: github.event_name != 'workflow_dispatch' || !inputs.debug_enabled
- strategy:
- fail-fast: false
- matrix:
- network_backend:
- - openvswitch
- - ovn
- concurrency:
- group: ${{ github.ref }}-${{ matrix.network_backend }}
- cancel-in-progress: true
- steps:
- - name: Checkout project
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
- - name: Install Poetry
- run: pipx install poetry
-
- - name: Setup Python
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
- with:
- cache: poetry
-
- - name: Install dependencies
- run: poetry install --no-interaction --with dev
-
- # NOTE(mnaser): LVM commands take a long time if there are any existing
- # loop devices created by "snapd", so we uninstall it.
- - name: Uninstall "snapd"
- run: sudo apt-get purge -y snapd
-
- - name: Turn off swap
- run: sudo swapoff -a
-
- - name: Run Molecule
- run: poetry run molecule test -s ceph
- env:
- ATMOSPHERE_NETWORK_BACKEND: ${{ matrix.network_backend }}
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
deleted file mode 100644
index 7a7f3a6..0000000
--- a/.github/workflows/check.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-name: check
-
-on:
- pull_request:
-
-jobs:
- unit:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
- with:
- go-version-file: go.mod
- - run: go test -v ./...
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
deleted file mode 100644
index f76234c..0000000
--- a/.github/workflows/docs.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-name: docs
-
-on:
- pull_request:
- paths:
- - 'docs/**'
- push:
- branches:
- - main
- paths:
- - 'docs/**'
-
-permissions:
- contents: write
- pull-requests: write
-
-jobs:
- build:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout project
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
- - name: Install Earthly
- uses: earthly/actions-setup@v1
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Build image
- run: earthly --secret GITHUB_TOKEN +mkdocs-build
- env:
- EARTHLY_CI: true
- EARTHLY_PUSH: "${{ github.event_name == 'push' }}"
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/image-manifest.yml b/.github/workflows/image-manifest.yml
deleted file mode 100644
index 91bd721..0000000
--- a/.github/workflows/image-manifest.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-name: image-manifest
-
-on:
- pull_request:
- paths-ignore:
- - images/**
- - go.mod
- - go.sum
-
-jobs:
- test:
- runs-on: v3-standard-8
- steps:
- - name: Checkout project
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
- - name: Install Poetry
- run: pipx install poetry
-
- - name: Setup Python
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
- with:
- cache: poetry
-
- - name: Install dependencies
- run: ansible-galaxy install -r molecule/image-manifest/requirements.yml
-
- - name: Install dependencies
- run: poetry install --no-interaction --with dev
-
- - name: Run Molecule
- run: poetry run molecule test -s image-manifest
diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml
deleted file mode 100644
index 0847808..0000000
--- a/.github/workflows/images.yml
+++ /dev/null
@@ -1,87 +0,0 @@
-name: images
-
-on:
- pull_request:
- push:
- branches:
- - main
-
-permissions:
- packages: write
- contents: read
-
-jobs:
- build:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout project
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
- - name: Install Earthly
- uses: earthly/actions-setup@v1
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Configure Earthly
- run: |
- mkdir -p ~/.earthly/certs
- cat << EOF > ~/.earthly/certs/ca_cert.pem
- ${{ secrets.EARTHLY_CA_CERT }}
- EOF
- cat << EOF > ~/.earthly/certs/earthly_cert.pem
- ${{ secrets.EARTHLY_CERT }}
- EOF
- cat << EOF > ~/.earthly/certs/earthly_key.pem
- ${{ secrets.EARTHLY_CERT_KEY }}
- EOF
- cat << EOF > ~/.earthly/config.yml
- global:
- buildkit_host: tcp://162.253.55.125:8372
- EOF
-
- - name: Login to GitHub Container Registry
- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Build images
- run: earthly +images
- env:
- EARTHLY_CI: true
- EARTHLY_PUSH: "${{ github.event_name == 'push' }}"
-
- scan:
- runs-on: ubuntu-latest
- needs: build
- steps:
- - name: Checkout project
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
- - name: Install Earthly
- uses: earthly/actions-setup@v1
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Configure Earthly
- run: |
- mkdir -p ~/.earthly/certs
- cat << EOF > ~/.earthly/certs/ca_cert.pem
- ${{ secrets.EARTHLY_CA_CERT }}
- EOF
- cat << EOF > ~/.earthly/certs/earthly_cert.pem
- ${{ secrets.EARTHLY_CERT }}
- EOF
- cat << EOF > ~/.earthly/certs/earthly_key.pem
- ${{ secrets.EARTHLY_CERT_KEY }}
- EOF
- cat << EOF > ~/.earthly/config.yml
- global:
- buildkit_host: tcp://162.253.55.125:8372
- EOF
-
- - name: Scan images
- run: earthly +scan-images
- env:
- EARTHLY_CI: true
diff --git a/.github/workflows/pxc.yml b/.github/workflows/pxc.yml
deleted file mode 100644
index 6f33b7a..0000000
--- a/.github/workflows/pxc.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-name: PXC
-
-on:
- pull_request:
- paths-ignore:
- - images/**
- - go.mod
- - go.sum
-
-jobs:
- molecule:
- runs-on: v3-standard-8
- steps:
- - name: Checkout project
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
- - name: Install Poetry
- run: pipx install poetry
-
- - name: Setup Python
- uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
- with:
- cache: poetry
-
- - name: Install dependencies
- run: poetry install --no-interaction --with dev
-
- - name: Turn off swap
- run: sudo swapoff -a
-
- - name: Run Molecule
- run: poetry run molecule test -s pxc
diff --git a/.gitignore b/.gitignore
index 04b46cc..173d6f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,7 @@
*.orig
*.rej
.direnv
+junit.xml
+junit-go.xml
+ansible-lint.xml
+output
diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc
new file mode 100644
index 0000000..c198e0b
--- /dev/null
+++ b/.markdownlint-cli2.jsonc
@@ -0,0 +1,9 @@
+{
+ "ignores": [
+ "docs/static/*.png",
+ ],
+ "outputFormatters": [
+ [ "markdownlint-cli2-formatter-junit", { "name": "junit.xml" } ],
+ [ "markdownlint-cli2-formatter-default" ]
+ ]
+}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 761474e..60a0756 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,12 +16,6 @@
stages:
- commit-msg
- - repo: https://github.com/ansible/ansible-lint
- rev: v6.13.1
- hooks:
- - id: ansible-lint
- files: \.(yaml|yml)$
-
- repo: https://github.com/psf/black
rev: 22.8.0
hooks:
@@ -36,9 +30,3 @@
rev: 5.12.0
hooks:
- id: isort
-
- - repo: https://github.com/igorshubovych/markdownlint-cli
- rev: v0.32.2
- hooks:
- - id: markdownlint
- args: ["--ignore=CHANGELOG.md"]
diff --git a/Earthfile b/Earthfile
index 824902f..71ba7bb 100644
--- a/Earthfile
+++ b/Earthfile
@@ -1,4 +1,91 @@
-VERSION --use-copy-link 0.7
+VERSION --use-copy-link --try 0.8
+
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
+
+lint:
+ BUILD +lint.ansible-lint
+ BUILD +lint.markdownlint
+ BUILD +lint.image-manifest
+
+lint.helm:
+ FROM alpine:3
+ RUN mkdir -p /output
+ COPY --dir charts/ /src
+ FOR CHART IN $(ls /src)
+ FOR VERSION IN $(seq 22 28)
+ COPY (+lint.helm.chart/junit.xml --CHART ${CHART} --VERSION "1.${VERSION}.0") /output/junit-helm-${CHART}-1-${VERSION}-0.xml
+ END
+ END
+ SAVE ARTIFACT /output AS LOCAL output
+
+lint.helm.chart:
+ FROM alpine:3
+ RUN apk add --no-cache git helm python3
+ RUN helm plugin install https://github.com/melmorabity/helm-kubeconform
+ RUN mkdir -p /cache /output
+ ARG --required CHART
+ COPY --dir charts/${CHART} /src
+ ARG --required VERSION
+ RUN \
+ --mount=type=cache,target=/cache \
+ helm kubeconform /src \
+ --cache /cache \
+ --schema-location default \
+ --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
+ --ignore-missing-schemas \
+ --kube-version ${VERSION} \
+ --output junit 2> /output/junit.xml
+ SAVE ARTIFACT /output/junit.xml
+
+lint.markdownlint:
+ FROM davidanson/markdownlint-cli2
+ COPY --dir docs/ .markdownlint.yaml .markdownlint-cli2.jsonc /src
+ WORKDIR /src
+ TRY
+ RUN markdownlint-cli2 **
+ FINALLY
+ SAVE ARTIFACT /src/junit.xml AS LOCAL junit.xml
+ END
+
+lint.ansible-lint:
+ FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
+ COPY --dir meta/ molecule/ playbooks/ plugins/ roles/ tests/ .ansible-lint CHANGELOG.md galaxy.yml /code
+ TRY
+ RUN ansible-lint -v --show-relpath -f pep8 --nocolor | ansible-lint-junit -o ansible-lint.xml
+ FINALLY
+ SAVE ARTIFACT ansible-lint.xml AS LOCAL ansible-lint.xml
+ END
+
+lint.image-manifest:
+ FROM quay.io/skopeo/stable:latest
+ COPY roles/defaults/vars/main.yml /defaults.yml
+ FOR IMAGE IN $(cat /defaults.yml | grep sha256 | cut -d' ' -f4 | sort | uniq | sed 's/:[^@]*//')
+ BUILD +lint.image-manifest.image --IMAGE ${IMAGE}
+ END
+
+lint.image-manifest.image:
+ FROM quay.io/skopeo/stable:latest
+ ARG --required IMAGE
+ RUN skopeo inspect --no-tags docker://${IMAGE} >/dev/null && echo "Manifest is valid for ${IMAGE}" || echo "Manifest is not valid for ${IMAGE}"
+
+unit.go:
+ FROM golang:1.21
+ RUN go install github.com/jstemmer/go-junit-report/v2@latest
+ COPY --dir go.mod go.sum /src
+ WORKDIR /src
+ RUN go mod download
+ COPY --dir charts/ cmd/ internal/ roles/ tools/ /src
+ TRY
+ RUN go test -v 2>&1 ./... | go-junit-report -set-exit-code > junit-go.xml
+ FINALLY
+ SAVE ARTIFACT /src/junit-go.xml AS LOCAL junit-go.xml
+ END
+
+build.collection:
+ FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
+ COPY . /src
+ RUN ansible-galaxy collection build /src
+ SAVE ARTIFACT /code/*.tar.gz AS LOCAL dist/
go.build:
FROM golang:1.21
@@ -27,7 +114,7 @@
--platform=linux/amd64 \
(+libvirt-tls-sidecar.build/main --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin/libvirt-tls-sidecar
ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"]
- SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest
+ SAVE IMAGE --push ${REGISTRY}/libvirt-tls-sidecar:latest
libvirt-tls-sidecar.image:
BUILD --platform=linux/amd64 --platform=linux/arm64 +libvirt-tls-sidecar.platform-image
@@ -79,37 +166,37 @@
ENV PATH=/venv/bin:$PATH
COPY +build.collections/ /usr/share/ansible
ARG tag=latest
- SAVE IMAGE --push ghcr.io/vexxhost/atmosphere:${tag}
+ SAVE IMAGE --push ${REGISTRY}:${tag}
images:
- BUILD +libvirt-tls-sidecar.image
- BUILD ./images/barbican+image
- BUILD ./images/cinder+image
- BUILD ./images/cluster-api-provider-openstack+image
- BUILD ./images/designate+image
- BUILD ./images/glance+image
- BUILD ./images/heat+image
- BUILD ./images/horizon+image
- BUILD ./images/ironic+image
- BUILD ./images/keystone+image
- BUILD ./images/kubernetes-entrypoint+image
- BUILD ./images/libvirtd+image
- BUILD ./images/magnum+image
- BUILD ./images/manila+image
- BUILD ./images/netoffload+image
- BUILD ./images/neutron+image
- BUILD ./images/nova-ssh+image
- BUILD ./images/nova+image
- BUILD ./images/octavia+image
- BUILD ./images/openvswitch+image
- BUILD ./images/ovn+images
- BUILD ./images/placement+image
- BUILD ./images/senlin+image
- BUILD ./images/staffeln+image
- BUILD ./images/tempest+image
+ BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY}
+ BUILD ./images/barbican+image --REGISTRY=${REGISTRY}
+ BUILD ./images/cinder+image --REGISTRY=${REGISTRY}
+ BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY}
+ BUILD ./images/designate+image --REGISTRY=${REGISTRY}
+ BUILD ./images/glance+image --REGISTRY=${REGISTRY}
+ BUILD ./images/heat+image --REGISTRY=${REGISTRY}
+ BUILD ./images/horizon+image --REGISTRY=${REGISTRY}
+ BUILD ./images/ironic+image --REGISTRY=${REGISTRY}
+ BUILD ./images/keystone+image --REGISTRY=${REGISTRY}
+ BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY}
+ BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY}
+ BUILD ./images/magnum+image --REGISTRY=${REGISTRY}
+ BUILD ./images/manila+image --REGISTRY=${REGISTRY}
+ BUILD ./images/netoffload+image --REGISTRY=${REGISTRY}
+ BUILD ./images/neutron+image --REGISTRY=${REGISTRY}
+ BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY}
+ BUILD ./images/nova+image --REGISTRY=${REGISTRY}
+ BUILD ./images/octavia+image --REGISTRY=${REGISTRY}
+ BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY}
+ BUILD ./images/ovn+images --REGISTRY=${REGISTRY}
+ BUILD ./images/placement+image --REGISTRY=${REGISTRY}
+ BUILD ./images/senlin+image --REGISTRY=${REGISTRY}
+ BUILD ./images/staffeln+image --REGISTRY=${REGISTRY}
+ BUILD ./images/tempest+image --REGISTRY=${REGISTRY}
SCAN_IMAGE:
- COMMAND
+ FUNCTION
ARG --required IMAGE
# TODO(mnaser): Include secret scanning when it's more reliable.
RUN \
@@ -130,16 +217,15 @@
FROM ./images/trivy+image
COPY roles/defaults/vars/main.yml /defaults.yml
# TODO(mnaser): Scan all images eventually
- FOR IMAGE IN $(cat /defaults.yml | grep 'ghcr.io/vexxhost' | cut -d' ' -f4 | sort | uniq)
+ FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq)
BUILD +scan-image --IMAGE ${IMAGE}
- # DO +SCAN_IMAGE --IMAGE ${IMAGE}
END
pin-images:
FROM +build.venv.dev
COPY roles/defaults/vars/main.yml /defaults.yml
COPY build/pin-images.py /usr/local/bin/pin-images
- RUN --no-cache /usr/local/bin/pin-images /defaults.yml /pinned.yml
+ RUN --no-cache /usr/local/bin/pin-images --registry ${REGISTRY} /defaults.yml /pinned.yml
SAVE ARTIFACT /pinned.yml AS LOCAL roles/defaults/vars/main.yml
gh:
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..75b3574
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,202 @@
+pipeline {
+ agent none
+
+ options {
+ disableConcurrentBuilds(abortPrevious: true);
+ }
+
+ // TODO: periodic multi-node jobs
+
+ environment {
+ TEST_REGISTRY = "registry.atmosphere.dev:5000/${env.BRANCH_NAME.toLowerCase()}"
+ PROD_REGISTRY = "ghcr.io/vexxhost/atmosphere"
+ REGISTRY = "${env.BRANCH_NAME == 'main' ? PROD_REGISTRY : TEST_REGISTRY}"
+
+ EARTHLY_CI = 'true'
+ EARTHLY_BUILD_ARGS = "REGISTRY=${REGISTRY}"
+ }
+
+ stages {
+ stage('lint') {
+ parallel {
+ stage('ansible-lint') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ sh 'earthly --output +lint.ansible-lint'
+ }
+
+ post {
+ always {
+ junit testResults: 'ansible-lint.xml', allowEmptyResults: true
+ }
+ }
+ }
+
+ stage('helm') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ sh 'earthly --output +lint.helm'
+ }
+
+ post {
+ always {
+ junit testResults: 'output/junit-helm-*.xml', allowEmptyResults: true
+ }
+ }
+ }
+
+ stage('markdownlint') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ sh 'earthly --output +lint.markdownlint'
+ }
+
+ post {
+ always {
+ junit testResults: 'junit.xml', allowEmptyResults: true
+ }
+ }
+ }
+
+ stage('image-manifest') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ sh 'earthly +lint.image-manifest'
+ }
+ }
+ }
+ }
+
+ stage('unit') {
+ parallel {
+ stage('go') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ sh 'earthly --output +unit.go'
+ }
+
+ post {
+ always {
+ junit 'junit-go.xml'
+ }
+ }
+ }
+ }
+ }
+
+ stage('build') {
+ parallel {
+ stage('collection') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ sh 'earthly --output +build.collection'
+ archiveArtifacts artifacts: 'dist/**'
+ }
+ }
+
+ stage('images') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ script {
+ if (env.BRANCH_NAME == 'main') {
+ docker.withRegistry('https://ghcr.io', 'github-packages-token') {
+ sh 'earthly --push +images'
+ }
+ } else {
+ sh 'earthly --push +images'
+ }
+ }
+
+ sh 'earthly --output +pin-images'
+ sh 'earthly +scan-images'
+ stash name: 'src-with-pinned-images', includes: '**'
+ }
+ }
+
+ stage('docs') {
+ agent {
+ label 'earthly'
+ }
+
+ steps {
+ sh 'earthly +mkdocs-build'
+ }
+ }
+ }
+ }
+
+ stage('integration') {
+ matrix {
+ axes {
+ axis {
+ name 'NETWORK_BACKEND'
+ values 'openvswitch', 'ovn'
+ }
+ }
+
+ agent {
+ label 'jammy-16c-64g'
+ }
+
+ environment {
+ ATMOSPHERE_DEBUG = "true"
+ ATMOSPHERE_NETWORK_BACKEND = "${NETWORK_BACKEND}"
+ }
+
+ stages {
+ stage('molecule') {
+ steps {
+ // Checkout code with built/pinned images
+ unstash 'src-with-pinned-images'
+
+ // Install dependencies
+ sh 'sudo apt-get install -y git python3-pip'
+ sh 'sudo pip install poetry'
+
+ // Run tests
+ sh 'sudo poetry install --with dev'
+ sh 'sudo --preserve-env=ATMOSPHERE_DEBUG,ATMOSPHERE_NETWORK_BACKEND poetry run molecule test -s aio'
+ }
+ }
+ }
+
+ post {
+ always {
+ // Kubernetes logs
+ sh "sudo ./build/fetch-kubernetes-logs.sh logs/${NETWORK_BACKEND}/kubernetes || true"
+ archiveArtifacts artifacts: 'logs/**', allowEmptyArchive: true
+
+ // JUnit results for Tempest
+ sh "sudo ./build/fetch-junit-xml.sh tempest-${NETWORK_BACKEND}.xml || true"
+ junit "tempest-${NETWORK_BACKEND}.xml"
+ }
+ }
+ }
+ }
+
+ // promote images
+ // release?
+ // todo: manual pin commit to main (avoiding loop)
+ }
+}
diff --git a/molecule/ceph/verify.yml b/build/fetch-junit-xml.sh
old mode 100644
new mode 100755
similarity index 72%
copy from molecule/ceph/verify.yml
copy to build/fetch-junit-xml.sh
index b88e217..785df28
--- a/molecule/ceph/verify.yml
+++ b/build/fetch-junit-xml.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
+# Copyright (c) 2022 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
@@ -12,4 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-- import_playbook: vexxhost.atmosphere.tempest
+REPORT_FILE_NAME="${1:-report.xml}"
+
+sudo apt-get install -y subunit python3-junitxml
+sudo subunit-1to2 /tmp/stestr/0 | subunit2junitxml > "${REPORT_FILE_NAME}"
diff --git a/build/fetch-kubernetes-logs.sh b/build/fetch-kubernetes-logs.sh
new file mode 100755
index 0000000..5b028b5
--- /dev/null
+++ b/build/fetch-kubernetes-logs.sh
@@ -0,0 +1,78 @@
+#!/bin/bash -x
+
+# Check if an argument was provided
+if [ "$#" -ne 1 ]; then
+ echo "Usage: $0 <path_to_save_logs>"
+ exit 1
+fi
+
+# Define the base directory where you want to save the logs
+BASE_DIR="$1"
+
+# Create the base directory if it doesn't exist
+mkdir -p "$BASE_DIR"
+
+# Function to fetch logs for a pod and container
+fetch_logs() {
+ local ns="$1"
+ local pod="$2"
+ local container="$3"
+ local pod_dir="$BASE_DIR/$ns/$pod"
+ local log_file="$pod_dir/$container.log"
+ local prev_log_file="$pod_dir/${container}-previous.log"
+
+ # Ensure the pod directory exists
+ mkdir -p "$pod_dir"
+
+ # Fetch current logs
+ kubectl logs "$pod" -n "$ns" -c "$container" > "$log_file" 2>/dev/null
+
+ # Fetch previous logs if they exist
+ if kubectl logs "$pod" -n "$ns" -c "$container" --previous &>/dev/null; then
+ kubectl logs "$pod" -n "$ns" -c "$container" --previous > "$prev_log_file" 2>/dev/null
+ fi
+}
+
+export -f fetch_logs
+export BASE_DIR
+
+# Get all namespaces
+namespaces=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
+
+# Loop through each namespace
+for ns in $namespaces; do
+ (
+ # Create a directory for the namespace
+ mkdir -p "$BASE_DIR/$ns"
+
+ # Get all pods in the namespace
+ pods=$(kubectl get pods -n "$ns" -o jsonpath='{.items[*].metadata.name}')
+
+ # Loop through each pod
+ for pod in $pods; do
+ (
+ # Create a directory for the pod
+ mkdir -p "$BASE_DIR/$ns/$pod"
+
+ # Get all containers in the pod
+ containers=$(kubectl get pod "$pod" -n "$ns" -o jsonpath='{.spec.containers[*].name}')
+
+ # Loop through each container
+ for container in $containers; do
+ # Fetch logs in parallel
+ fetch_logs "$ns" "$pod" "$container" &
+ done
+
+ # Wait for all background log fetches to complete before moving to the next pod
+ wait
+ ) &
+ done
+ # Wait for all background pods processing to complete before moving to the next namespace
+ wait
+ ) &
+done
+
+# Wait for all background namespaces processing to complete
+wait
+
+echo "Logs have been saved to $BASE_DIR"
diff --git a/build/pin-images.py b/build/pin-images.py
index 53363a3..83ae2d4 100755
--- a/build/pin-images.py
+++ b/build/pin-images.py
@@ -3,11 +3,11 @@
import argparse
import functools
+import requests
from docker_image import reference
from oslo_config import cfg
from oslo_log import log as logging
from ruyaml import YAML
-import requests
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
@@ -46,7 +46,11 @@
def get_pinned_image(image_src):
image_ref = reference.Reference.parse(image_src)
- if image_ref.domain() in ("registry.k8s.io", "us-docker.pkg.dev"):
+ if image_ref.domain() in (
+ "registry.k8s.io",
+ "us-docker.pkg.dev",
+ "registry.atmosphere.dev",
+ ):
digest = get_digest(image_ref)
if image_ref.domain() == "quay.io":
@@ -109,16 +113,30 @@
"src", help="Path for default values file", type=argparse.FileType("r")
)
parser.add_argument("dst", help="Path for output file", type=argparse.FileType("w"))
+ parser.add_argument(
+ "-r",
+ "--registry",
+ default="ghcr.io/vexxhost/atmosphere",
+ help="Registry containing Atmosphere images",
+ )
args = parser.parse_args()
+ registry = args.registry
+ if "registry.atmosphere.dev:5000" in registry:
+ registry = registry.replace(
+ "registry.atmosphere.dev:5000", "registry.atmosphere.dev"
+ )
+
yaml = YAML(typ="rt")
data = yaml.load(args.src)
for image in data["_atmosphere_images"]:
if image in SKIP_IMAGE_LIST:
continue
- image_src = data["_atmosphere_images"][image]
+ image_src = data["_atmosphere_images"][image].replace(
+ "ghcr.io/vexxhost/atmosphere", registry
+ )
pinned_image = get_pinned_image(image_src)
LOG.info("Pinning image %s from %s to %s", image, image_src, pinned_image)
diff --git a/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
index 5b6ce43..1cb25e3 100644
--- a/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
+++ b/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
@@ -17,6 +17,9 @@
set -ex
chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
+{{- if (has "ovn" .Values.network.backend) }}
+chown ${NEUTRON_USER_UID} /run/openvswitch/db.sock
+{{- end }}
{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
mkdir -p /tmp/pod-shared
diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
index 1fa7f52..598c74c 100644
--- a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
+++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -100,6 +100,8 @@
command:
- /tmp/neutron-metadata-agent-init.sh
volumeMounts:
+ - name: run
+ mountPath: /run
- name: pod-tmp
mountPath: /tmp
- name: neutron-bin
diff --git a/charts/ovn/templates/bin/_ovn-controller.sh.tpl b/charts/ovn/templates/bin/_ovn-controller.sh.tpl
deleted file mode 100644
index ecb659d..0000000
--- a/charts/ovn/templates/bin/_ovn-controller.sh.tpl
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash -xe
-
-# Copyright 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-COMMAND="${@:-start}"
-
-function start () {
- /usr/share/ovn/scripts/ovn-ctl start_controller \
- --ovn-manage-ovsdb=no
-
- tail --follow=name /var/log/ovn/ovn-controller.log
-}
-
-function stop () {
- /usr/share/ovn/scripts/ovn-ctl stop_controller
- pkill tail
-}
-
-function liveness () {
- ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
-}
-
-function readiness () {
- ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
-}
-
-$COMMAND
diff --git a/charts/ovn/templates/bin/_ovn-northd.sh.tpl b/charts/ovn/templates/bin/_ovn-northd.sh.tpl
deleted file mode 100644
index fefd793..0000000
--- a/charts/ovn/templates/bin/_ovn-northd.sh.tpl
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/bash -xe
-
-# Copyright 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-COMMAND="${@:-start}"
-
-{{- $nb_svc_name := "ovn-ovsdb-nb" -}}
-{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
-{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
-{{- $nb_service_list := list -}}
-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}}
- {{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}}
-{{- end -}}
-
-{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
-{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
-{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
-{{- $sb_service_list := list -}}
-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
- {{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
-{{- end }}
-
-function start () {
- /usr/share/ovn/scripts/ovn-ctl start_northd \
- --ovn-manage-ovsdb=no \
- --ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \
- --ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}
-
- tail --follow=name /var/log/ovn/ovn-northd.log
-}
-
-function stop () {
- /usr/share/ovn/scripts/ovn-ctl stop_northd
- pkill tail
-}
-
-function liveness () {
- ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
-}
-
-function readiness () {
- ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
-}
-
-$COMMAND
diff --git a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl b/charts/ovn/templates/bin/_ovsdb-server.sh.tpl
deleted file mode 100644
index e023505..0000000
--- a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/bash -xe
-
-# Copyright 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-COMMAND="${@:-start}"
-
-OVSDB_HOST=$(hostname -f)
-ARGS=(
- --db-${OVS_DATABASE}-create-insecure-remote=yes
- --db-${OVS_DATABASE}-cluster-local-proto=tcp
- --db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f)
-)
-
-if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then
- OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}"
-
- ARGS+=(
- --db-${OVS_DATABASE}-cluster-remote-proto=tcp
- --db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST}
- )
-fi
-
-function start () {
- /usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]}
-
- tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log
-}
-
-function stop () {
- /usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb
- pkill tail
-}
-
-function liveness () {
- if [[ $OVS_DATABASE == "nb" ]]; then
- OVN_DATABASE="Northbound"
- elif [[ $OVS_DATABASE == "sb" ]]; then
- OVN_DATABASE="Southbound"
- else
- echo "OVS_DATABASE must be nb or sb"
- exit 1
- fi
-
- ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
-}
-
-function readiness () {
- if [[ $OVS_DATABASE == "nb" ]]; then
- OVN_DATABASE="Northbound"
- elif [[ $OVS_DATABASE == "sb" ]]; then
- OVN_DATABASE="Southbound"
- else
- echo "OVS_DATABASE must be nb or sb"
- exit 1
- fi
-
- ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
-}
-
-$COMMAND
diff --git a/charts/ovn/templates/configmap-bin.yaml b/charts/ovn/templates/configmap-bin.yaml
index a849dd8..82001f9 100644
--- a/charts/ovn/templates/configmap-bin.yaml
+++ b/charts/ovn/templates/configmap-bin.yaml
@@ -24,12 +24,6 @@
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}
- ovsdb-server.sh: |
-{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- ovn-northd.sh: |
-{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-controller-init.sh: |
{{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- ovn-controller.sh: |
-{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
index 5701a87..eb309c5 100644
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ b/charts/ovn/templates/daemonset-controller-gw.yaml
@@ -12,6 +12,15 @@
limitations under the License.
*/}}
+{{- define "controllerGatewayReadinessProbeTemplate" }}
+exec:
+ command:
+ - /usr/bin/ovn-kube-util
+ - readiness-probe
+ - -t
+ - ovn-controller
+{{- end }}
+
{{- if .Values.manifests.daemonset_ovn_controller_gw }}
{{- $envAll := . }}
@@ -76,25 +85,33 @@
readOnly: true
containers:
- name: controller
+ command:
+ - /root/ovnkube.sh
+ - ovn-controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - /tmp/ovn-controller.sh
- - start
- lifecycle:
- preStop:
- exec:
- command:
- - /tmp/ovn-controller.sh
- - stop
+{{ dict "envAll" . "component" "ovn_controller_gw" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerGatewayReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVN_LOGLEVEL_CONTROLLER
+ value: "-vconsole:info -vfile:info"
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OVN_KUBERNETES_NB_STATEFULSET
+ value: ovn-ovsdb-nb
+ - name: OVN_KUBERNETES_SB_STATEFULSET
+ value: ovn-ovsdb-sb
+ - name: OVN_SSL_ENABLE
+ value: "no"
volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovn-controller.sh
- subPath: ovn-controller.sh
- readOnly: true
- name: run-openvswitch
- mountPath: /run/openvswitch
+ mountPath: /var/run/ovn
+ - name: run-openvswitch
+ mountPath: /var/run/openvswitch
volumes:
- name: ovn-bin
configMap:
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index 580d5ae..b6b0b04 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -12,6 +12,15 @@
limitations under the License.
*/}}
+{{- define "controllerReadinessProbeTemplate" }}
+exec:
+ command:
+ - /usr/bin/ovn-kube-util
+ - readiness-probe
+ - -t
+ - ovn-controller
+{{- end }}
+
{{- if .Values.manifests.daemonset_ovn_controller }}
{{- $envAll := . }}
@@ -76,25 +85,33 @@
readOnly: true
containers:
- name: controller
+ command:
+ - /root/ovnkube.sh
+ - ovn-controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - /tmp/ovn-controller.sh
- - start
- lifecycle:
- preStop:
- exec:
- command:
- - /tmp/ovn-controller.sh
- - stop
+{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVN_LOGLEVEL_CONTROLLER
+ value: "-vconsole:info -vfile:info"
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OVN_KUBERNETES_NB_STATEFULSET
+ value: ovn-ovsdb-nb
+ - name: OVN_KUBERNETES_SB_STATEFULSET
+ value: ovn-ovsdb-sb
+ - name: OVN_SSL_ENABLE
+ value: "no"
volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovn-controller.sh
- subPath: ovn-controller.sh
- readOnly: true
- name: run-openvswitch
- mountPath: /run/openvswitch
+ mountPath: /var/run/ovn
+ - name: run-openvswitch
+ mountPath: /var/run/openvswitch
volumes:
- name: ovn-bin
configMap:
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index e3afdd0..ae31b35 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -12,18 +12,13 @@
limitations under the License.
*/}}
-{{- define "livenessProbeTemplate" }}
+{{- define "northdReadinessProbeTemplate" }}
exec:
command:
- - /tmp/ovn-northd.sh
- - liveness
-{{- end }}
-
-{{- define "readinessProbeTemplate" }}
-exec:
- command:
- - /tmp/ovn-northd.sh
- - readiness
+ - /usr/bin/ovn-kube-util
+ - readiness-probe
+ - -t
+ - ovn-northd
{{- end }}
{{- if .Values.manifests.deployment_northd }}
@@ -60,28 +55,26 @@
{{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: northd
+ command:
+ - /root/ovnkube.sh
+ - run-ovn-northd
{{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
- command:
- - /tmp/ovn-northd.sh
- - start
- lifecycle:
- preStop:
- exec:
- command:
- - /tmp/ovn-northd.sh
- - stop
- volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovn-northd.sh
- subPath: ovn-northd.sh
- readOnly: true
- volumes:
- - name: ovn-bin
- configMap:
- name: ovn-bin
- defaultMode: 0555
+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVN_LOGLEVEL_NORTHD
+ value: "-vconsole:info -vfile:info"
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OVN_KUBERNETES_NB_STATEFULSET
+ value: ovn-ovsdb-nb
+ - name: OVN_KUBERNETES_SB_STATEFULSET
+ value: ovn-ovsdb-sb
+ - name: OVN_SSL_ENABLE
+ value: "no"
{{- end }}
diff --git a/charts/ovn/templates/role-controller.yaml b/charts/ovn/templates/role-controller.yaml
new file mode 100644
index 0000000..de3cfa6
--- /dev/null
+++ b/charts/ovn/templates/role-controller.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: ovn-controller
+rules:
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
diff --git a/charts/ovn/templates/role-northd.yaml b/charts/ovn/templates/role-northd.yaml
new file mode 100644
index 0000000..ca02fae
--- /dev/null
+++ b/charts/ovn/templates/role-northd.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: ovn-northd
+rules:
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
diff --git a/charts/ovn/templates/role-ovsdb.yaml b/charts/ovn/templates/role-ovsdb.yaml
new file mode 100644
index 0000000..10e0e23
--- /dev/null
+++ b/charts/ovn/templates/role-ovsdb.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: ovn-ovsdb
+rules:
+- apiGroups:
+ - "apps"
+ resources:
+ - statefulsets
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - endpoints
+ verbs:
+ - list
+ - get
diff --git a/charts/ovn/templates/rolebinding-controller.yaml b/charts/ovn/templates/rolebinding-controller.yaml
new file mode 100644
index 0000000..7973c7e
--- /dev/null
+++ b/charts/ovn/templates/rolebinding-controller.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: ovn-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: ovn-controller
+subjects:
+- kind: ServiceAccount
+ name: ovn-controller
+- kind: ServiceAccount
+ name: ovn-controller-gw
diff --git a/charts/ovn/templates/rolebinding-northd.yaml b/charts/ovn/templates/rolebinding-northd.yaml
new file mode 100644
index 0000000..428a470
--- /dev/null
+++ b/charts/ovn/templates/rolebinding-northd.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: ovn-northd
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: ovn-northd
+subjects:
+- kind: ServiceAccount
+ name: ovn-northd
diff --git a/charts/ovn/templates/rolebinding-ovsdb.yaml b/charts/ovn/templates/rolebinding-ovsdb.yaml
new file mode 100644
index 0000000..f32382b
--- /dev/null
+++ b/charts/ovn/templates/rolebinding-ovsdb.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: ovn-ovsdb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: ovn-ovsdb
+subjects:
+- kind: ServiceAccount
+ name: ovn-ovsdb-nb
+- kind: ServiceAccount
+ name: ovn-ovsdb-sb
diff --git a/charts/ovn/templates/service-ovsdb-nb.yaml b/charts/ovn/templates/service-ovsdb-nb.yaml
index b93da9b..56f7cd0 100644
--- a/charts/ovn/templates/service-ovsdb-nb.yaml
+++ b/charts/ovn/templates/service-ovsdb-nb.yaml
@@ -20,6 +20,7 @@
metadata:
name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
+ publishNotReadyAddresses: true
ports:
- name: ovsdb
port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/templates/service-ovsdb-sb.yaml b/charts/ovn/templates/service-ovsdb-sb.yaml
index 70f62c6..4a6b586 100644
--- a/charts/ovn/templates/service-ovsdb-sb.yaml
+++ b/charts/ovn/templates/service-ovsdb-sb.yaml
@@ -20,6 +20,7 @@
metadata:
name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
+ publishNotReadyAddresses: true
ports:
- name: ovsdb
port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 9380515..8955d30 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -12,6 +12,19 @@
limitations under the License.
*/}}
+{{- define "ovnnbReadinessProbeTemplate" }}
+exec:
+ command:
+ - /usr/bin/ovn-kube-util
+ - readiness-probe
+ - -t
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
+ - ovnnb-db-raft
+{{- else }}
+ - ovnnb-db
+{{- end }}
+{{- end }}
+
{{- if .Values.manifests.statefulset_ovn_ovsdb_nb }}
{{- $envAll := . }}
@@ -28,6 +41,7 @@
{{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+ podManagementPolicy: Parallel
replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
selector:
matchLabels:
@@ -49,41 +63,54 @@
{{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovsdb
+ command:
+ - /root/ovnkube.sh
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
+ - nb-ovsdb-raft
+{{- else }}
+ - nb-ovsdb
+{{- end }}
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env:
- - name: OVS_DATABASE
- value: nb
- - name: OVS_PORT
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVN_LOGLEVEL_NB
+ value: "-vconsole:info -vfile:info"
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OVN_KUBERNETES_STATEFULSET
+ value: ovn-ovsdb-nb
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: OVN_SSL_ENABLE
+ value: "no"
+ - name: ENABLE_IPSEC
+ value: "false"
+ - name: OVN_NB_RAFT_ELECTION_TIMER
+ value: "1000"
+ - name: OVN_NB_PORT
value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- command:
- - /tmp/ovsdb-server.sh
- - start
- lifecycle:
- preStop:
- exec:
- command:
- - /tmp/ovsdb-server.sh
- - stop
+ - name: OVN_NB_RAFT_PORT
+ value: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovsdb-server.sh
- subPath: ovsdb-server.sh
- readOnly: true
- name: run-openvswitch
- mountPath: /run/openvswitch
+ mountPath: /var/run/openvswitch
+ - name: run-openvswitch
+ mountPath: /var/run/ovn
- name: data
mountPath: /var/lib/ovn
volumes:
- name: run-openvswitch
emptyDir: {}
- - name: ovn-bin
- configMap:
- name: ovn-bin
- defaultMode: 0555
{{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- name: data
emptyDir: {}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 400b127..ab571c2 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -12,6 +12,19 @@
limitations under the License.
*/}}
+{{- define "ovnsbReadinessProbeTemplate" }}
+exec:
+ command:
+ - /usr/bin/ovn-kube-util
+ - readiness-probe
+ - -t
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
+ - ovnsb-db-raft
+{{- else }}
+ - ovnsb-db
+{{- end }}
+{{- end }}
+
{{- if .Values.manifests.statefulset_ovn_ovsdb_sb }}
{{- $envAll := . }}
@@ -28,6 +41,7 @@
{{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+ podManagementPolicy: Parallel
replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
selector:
matchLabels:
@@ -49,41 +63,54 @@
{{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovsdb
+ command:
+ - /root/ovnkube.sh
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
+ - sb-ovsdb-raft
+{{- else }}
+ - sb-ovsdb
+{{- end }}
{{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
ports:
- containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env:
- - name: OVS_DATABASE
- value: sb
- - name: OVS_PORT
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVN_LOGLEVEL_SB
+ value: "-vconsole:info -vfile:info"
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OVN_KUBERNETES_STATEFULSET
+ value: ovn-ovsdb-sb
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: OVN_SSL_ENABLE
+ value: "no"
+ - name: ENABLE_IPSEC
+ value: "false"
+ - name: OVN_SB_RAFT_ELECTION_TIMER
+ value: "1000"
+ - name: OVN_SB_PORT
value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- command:
- - /tmp/ovsdb-server.sh
- - start
- lifecycle:
- preStop:
- exec:
- command:
- - /tmp/ovsdb-server.sh
- - stop
+ - name: OVN_SB_RAFT_PORT
+ value: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovsdb-server.sh
- subPath: ovsdb-server.sh
- readOnly: true
- name: run-openvswitch
- mountPath: /run/openvswitch
+ mountPath: /var/run/openvswitch
+ - name: run-openvswitch
+ mountPath: /var/run/ovn
- name: data
mountPath: /var/lib/ovn
volumes:
- name: run-openvswitch
emptyDir: {}
- - name: ovn-bin
- configMap:
- name: ovn-bin
- defaultMode: 0555
{{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- name: data
emptyDir: {}
@@ -93,10 +120,10 @@
name: data
spec:
accessModes: ["ReadWriteOnce"]
+ storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
resources:
requests:
storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }}
- storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
{{- end }}
{{- end }}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index cc0eea4..214dd16 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -138,13 +138,41 @@
readiness:
enabled: true
params:
- initialDelaySeconds: 5
- timeoutSeconds: 10
- liveness:
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
+ ovn_ovsdb_nb:
+ ovsdb:
+ readiness:
enabled: true
params:
- initialDelaySeconds: 5
- timeoutSeconds: 10
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
+ ovn_ovsdb_sb:
+ ovsdb:
+ readiness:
+ enabled: true
+ params:
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
+ ovn_controller:
+ controller:
+ readiness:
+ enabled: true
+ params:
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
+ ovn_controller_gw:
+ controller:
+ readiness:
+ enabled: true
+ params:
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
dns_policy: "ClusterFirstWithHostNet"
replicas:
ovn_ovsdb_nb: 1
@@ -179,18 +207,18 @@
ovs:
ovn_ovsdb_nb:
requests:
- memory: "128Mi"
+ memory: "384Mi"
cpu: "100m"
limits:
memory: "1024Mi"
- cpu: "2000m"
+ cpu: "1000m"
ovn_ovsdb_sb:
requests:
- memory: "128Mi"
+ memory: "384Mi"
cpu: "100m"
limits:
memory: "1024Mi"
- cpu: "2000m"
+ cpu: "1000m"
ovn_northd:
requests:
memory: "128Mi"
diff --git a/charts/tempest/templates/job-run-tests.yaml b/charts/tempest/templates/job-run-tests.yaml
index fc37523..fa1c361 100644
--- a/charts/tempest/templates/job-run-tests.yaml
+++ b/charts/tempest/templates/job-run-tests.yaml
@@ -97,6 +97,8 @@
subPath: test-whitelist
readOnly: true
{{- end }}
+ - name: stestr
+ mountPath: /.stestr
- name: tempest-reports
mountPath: /var/lib/tempest/data
{{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.identity.api.internal "path" "/etc/tempest/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@@ -113,6 +115,9 @@
configMap:
name: tempest-bin
defaultMode: 0555
+ - name: stestr
+ hostPath:
+ path: /tmp/stestr
- name: tempest-reports
{{- if not .Values.pvc.enabled }}
emptyDir: {}
diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
index 8e262a8..d9b7054 100644
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -1,6 +1,8 @@
# Summary
-- [Deployment Guide](deploy.md)
+- Deployment
+ - [Quick start](deploy/quick-start.md)
+ - [Production](deploy/production.md)
- [Ingress](ingress.md)
- [Monitoring](monitoring.md)
- OpenStack
diff --git a/docs/deploy.md b/docs/deploy/production.md
similarity index 100%
rename from docs/deploy.md
rename to docs/deploy/production.md
diff --git a/docs/deploy/quick-start.md b/docs/deploy/quick-start.md
new file mode 100644
index 0000000..58321f1
--- /dev/null
+++ b/docs/deploy/quick-start.md
@@ -0,0 +1,81 @@
+# Quick-start
+
+## All-in-one
+
+The easiest way to get started with Atmosphere is to deploy the all-in-one
+installation. This will install an entire stack of Atmosphere, with Ceph
+and all the OpenStack services inside a single machine.
+
+!!! info
+
+ The all-in-one installation is not for production use, it's perfect
+ for testing and development.
+
+!!! warning
+
+ The all-in-one will fully take-over the machine by making system-level
+ changes. It's recommended to run it inside a virtual machine or a
+ physical machine that can be dedicated to this purpose.
+
+In order to get started, you'll need a **Ubuntu 22.04** system with the
+following minimum system requirements:
+
+- Cores: 8 threads / vCPUs
+- Memory: 32GB
+
+If you're looking to run Kubernetes clusters, you'll need more memory
+for the workloads, it following minimum is recommended (but more memory
+is always better!):
+
+- Cores: 16 threads / vCPUs
+- Memory: 64GB
+
+!!! info
+
+ If you're running this inside a virtual machine, it is **extremely**
+ important that the virtual machines supported nested virtualization,
+ otherwise the performance of the VMs will be un-usable.
+
+You can use the following commands to deploy the all-in-one environment:
+
+```bash
+# Install dependencies
+sudo apt-get update
+sudo apt-get install git python3-pip
+sudo pip install poetry
+
+# Clone the repository
+git clone https://github.com/vexxhost/atmosphere.git
+
+# Deploy AIO
+cd atmosphere
+sudo poetry install --with dev
+sudo poetry run molecule converge -s aio
+```
+
+Once the deployment is done, you can either use the CLI to interact with
+the OpenStack environment, or you can access the Horizon dashboard.
+
+For the CLI, you can `source /root/openrc` and then use the `openstack`
+CLI. For example, if you want to list the networks, you can run the
+following command:
+
+```bash
+source /root/openrc
+openstack network list
+```
+
+For the Horizon dashboard, you can find the URL to access it by running
+the following command:
+
+```bash
+kubectl -n openstack get ingress/dashboard -ojsonpath='{.spec.rules[0].host}'
+```
+
+You can find the credentials to login to the dashboard reading the
+`/root/openrc` file. You can use the following variables to match
+the credentials:
+
+- Username: `OS_USERNAME`
+- Password: `OS_PASSWORD`
+- Domain: `OS_USER_DOMAIN_NAME`
diff --git a/docs/index.md b/docs/index.md
new file mode 100644
index 0000000..08f3633
--- /dev/null
+++ b/docs/index.md
@@ -0,0 +1,23 @@
+# Atmosphere
+
+Atmosphere is an advanced OpenStack distribution built by [VEXXHOST](https://vexxhost.com)
+powered by Kuberentes, which allows you to easily deliver virtual machines,
+Kubernetes and bare-metal on your on-premise hardware.
+
+The difference between Atmosphere and other deployment tools is that it is
+fully open source with batteries included. It ships with settings that are
+curated by years of experience from our team alongside comprehensive day-2
+operations such as monitoring, centralized logging and simplified upgrades
+that only require upgrading your Atmosphere version.
+
+If you're looking to get started quickly, you can review our
+[Quick Start](deploy/quick-start.md) guide.
+
+## Community
+
+If you have any questions and discussions about Atmosphere, you can join the
+community:
+
+* [`#atmosphere`](https://kubernetes.slack.com/archives/C056YSPJB7U) channel
+ on the Kubernetes Slack. If you are new to Kubernetes Slack workspace,
+ [Join the Kubernetes Slack workspace](https://slack.kubernetes.io/) first.
diff --git a/docs/openstack/ovn.md b/docs/openstack/ovn.md
new file mode 100644
index 0000000..bd103c1
--- /dev/null
+++ b/docs/openstack/ovn.md
@@ -0,0 +1,34 @@
+# OVN
+
+## Recovering cluster
+
+If any of the OVN database pods fail, they will no longer be ready. You can
+recover the cluster by deleting the pods and allowing them to be recreated.
+
+For example, if the `ovn-ovsdb-nb-0` pod fails, you can recover the cluster by
+deleting the pod:
+
+```bash
+kubectl -n openstack delete pods/ovn-ovsdb-nb-0
+```
+
+If the entire cluster fails, you can recover the cluster by deleting all of the
+pods. For example, if the southbound database fails, you can recover the
+cluster with this command:
+
+```bash
+kubectl -n openstack delete pods -lcomponent=ovn-ovsdb-sb
+```
+
+If the state of Neutron is lost from the cluster, you can recover it by running
+the repair command:
+
+```bash
+kubectl -n openstack exec deploy/neutron-server -- \
+ neutron-ovn-db-sync-util \
+ --debug \
+ --config-file /etc/neutron/neutron.conf \
+ --config-file /tmp/pod-shared/ovn.ini \
+ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+ --ovn-neutron_sync_mode repair
+```
diff --git a/flake.lock b/flake.lock
index b114686..1f709e6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1694529238,
- "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+ "lastModified": 1705309234,
+ "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+ "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@@ -20,11 +20,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1701040486,
- "narHash": "sha256-vawYwoHA5CwvjfqaT3A5CT9V36Eq43gxdwpux32Qkjw=",
+ "lastModified": 1706925685,
+ "narHash": "sha256-hVInjWMmgH4yZgA4ZtbgJM1qEAel72SYhP5nOWX4UIM=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "45827faa2132b8eade424f6bdd48d8828754341a",
+ "rev": "79a13f1437e149dc7be2d1290c74d378dad60814",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index a11b761..d00bebc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,6 +16,9 @@
devShell = pkgs.mkShell {
buildInputs = with pkgs; [
earthly
+ go
+ nixpkgs-fmt
+ poetry
vendir
];
};
diff --git a/images/Earthfile b/images/Earthfile
index 1141ecd..0a4374a 100644
--- a/images/Earthfile
+++ b/images/Earthfile
@@ -1,7 +1,7 @@
-VERSION 0.7
+VERSION 0.8
APT_INSTALL:
- COMMAND
+ FUNCTION
ARG PACKAGES
RUN \
apt-get update && \
@@ -10,7 +10,7 @@
rm -rf /var/lib/apt/lists/*
DNF_INSTALL:
- COMMAND
+ FUNCTION
ARG PACKAGES
RUN \
dnf -y install \
@@ -21,7 +21,7 @@
rm -rf /var/cache/dnf
CREATE_PROJECT_USER:
- COMMAND
+ FUNCTION
ARG PROJECT
ARG SHELL=/usr/sbin/nologin
RUN \
diff --git a/images/barbican/Earthfile b/images/barbican/Earthfile
index 0c843ff..5ae11d0 100644
--- a/images/barbican/Earthfile
+++ b/images/barbican/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=barbican
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=a00fcade4138ffc52cd9c84b5999297966f019b5
@@ -15,5 +16,5 @@
FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
COPY +build/venv /var/lib/openstack
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/base/Earthfile b/images/base/Earthfile
index f34cf37..1810ea7 100644
--- a/images/base/Earthfile
+++ b/images/base/Earthfile
@@ -1,14 +1,5 @@
VERSION 0.7
image:
- FROM ubuntu:jammy-20240111
+ FROM ubuntu:jammy-20240125
LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
- # TODO(mnaser): Remove this when a new image that includes 1.4.0-11ubuntu2.4 is released.
- # https://avd.aquasec.com/nvd/cve-2024-22365
- DO ../+APT_INSTALL \
- --PACKAGES "libpam0g libpam-modules libpam-modules-bin libpam-runtime"
- # TODO(mnaser): Remove this when a new image that includes 3.7.3-4ubuntu1.4 is released.
- # https://avd.aquasec.com/nvd/cve-2024-0553
- # https://avd.aquasec.com/nvd/cve-2024-0567
- DO ../+APT_INSTALL \
- --PACKAGES "libgnutls30"
diff --git a/images/cinder/Earthfile b/images/cinder/Earthfile
index ae432c4..66fdc29 100644
--- a/images/cinder/Earthfile
+++ b/images/cinder/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=cinder
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=8d453fa7b6daf1c1b6105a71f7c660b9036541f3
@@ -18,5 +19,5 @@
DO ../+APT_INSTALL \
--PACKAGES "ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/cluster-api-provider-openstack/Earthfile b/images/cluster-api-provider-openstack/Earthfile
index bae0ce1..26cfd25 100644
--- a/images/cluster-api-provider-openstack/Earthfile
+++ b/images/cluster-api-provider-openstack/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global CAPO_VERSION=v0.8.0
ARG --global EPOCH=2
@@ -14,4 +15,4 @@
image:
FROM DOCKERFILE -f +clone/src/Dockerfile +clone/src/*
LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
- SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/capi-openstack-controller:${CAPO_VERSION}-${EPOCH}
+ SAVE IMAGE --push ${REGISTRY}/capi-openstack-controller:${CAPO_VERSION}-${EPOCH}
diff --git a/images/designate/Earthfile b/images/designate/Earthfile
index d88dc10..21d8973 100644
--- a/images/designate/Earthfile
+++ b/images/designate/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=designate
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=2c817b3d7f01de44023f195c6e8de8853683a54a
@@ -16,5 +17,5 @@
DO ../+APT_INSTALL \
--PACKAGES "bind9utils"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/glance/Earthfile b/images/glance/Earthfile
index c40c403..25e298e 100644
--- a/images/glance/Earthfile
+++ b/images/glance/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=glance
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=9a4a3067b5c7c7f8ee9363bd939a3d86b260d660
@@ -27,5 +28,5 @@
DO ../+APT_INSTALL \
--PACKAGES "ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/heat/Earthfile b/images/heat/Earthfile
index c55fc42..f2eb878 100644
--- a/images/heat/Earthfile
+++ b/images/heat/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=heat
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=d1363cc17646893054f9e8daf40de67699078e7c
@@ -16,5 +17,5 @@
DO ../+APT_INSTALL \
--PACKAGES "curl jq"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/horizon/Earthfile b/images/horizon/Earthfile
index fe9ac5f..6d0d246 100644
--- a/images/horizon/Earthfile
+++ b/images/horizon/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=horizon
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=3c6029cd94846235e25058b71522c13556f41f58
@@ -33,5 +34,5 @@
DO ../+APT_INSTALL \
--PACKAGES "apache2 gettext libapache2-mod-wsgi-py3"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/ironic/Earthfile b/images/ironic/Earthfile
index 5edcd7c..947a079 100644
--- a/images/ironic/Earthfile
+++ b/images/ironic/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=ironic
ARG --global RELEASE=zed
ARG --global PROJECT_REF=e38735cb95263b0c54f2fd719ff6b714efbddbb3
@@ -17,5 +18,5 @@
DO ../+APT_INSTALL \
--PACKAGES "ethtool ipmitool iproute2 ipxe lshw qemu-utils tftpd-hpa"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/keystone/Earthfile b/images/keystone/Earthfile
index 7aae428..25f2532 100644
--- a/images/keystone/Earthfile
+++ b/images/keystone/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global RELEASE=2023.2
ARG --global PROJECT=keystone
ARG --global PROJECT_REF=653d82b1b4e09b2ff37b56868e57d08c8e3af7dd
@@ -29,5 +30,5 @@
apt-get clean && \
rm -rfv /var/lib/apt/lists/* libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/kubernetes-entrypoint/Earthfile b/images/kubernetes-entrypoint/Earthfile
index 6844da2..83624d6 100644
--- a/images/kubernetes-entrypoint/Earthfile
+++ b/images/kubernetes-entrypoint/Earthfile
@@ -1,4 +1,6 @@
VERSION 0.7
+
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global COMMIT=e8c2b17e1261c6a1b0fed1fcd5e1c337fc014219
build:
@@ -26,8 +28,8 @@
USER 65534
ENTRYPOINT ["/kubernetes-entrypoint"]
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:${COMMIT} \
- ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:latest
+ ${REGISTRY}/kubernetes-entrypoint:${COMMIT} \
+ ${REGISTRY}/kubernetes-entrypoint:latest
image:
BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/libvirtd/Earthfile b/images/libvirtd/Earthfile
index 31792d2..e6b01fe 100644
--- a/images/libvirtd/Earthfile
+++ b/images/libvirtd/Earthfile
@@ -1,5 +1,7 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
+
platform-image:
ARG RELEASE=zed
FROM ../cloud-archive-base+image --RELEASE=${RELEASE}
@@ -14,7 +16,7 @@
END
DO ../+APT_INSTALL --PACKAGES="ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios"
DO ../+CREATE_PROJECT_USER --PROJECT=nova
- SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/libvirtd:${RELEASE}
+ SAVE IMAGE --push ${REGISTRY}/libvirtd:${RELEASE}
image:
BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/magnum/Earthfile b/images/magnum/Earthfile
index b3d386c..52e0ac5 100644
--- a/images/magnum/Earthfile
+++ b/images/magnum/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=magnum
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=156f6f52d38a670e6fe10725966aeea4ddf65146
@@ -18,5 +19,5 @@
--PACKAGES "haproxy"
COPY ../helm+binary/helm /usr/local/bin/helm
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/manila/Earthfile b/images/manila/Earthfile
index 5718142..cd5dd98 100644
--- a/images/manila/Earthfile
+++ b/images/manila/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=manila
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=98bc755673fe48a9c67203e4262315b048efe25d
@@ -16,5 +17,5 @@
DO ../+APT_INSTALL \
--PACKAGES "iproute2 openvswitch-switch"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/netoffload/Earthfile b/images/netoffload/Earthfile
index 557a394..ef68195 100644
--- a/images/netoffload/Earthfile
+++ b/images/netoffload/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=netoffload
ARG --global RELEASE=main
ARG --global PROJECT_REF=94b8c0fdb0b83bd1b7e14b9a58077a047c78a800
@@ -20,8 +21,8 @@
COPY +build/offloadctl /usr/local/bin/offloadctl
ENTRYPOINT ["/usr/local/bin/offloadctl"]
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
image:
BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/neutron/Earthfile b/images/neutron/Earthfile
index a9b4712..d4b1bff 100644
--- a/images/neutron/Earthfile
+++ b/images/neutron/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=neutron
ARG --global RELEASE=zed
ARG --global PROJECT_REF=222c997022392561c2de2cb493f0f5214eb20dfc
@@ -17,8 +18,8 @@
DO ../+APT_INSTALL \
--PACKAGES "conntrack dnsmasq dnsmasq-utils ebtables ethtool haproxy iproute2 ipset iptables iputils-arping jq keepalived lshw openvswitch-switch strongswan uuid-runtime"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
image:
BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/nova-ssh/Earthfile b/images/nova-ssh/Earthfile
index 7572665..ac8bac9 100644
--- a/images/nova-ssh/Earthfile
+++ b/images/nova-ssh/Earthfile
@@ -1,5 +1,7 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
+
platform-image:
FROM ../base+image
DO ../+CREATE_PROJECT_USER \
@@ -11,7 +13,7 @@
chown -R nova: /etc/ssh && \
mkdir /var/run/sshd && \
chmod 0755 /var/run/sshd
- SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/nova-ssh:latest
+ SAVE IMAGE --push ${REGISTRY}/nova-ssh:latest
image:
BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/nova/Earthfile b/images/nova/Earthfile
index 2780578..9b3f764 100644
--- a/images/nova/Earthfile
+++ b/images/nova/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=nova
ARG --global RELEASE=zed
ARG --global PROJECT_REF=226f3e95c1cdadd1845c7adee55f5c5f29f3a7a8
@@ -17,8 +18,8 @@
--PACKAGES "ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-utils sysfsutils udev util-linux"
GIT CLONE --branch v1.4.0 https://github.com/novnc/noVNC.git /usr/share/novnc
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
image:
BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/octavia/Earthfile b/images/octavia/Earthfile
index d37ba36..906e325 100644
--- a/images/octavia/Earthfile
+++ b/images/octavia/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=octavia
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=88d7315a60314e44fcce88ad198ceb3c0c107fe6
@@ -17,5 +18,5 @@
DO ../+APT_INSTALL \
--PACKAGES "isc-dhcp-client openssh-client"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/openstack-service/Earthfile b/images/openstack-service/Earthfile
index df267aa..350eb7b 100644
--- a/images/openstack-service/Earthfile
+++ b/images/openstack-service/Earthfile
@@ -1,7 +1,7 @@
-VERSION 0.7
+VERSION 0.8
PIP_INSTALL:
- COMMAND
+ FUNCTION
ARG PACKAGES
RUN --mount=type=cache,target=/root/.cache \
/var/lib/openstack/bin/pip3 install \
@@ -9,7 +9,7 @@
${PACKAGES}
GIT_CHECKOUT:
- COMMAND
+ FUNCTION
ARG PROJECT
ARG PROJECT_REPO=https://github.com/openstack/${PROJECT}
ARG PROJECT_REF
@@ -24,7 +24,7 @@
END
BUILD_VENV:
- COMMAND
+ FUNCTION
ARG PROJECT
ARG PROJECT_REPO=https://github.com/openstack/${PROJECT}
ARG PROJECT_REF
diff --git a/images/openvswitch/Earthfile b/images/openvswitch/Earthfile
index d53786f..b72a75d 100644
--- a/images/openvswitch/Earthfile
+++ b/images/openvswitch/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global SERIES=3.1
ARG --global VERSION=3.1.0-65
@@ -9,8 +10,8 @@
DO ../+DNF_INSTALL --PACKAGES "centos-release-nfv-openvswitch.noarch"
DO ../+DNF_INSTALL --PACKAGES "openvswitch${SERIES}-${VERSION}.el9s iptables"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/openvswitch:${SERIES} \
- ghcr.io/vexxhost/atmosphere/openvswitch:${VERSION}
+ ${REGISTRY}/openvswitch:${SERIES} \
+ ${REGISTRY}/openvswitch:${VERSION}
image:
BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/ovn/Earthfile b/images/ovn/Earthfile
index 436535a..aa4507f 100644
--- a/images/ovn/Earthfile
+++ b/images/ovn/Earthfile
@@ -1,19 +1,35 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global SERIES=23.03
ARG --global VERSION=23.03.0-69
+ovn-kubernetes:
+ FROM golang:1.20
+ GIT CLONE --branch master https://github.com/ovn-org/ovn-kubernetes /src
+ WORKDIR /src
+ COPY patches/ovn-kubernetes /patches
+ DO ../+APT_INSTALL --PACKAGES "git"
+ RUN git apply --verbose /patches/*.patch
+ SAVE ARTIFACT /src/dist/images/ovndb-raft-functions.sh
+ SAVE ARTIFACT /src/dist/images/ovnkube.sh
+ RUN \
+ cd /src/go-controller && \
+ go build -o /build/ovn-kube-util ./cmd/ovn-kube-util
+ SAVE ARTIFACT /build/ovn-kube-util
+
component-image:
FROM ../openvswitch+platform-image
DO ../+DNF_INSTALL --PACKAGES "firewalld-filesystem hostname ovn${SERIES}-${VERSION}.el9s procps-ng"
ARG --required NAME
DO ../+DNF_INSTALL --PACKAGES "ovn${SERIES}-${NAME}-${VERSION}.el9s"
- IF [ "${NAME}" = "host" ]
- COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
- END
+ COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
+ COPY +ovn-kubernetes/ovndb-raft-functions.sh /root
+ COPY +ovn-kubernetes/ovnkube.sh /root
+ COPY +ovn-kubernetes/ovn-kube-util /usr/bin
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/ovn-${NAME}:${SERIES} \
- ghcr.io/vexxhost/atmosphere/ovn-${NAME}:${VERSION}
+ ${REGISTRY}/ovn-${NAME}:${SERIES} \
+ ${REGISTRY}/ovn-${NAME}:${VERSION}
central:
BUILD +component-image --NAME central
diff --git a/images/ovn/patches/ovn-kubernetes/0001-chore-refactor-to-using-OVN_KUBERNETES_STATEFULSET.patch b/images/ovn/patches/ovn-kubernetes/0001-chore-refactor-to-using-OVN_KUBERNETES_STATEFULSET.patch
new file mode 100644
index 0000000..8071192
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0001-chore-refactor-to-using-OVN_KUBERNETES_STATEFULSET.patch
@@ -0,0 +1,161 @@
+From 0227559bb404c3d7d5f32737809c38024bbabef0 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Thu, 18 Jan 2024 12:42:24 -0500
+Subject: [PATCH 1/2] chore: refactor to using OVN_KUBERNETES_STATEFULSET
+
+---
+ dist/images/ovndb-raft-functions.sh | 32 ++++++++++++++---------------
+ dist/images/ovnkube.sh | 5 ++++-
+ 2 files changed, 20 insertions(+), 17 deletions(-)
+
+diff --git a/dist/images/ovndb-raft-functions.sh b/dist/images/ovndb-raft-functions.sh
+index dceb4ec2e..65e9b6d9b 100644
+--- a/dist/images/ovndb-raft-functions.sh
++++ b/dist/images/ovndb-raft-functions.sh
+@@ -10,7 +10,7 @@ verify-ovsdb-raft() {
+ fi
+
+ replicas=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+- get statefulset -n ${ovn_kubernetes_namespace} ovnkube-db -o=jsonpath='{.spec.replicas}')
++ get statefulset -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset} -o=jsonpath='{.spec.replicas}')
+ if [[ ${replicas} -lt 3 || $((${replicas} % 2)) -eq 0 ]]; then
+ echo "at least 3 nodes need to be configured, and it must be odd number of nodes"
+ exit 1
+@@ -45,14 +45,14 @@ db_part_of_cluster() {
+ }
+
+ # Checks if cluster has already been initialized.
+-# If not it returns false and sets init_ip to ovnkube-db-0
++# If not it returns false and sets init_ip to ${ovn_kubernetes_statefulset}-0
+ cluster_exists() {
+ # See if ep is available ...
+ local db=${1}
+ local port=${2}
+
+ db_pods=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+- get pod -n ${ovn_kubernetes_namespace} -o=jsonpath='{.items[*].metadata.name}' | egrep -o 'ovnkube-db[^ ]+')
++ get pod -n ${ovn_kubernetes_namespace} -o=jsonpath='{.items[*].metadata.name}' | egrep -o "${ovn_kubernetes_statefulset}[^ ]+")
+
+ for db_pod in $db_pods; do
+ if db_part_of_cluster $db_pod $db $port; then
+@@ -63,7 +63,7 @@ cluster_exists() {
+
+ # if we get here there is no cluster, set init_ip and get out
+ init_ip="$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+- get pod -n ${ovn_kubernetes_namespace} ovnkube-db-0 -o=jsonpath='{.status.podIP}')"
++ get pod -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset}-0 -o=jsonpath='{.status.podIP}')"
+ if [[ $? != 0 ]]; then
+ return 1
+ fi
+@@ -90,17 +90,17 @@ check_and_apply_ovnkube_db_ep() {
+
+ # return if ovn db service endpoint already exists
+ result=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+- get ep -n ${ovn_kubernetes_namespace} ovnkube-db 2>&1)
++ get ep -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset} 2>&1)
+ test $? -eq 0 && return
+ if ! echo ${result} | grep -q "NotFound"; then
+- echo "Failed to find ovnkube-db endpoint: ${result}, Exiting..."
++ echo "Failed to find ${ovn_kubernetes_statefulset} endpoint: ${result}, Exiting..."
+ exit 12
+ fi
+- # Get IPs of all ovnkube-db PODs
++ # Get IPs of all ${ovn_kubernetes_statefulset} PODs
+ ips=()
+ for ((i = 0; i < ${replicas}; i++)); do
+ ip=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+- get pod -n ${ovn_kubernetes_namespace} ovnkube-db-${i} -o=jsonpath='{.status.podIP}')
++ get pod -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset}-${i} -o=jsonpath='{.status.podIP}')
+ if [[ ${ip} == "" ]]; then
+ break
+ fi
+@@ -108,7 +108,7 @@ check_and_apply_ovnkube_db_ep() {
+ done
+
+ if [[ ${i} -eq ${replicas} ]]; then
+- # Number of POD IPs is same as number of statefulset replicas. Now, if the number of ovnkube-db endpoints
++ # Number of POD IPs is same as number of statefulset replicas. Now, if the number of ${ovn_kubernetes_statefulset} endpoints
+ # is 0, then we are applying the endpoint for the first time. So, we need to make sure that each of the
+ # pod IP responds to the `ovsdb-client list-dbs` call before we set the endpoint. If they don't, retry several
+ # times and then give up.
+@@ -170,7 +170,7 @@ set_election_timer() {
+ return 0
+ }
+
+-# set_connection() will be called for ovnkube-db-0 pod when :
++# set_connection() will be called for ${ovn_kubernetes_statefulset}-0 pod when :
+ # 1. it is first started or
+ # 2. it restarts after the initial start has failed or
+ # 3. subsequent restarts during the lifetime of the pod
+@@ -307,7 +307,7 @@ ovsdb-raft() {
+ --ovn-${db}-log="${ovn_loglevel_db}" &
+ else
+ # either we need to initialize a new cluster or wait for db-0 to create it
+- if [[ "${POD_NAME}" == "ovnkube-db-0" ]]; then
++ if [[ "${POD_NAME}" == "${ovn_kubernetes_statefulset}-0" ]]; then
+ echo "Cluster does not exist for DB: ${db}, creating new raft cluster"
+ run_as_ovs_user_if_needed \
+ ${OVNCTL_PATH} run_${db}_ovsdb --no-monitor \
+@@ -317,7 +317,7 @@ ovsdb-raft() {
+ ${db_ssl_opts} \
+ --ovn-${db}-log="${ovn_loglevel_db}" &
+ else
+- echo "Cluster does not exist for DB: ${db}, waiting for ovnkube-db-0 pod to create it"
++ echo "Cluster does not exist for DB: ${db}, waiting for ${ovn_kubernetes_statefulset}-0 pod to create it"
+ # all non pod-0 pods will be blocked here till connection is set
+ wait_for_event cluster_exists ${db} ${port}
+ run_as_ovs_user_if_needed \
+@@ -356,8 +356,8 @@ ovsdb-raft() {
+ fi
+ echo "=============== ${db}-ovsdb-raft ========== RUNNING"
+
+- if [[ "${POD_NAME}" == "ovnkube-db-0" ]]; then
+- # post raft create work has to be done only once and in ovnkube-db-0 while it is still
++ if [[ "${POD_NAME}" == "${ovn_kubernetes_statefulset}-0" ]]; then
++ # post raft create work has to be done only once and in ${ovn_kubernetes_statefulset}-0 while it is still
+ # a single-node cluster, additional protection against the case when pod-0 isn't a leader
+ # is needed in the cases of sudden pod-0 initialization logic restarts
+ current_raft_role=$(ovs-appctl -t ${OVN_RUNDIR}/ovn${db}_db.ctl cluster/status ${database} 2>&1 | grep "^Role")
+@@ -381,9 +381,9 @@ ovsdb-raft() {
+ fi
+
+ last_node_index=$(expr ${replicas} - 1)
+- # Create endpoints only if all ovnkube-db pods have started and are running. We do this
++ # Create endpoints only if all ${ovn_kubernetes_statefulset} pods have started and are running. We do this
+ # from the last pod of the statefulset.
+- if [[ ${db} == "nb" && "${POD_NAME}" == "ovnkube-db-"${last_node_index} ]]; then
++ if [[ ${db} == "nb" && "${POD_NAME}" == "${ovn_kubernetes_statefulset}-"${last_node_index} ]]; then
+ check_and_apply_ovnkube_db_ep ${port}
+ fi
+
+diff --git a/dist/images/ovnkube.sh b/dist/images/ovnkube.sh
+index bf3989e37..720b3e14d 100755
+--- a/dist/images/ovnkube.sh
++++ b/dist/images/ovnkube.sh
+@@ -40,6 +40,7 @@ fi
+ # OVN_NET_CIDR - the network cidr - v3
+ # OVN_SVC_CIDR - the cluster-service-cidr - v3
+ # OVN_KUBERNETES_NAMESPACE - k8s namespace - v3
++# OVN_KUBERNETES_STATEFULSET - k8s statefulset - v3
+ # K8S_NODE - hostname of the node - v3
+ #
+ # OVN_DAEMONSET_VERSION - version match daemonset and image - v3
+@@ -198,12 +199,14 @@ metrics_bind_port=${OVN_METRICS_BIND_PORT:-9476}
+ metrics_exporter_port=${OVN_METRICS_EXPORTER_PORT:-9310}
+
+ ovn_kubernetes_namespace=${OVN_KUBERNETES_NAMESPACE:-ovn-kubernetes}
++ovn_kubernetes_statefulset=${OVN_KUBERNETES_STATEFULSET:-ovnkube-db}
++
+ # namespace used for classifying host network traffic
+ ovn_host_network_namespace=${OVN_HOST_NETWORK_NAMESPACE:-ovn-host-network}
+
+ # host on which ovnkube-db POD is running and this POD contains both
+ # OVN NB and SB DB running in their own container.
+-ovn_db_host=${K8S_NODE_IP:-""}
++ovn_db_host=${K8S_NODE_IP:-$(hostname -f)}
+
+ # OVN_NB_PORT - ovn north db port (default 6641)
+ ovn_nb_port=${OVN_NB_PORT:-6641}
+--
+2.42.0
+
diff --git a/images/ovn/patches/ovn-kubernetes/0002-chore-northd-refactor-to-being-able-to-use-split-svc.patch b/images/ovn/patches/ovn-kubernetes/0002-chore-northd-refactor-to-being-able-to-use-split-svc.patch
new file mode 100644
index 0000000..c615f63
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0002-chore-northd-refactor-to-being-able-to-use-split-svc.patch
@@ -0,0 +1,144 @@
+From 90851bd77718bc834446ebe2ddf34b8e9383dee8 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Thu, 18 Jan 2024 16:16:11 -0500
+Subject: [PATCH 2/2] chore(northd): refactor to being able to use split svcs
+
+---
+ dist/images/ovnkube.sh | 75 +++++++++++++++++++++++++++++++++---------
+ 1 file changed, 59 insertions(+), 16 deletions(-)
+
+diff --git a/dist/images/ovnkube.sh b/dist/images/ovnkube.sh
+index 720b3e14d..1d3059cf8 100755
+--- a/dist/images/ovnkube.sh
++++ b/dist/images/ovnkube.sh
+@@ -200,6 +200,8 @@ metrics_exporter_port=${OVN_METRICS_EXPORTER_PORT:-9310}
+
+ ovn_kubernetes_namespace=${OVN_KUBERNETES_NAMESPACE:-ovn-kubernetes}
+ ovn_kubernetes_statefulset=${OVN_KUBERNETES_STATEFULSET:-ovnkube-db}
++ovn_kubernetes_nb_statefulset=${OVN_KUBERNETES_NB_STATEFULSET:-ovnkube-db}
++ovn_kubernetes_sb_statefulset=${OVN_KUBERNETES_SB_STATEFULSET:-ovnkube-db}
+
+ # namespace used for classifying host network traffic
+ ovn_host_network_namespace=${OVN_HOST_NETWORK_NAMESPACE:-ovn-host-network}
+@@ -374,6 +376,24 @@ wait_for_event() {
+ done
+ }
+
++wait_for_db () {
++ local db=$1
++ local ep=$(get_ovnkube_zone_db_ep ${db})
++
++ echo "Getting the ${ep} ep"
++ # See if ep is available ...
++ IFS=" " read -a ep_hosts <<<"$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
++ get endpointslice -n ${ovn_kubernetes_namespace} -l kubernetes.io/service-name=${ep} -o=jsonpath='{range .items[0].endpoints[*]}{.addresses[0]} ')"
++ if [[ ${#ep_hosts[@]} == 0 ]]; then
++ return 1
++ fi
++
++ ep_hosts_string="${ep_hosts[*]}"
++ declare -g -a "ovn_${db}db_hosts=($ep_hosts_string)"
++
++ return 0
++}
++
+ # The ovnkube-db kubernetes service must be populated with OVN DB service endpoints
+ # before various OVN K8s containers can come up. This functions checks for that.
+ # If OVN dbs are configured to listen only on unix sockets, then there will not be
+@@ -384,15 +404,18 @@ ready_to_start_node() {
+ return 0
+ fi
+
+- ovnkube_db_ep=$(get_ovnkube_zone_db_ep)
+- echo "Getting the ${ovnkube_db_ep} ep"
+- # See if ep is available ...
+- IFS=" " read -a ovn_db_hosts <<<"$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+- get ep -n ${ovn_kubernetes_namespace} ${ovnkube_db_ep} -o=jsonpath='{range .subsets[0].addresses[*]}{.ip}{" "}')"
+- if [[ ${#ovn_db_hosts[@]} == 0 ]]; then
++ wait_for_db nb
++ if [[ $? != 0 ]]; then
++ return 1
++ fi
++
++ wait_for_db sb
++ if [[ $? != 0 ]]; then
+ return 1
+ fi
++
+ get_ovn_db_vars
++
+ return 0
+ }
+ # wait_for_event ready_to_start_node
+@@ -410,17 +433,29 @@ check_ovn_daemonset_version() {
+ }
+
+ get_ovn_db_vars() {
++
++ index=0
+ ovn_nbdb_str=""
+- ovn_sbdb_str=""
+- for i in "${ovn_db_hosts[@]}"; do
++ for i in "${ovn_nbdb_hosts[@]}"; do
+ if [ -n "$ovn_nbdb_str" ]; then
+ ovn_nbdb_str=${ovn_nbdb_str}","
++ fi
++ host="${ovn_kubernetes_nb_statefulset}-${index}.${ovn_kubernetes_nb_statefulset}.${ovn_kubernetes_namespace}.svc.cluster.local"
++ ovn_nbdb_str=${ovn_nbdb_str}${transport}://${host}:${ovn_nb_port}
++ index=$((index + 1))
++ done
++
++ index=0
++ ovn_sbdb_str=""
++ for i in "${ovn_sbdb_hosts[@]}"; do
++ if [ -n "$ovn_sbdb_str" ]; then
+ ovn_sbdb_str=${ovn_sbdb_str}","
+ fi
+- ip=$(bracketify $i)
+- ovn_nbdb_str=${ovn_nbdb_str}${transport}://${ip}:${ovn_nb_port}
+- ovn_sbdb_str=${ovn_sbdb_str}${transport}://${ip}:${ovn_sb_port}
++ host="${ovn_kubernetes_sb_statefulset}-${index}.${ovn_kubernetes_sb_statefulset}.${ovn_kubernetes_namespace}.svc.cluster.local"
++ ovn_sbdb_str=${ovn_sbdb_str}${transport}://${host}:${ovn_sb_port}
++ index=$((index + 1))
+ done
++
+ # OVN_NORTH and OVN_SOUTH override derived host
+ ovn_nbdb=${OVN_NORTH:-$ovn_nbdb_str}
+ ovn_sbdb=${OVN_SOUTH:-$ovn_sbdb_str}
+@@ -730,7 +765,7 @@ set_ovnkube_db_ep() {
+ ips=("$@")
+
+ ovn_zone=$(get_node_zone)
+- ovnkube_db_ep=$(get_ovnkube_zone_db_ep)
++ ovnkube_db_ep=$(get_ovnkube_zone_db_ep sb)
+ echo "=============== setting ${ovnkube_db_ep} endpoints to ${ips[@]}"
+ # create a new endpoint for the headless onvkube-db service without selectors
+ kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} apply -f - <<EOF
+@@ -779,12 +814,20 @@ function get_node_zone() {
+ }
+
+ function get_ovnkube_zone_db_ep() {
+- zone=$(get_node_zone)
+- if [ "$zone" == "global" ]; then
+- echo "ovnkube-db"
++ local db=$1
++
++ if [ "$db" == "nb" ]; then
++ ep="${ovn_kubernetes_nb_statefulset}"
+ else
+- echo "ovnkube-db-$zone"
++ ep="${ovn_kubernetes_sb_statefulset}"
+ fi
++
++ zone=$(get_node_zone)
++ if [ "$zone" != "global" ]; then
++ ep="${ep}-${zone}"
++ fi
++
++ echo "${ep}"
+ }
+
+ # v3 - run nb_ovsdb in a separate container
+--
+2.42.0
+
diff --git a/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch b/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch
new file mode 100644
index 0000000..66e0b00
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch
@@ -0,0 +1,6184 @@
+From 6d47afb26fb1bb1e6d5668f336ee292ad48954f3 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Sun, 4 Feb 2024 02:22:36 -0500
+Subject: [PATCH] chore: bump golang.org/x/crypto for security
+
+---
+ go-controller/go.mod | 8 +-
+ go-controller/go.sum | 16 ++--
+ .../golang.org/x/sys/execabs/execabs_go118.go | 1 -
+ .../golang.org/x/sys/execabs/execabs_go119.go | 1 -
+ .../golang.org/x/sys/plan9/pwd_go15_plan9.go | 1 -
+ .../golang.org/x/sys/plan9/pwd_plan9.go | 1 -
+ .../vendor/golang.org/x/sys/plan9/race.go | 1 -
+ .../vendor/golang.org/x/sys/plan9/race0.go | 1 -
+ .../vendor/golang.org/x/sys/plan9/str.go | 1 -
+ .../vendor/golang.org/x/sys/plan9/syscall.go | 1 -
+ .../x/sys/plan9/zsyscall_plan9_386.go | 1 -
+ .../x/sys/plan9/zsyscall_plan9_amd64.go | 1 -
+ .../x/sys/plan9/zsyscall_plan9_arm.go | 1 -
+ .../vendor/golang.org/x/sys/unix/aliases.go | 2 -
+ .../golang.org/x/sys/unix/asm_aix_ppc64.s | 1 -
+ .../golang.org/x/sys/unix/asm_bsd_386.s | 2 -
+ .../golang.org/x/sys/unix/asm_bsd_amd64.s | 2 -
+ .../golang.org/x/sys/unix/asm_bsd_arm.s | 2 -
+ .../golang.org/x/sys/unix/asm_bsd_arm64.s | 2 -
+ .../golang.org/x/sys/unix/asm_bsd_ppc64.s | 2 -
+ .../golang.org/x/sys/unix/asm_bsd_riscv64.s | 2 -
+ .../golang.org/x/sys/unix/asm_linux_386.s | 1 -
+ .../golang.org/x/sys/unix/asm_linux_amd64.s | 1 -
+ .../golang.org/x/sys/unix/asm_linux_arm.s | 1 -
+ .../golang.org/x/sys/unix/asm_linux_arm64.s | 3 -
+ .../golang.org/x/sys/unix/asm_linux_loong64.s | 3 -
+ .../golang.org/x/sys/unix/asm_linux_mips64x.s | 3 -
+ .../golang.org/x/sys/unix/asm_linux_mipsx.s | 3 -
+ .../golang.org/x/sys/unix/asm_linux_ppc64x.s | 3 -
+ .../golang.org/x/sys/unix/asm_linux_riscv64.s | 2 -
+ .../golang.org/x/sys/unix/asm_linux_s390x.s | 3 -
+ .../x/sys/unix/asm_openbsd_mips64.s | 1 -
+ .../golang.org/x/sys/unix/asm_solaris_amd64.s | 1 -
+ .../golang.org/x/sys/unix/asm_zos_s390x.s | 3 -
+ .../golang.org/x/sys/unix/cap_freebsd.go | 1 -
+ .../vendor/golang.org/x/sys/unix/constants.go | 1 -
+ .../golang.org/x/sys/unix/dev_aix_ppc.go | 1 -
+ .../golang.org/x/sys/unix/dev_aix_ppc64.go | 1 -
+ .../vendor/golang.org/x/sys/unix/dev_zos.go | 1 -
+ .../vendor/golang.org/x/sys/unix/dirent.go | 1 -
+ .../golang.org/x/sys/unix/endian_big.go | 1 -
+ .../golang.org/x/sys/unix/endian_little.go | 1 -
+ .../vendor/golang.org/x/sys/unix/env_unix.go | 1 -
+ .../vendor/golang.org/x/sys/unix/epoll_zos.go | 1 -
+ .../vendor/golang.org/x/sys/unix/fcntl.go | 3 +-
+ .../x/sys/unix/fcntl_linux_32bit.go | 1 -
+ .../vendor/golang.org/x/sys/unix/fdset.go | 1 -
+ .../golang.org/x/sys/unix/fstatfs_zos.go | 1 -
+ .../vendor/golang.org/x/sys/unix/gccgo.go | 1 -
+ .../vendor/golang.org/x/sys/unix/gccgo_c.c | 1 -
+ .../x/sys/unix/gccgo_linux_amd64.go | 1 -
+ .../golang.org/x/sys/unix/ifreq_linux.go | 1 -
+ .../golang.org/x/sys/unix/ioctl_linux.go | 5 +
+ .../golang.org/x/sys/unix/ioctl_signed.go | 1 -
+ .../golang.org/x/sys/unix/ioctl_unsigned.go | 1 -
+ .../vendor/golang.org/x/sys/unix/ioctl_zos.go | 1 -
+ .../vendor/golang.org/x/sys/unix/mkerrors.sh | 4 +-
+ .../golang.org/x/sys/unix/mmap_nomremap.go | 1 -
+ .../vendor/golang.org/x/sys/unix/mremap.go | 1 -
+ .../golang.org/x/sys/unix/pagesize_unix.go | 1 -
+ .../golang.org/x/sys/unix/pledge_openbsd.go | 92 ++++---------------
+ .../golang.org/x/sys/unix/ptrace_darwin.go | 1 -
+ .../golang.org/x/sys/unix/ptrace_ios.go | 1 -
+ .../vendor/golang.org/x/sys/unix/race.go | 1 -
+ .../vendor/golang.org/x/sys/unix/race0.go | 1 -
+ .../x/sys/unix/readdirent_getdents.go | 1 -
+ .../x/sys/unix/readdirent_getdirentries.go | 1 -
+ .../golang.org/x/sys/unix/sockcmsg_unix.go | 1 -
+ .../x/sys/unix/sockcmsg_unix_other.go | 1 -
+ .../vendor/golang.org/x/sys/unix/syscall.go | 1 -
+ .../golang.org/x/sys/unix/syscall_aix.go | 4 +-
+ .../golang.org/x/sys/unix/syscall_aix_ppc.go | 1 -
+ .../x/sys/unix/syscall_aix_ppc64.go | 1 -
+ .../golang.org/x/sys/unix/syscall_bsd.go | 3 +-
+ .../x/sys/unix/syscall_darwin_amd64.go | 1 -
+ .../x/sys/unix/syscall_darwin_arm64.go | 1 -
+ .../x/sys/unix/syscall_darwin_libSystem.go | 1 -
+ .../x/sys/unix/syscall_dragonfly_amd64.go | 1 -
+ .../x/sys/unix/syscall_freebsd_386.go | 1 -
+ .../x/sys/unix/syscall_freebsd_amd64.go | 1 -
+ .../x/sys/unix/syscall_freebsd_arm.go | 1 -
+ .../x/sys/unix/syscall_freebsd_arm64.go | 1 -
+ .../x/sys/unix/syscall_freebsd_riscv64.go | 1 -
+ .../golang.org/x/sys/unix/syscall_hurd.go | 1 -
+ .../golang.org/x/sys/unix/syscall_hurd_386.go | 1 -
+ .../golang.org/x/sys/unix/syscall_illumos.go | 1 -
+ .../golang.org/x/sys/unix/syscall_linux.go | 33 ++++---
+ .../x/sys/unix/syscall_linux_386.go | 1 -
+ .../x/sys/unix/syscall_linux_alarm.go | 2 -
+ .../x/sys/unix/syscall_linux_amd64.go | 1 -
+ .../x/sys/unix/syscall_linux_amd64_gc.go | 1 -
+ .../x/sys/unix/syscall_linux_arm.go | 1 -
+ .../x/sys/unix/syscall_linux_arm64.go | 1 -
+ .../golang.org/x/sys/unix/syscall_linux_gc.go | 1 -
+ .../x/sys/unix/syscall_linux_gc_386.go | 1 -
+ .../x/sys/unix/syscall_linux_gc_arm.go | 1 -
+ .../x/sys/unix/syscall_linux_gccgo_386.go | 1 -
+ .../x/sys/unix/syscall_linux_gccgo_arm.go | 1 -
+ .../x/sys/unix/syscall_linux_loong64.go | 1 -
+ .../x/sys/unix/syscall_linux_mips64x.go | 2 -
+ .../x/sys/unix/syscall_linux_mipsx.go | 2 -
+ .../x/sys/unix/syscall_linux_ppc.go | 1 -
+ .../x/sys/unix/syscall_linux_ppc64x.go | 2 -
+ .../x/sys/unix/syscall_linux_riscv64.go | 1 -
+ .../x/sys/unix/syscall_linux_s390x.go | 1 -
+ .../x/sys/unix/syscall_linux_sparc64.go | 1 -
+ .../x/sys/unix/syscall_netbsd_386.go | 1 -
+ .../x/sys/unix/syscall_netbsd_amd64.go | 1 -
+ .../x/sys/unix/syscall_netbsd_arm.go | 1 -
+ .../x/sys/unix/syscall_netbsd_arm64.go | 1 -
+ .../golang.org/x/sys/unix/syscall_openbsd.go | 28 ++++--
+ .../x/sys/unix/syscall_openbsd_386.go | 1 -
+ .../x/sys/unix/syscall_openbsd_amd64.go | 1 -
+ .../x/sys/unix/syscall_openbsd_arm.go | 1 -
+ .../x/sys/unix/syscall_openbsd_arm64.go | 1 -
+ .../x/sys/unix/syscall_openbsd_libc.go | 1 -
+ .../x/sys/unix/syscall_openbsd_ppc64.go | 1 -
+ .../x/sys/unix/syscall_openbsd_riscv64.go | 1 -
+ .../golang.org/x/sys/unix/syscall_solaris.go | 5 +-
+ .../x/sys/unix/syscall_solaris_amd64.go | 1 -
+ .../golang.org/x/sys/unix/syscall_unix.go | 1 -
+ .../golang.org/x/sys/unix/syscall_unix_gc.go | 2 -
+ .../x/sys/unix/syscall_unix_gc_ppc64x.go | 3 -
+ .../x/sys/unix/syscall_zos_s390x.go | 3 +-
+ .../golang.org/x/sys/unix/sysvshm_linux.go | 1 -
+ .../golang.org/x/sys/unix/sysvshm_unix.go | 1 -
+ .../x/sys/unix/sysvshm_unix_other.go | 1 -
+ .../golang.org/x/sys/unix/timestruct.go | 1 -
+ .../golang.org/x/sys/unix/unveil_openbsd.go | 41 +++++----
+ .../vendor/golang.org/x/sys/unix/xattr_bsd.go | 1 -
+ .../golang.org/x/sys/unix/zerrors_aix_ppc.go | 1 -
+ .../x/sys/unix/zerrors_aix_ppc64.go | 1 -
+ .../x/sys/unix/zerrors_darwin_amd64.go | 1 -
+ .../x/sys/unix/zerrors_darwin_arm64.go | 1 -
+ .../x/sys/unix/zerrors_dragonfly_amd64.go | 1 -
+ .../x/sys/unix/zerrors_freebsd_386.go | 1 -
+ .../x/sys/unix/zerrors_freebsd_amd64.go | 1 -
+ .../x/sys/unix/zerrors_freebsd_arm.go | 1 -
+ .../x/sys/unix/zerrors_freebsd_arm64.go | 1 -
+ .../x/sys/unix/zerrors_freebsd_riscv64.go | 1 -
+ .../golang.org/x/sys/unix/zerrors_linux.go | 14 ++-
+ .../x/sys/unix/zerrors_linux_386.go | 1 -
+ .../x/sys/unix/zerrors_linux_amd64.go | 1 -
+ .../x/sys/unix/zerrors_linux_arm.go | 1 -
+ .../x/sys/unix/zerrors_linux_arm64.go | 1 -
+ .../x/sys/unix/zerrors_linux_loong64.go | 2 +-
+ .../x/sys/unix/zerrors_linux_mips.go | 1 -
+ .../x/sys/unix/zerrors_linux_mips64.go | 1 -
+ .../x/sys/unix/zerrors_linux_mips64le.go | 1 -
+ .../x/sys/unix/zerrors_linux_mipsle.go | 1 -
+ .../x/sys/unix/zerrors_linux_ppc.go | 1 -
+ .../x/sys/unix/zerrors_linux_ppc64.go | 1 -
+ .../x/sys/unix/zerrors_linux_ppc64le.go | 1 -
+ .../x/sys/unix/zerrors_linux_riscv64.go | 4 +-
+ .../x/sys/unix/zerrors_linux_s390x.go | 1 -
+ .../x/sys/unix/zerrors_linux_sparc64.go | 1 -
+ .../x/sys/unix/zerrors_netbsd_386.go | 1 -
+ .../x/sys/unix/zerrors_netbsd_amd64.go | 1 -
+ .../x/sys/unix/zerrors_netbsd_arm.go | 1 -
+ .../x/sys/unix/zerrors_netbsd_arm64.go | 1 -
+ .../x/sys/unix/zerrors_openbsd_386.go | 1 -
+ .../x/sys/unix/zerrors_openbsd_amd64.go | 1 -
+ .../x/sys/unix/zerrors_openbsd_arm.go | 1 -
+ .../x/sys/unix/zerrors_openbsd_arm64.go | 1 -
+ .../x/sys/unix/zerrors_openbsd_mips64.go | 1 -
+ .../x/sys/unix/zerrors_openbsd_ppc64.go | 1 -
+ .../x/sys/unix/zerrors_openbsd_riscv64.go | 1 -
+ .../x/sys/unix/zerrors_solaris_amd64.go | 1 -
+ .../x/sys/unix/zerrors_zos_s390x.go | 1 -
+ .../x/sys/unix/zptrace_armnn_linux.go | 2 -
+ .../x/sys/unix/zptrace_mipsnn_linux.go | 2 -
+ .../x/sys/unix/zptrace_mipsnnle_linux.go | 2 -
+ .../x/sys/unix/zptrace_x86_linux.go | 2 -
+ .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 1 -
+ .../x/sys/unix/zsyscall_aix_ppc64.go | 1 -
+ .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 1 -
+ .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 1 -
+ .../x/sys/unix/zsyscall_darwin_amd64.go | 1 -
+ .../x/sys/unix/zsyscall_darwin_arm64.go | 1 -
+ .../x/sys/unix/zsyscall_dragonfly_amd64.go | 1 -
+ .../x/sys/unix/zsyscall_freebsd_386.go | 1 -
+ .../x/sys/unix/zsyscall_freebsd_amd64.go | 1 -
+ .../x/sys/unix/zsyscall_freebsd_arm.go | 1 -
+ .../x/sys/unix/zsyscall_freebsd_arm64.go | 1 -
+ .../x/sys/unix/zsyscall_freebsd_riscv64.go | 1 -
+ .../x/sys/unix/zsyscall_illumos_amd64.go | 1 -
+ .../golang.org/x/sys/unix/zsyscall_linux.go | 26 +++++-
+ .../x/sys/unix/zsyscall_linux_386.go | 1 -
+ .../x/sys/unix/zsyscall_linux_amd64.go | 1 -
+ .../x/sys/unix/zsyscall_linux_arm.go | 1 -
+ .../x/sys/unix/zsyscall_linux_arm64.go | 1 -
+ .../x/sys/unix/zsyscall_linux_loong64.go | 1 -
+ .../x/sys/unix/zsyscall_linux_mips.go | 1 -
+ .../x/sys/unix/zsyscall_linux_mips64.go | 1 -
+ .../x/sys/unix/zsyscall_linux_mips64le.go | 1 -
+ .../x/sys/unix/zsyscall_linux_mipsle.go | 1 -
+ .../x/sys/unix/zsyscall_linux_ppc.go | 1 -
+ .../x/sys/unix/zsyscall_linux_ppc64.go | 1 -
+ .../x/sys/unix/zsyscall_linux_ppc64le.go | 1 -
+ .../x/sys/unix/zsyscall_linux_riscv64.go | 1 -
+ .../x/sys/unix/zsyscall_linux_s390x.go | 1 -
+ .../x/sys/unix/zsyscall_linux_sparc64.go | 1 -
+ .../x/sys/unix/zsyscall_netbsd_386.go | 1 -
+ .../x/sys/unix/zsyscall_netbsd_amd64.go | 1 -
+ .../x/sys/unix/zsyscall_netbsd_arm.go | 1 -
+ .../x/sys/unix/zsyscall_netbsd_arm64.go | 1 -
+ .../x/sys/unix/zsyscall_openbsd_386.go | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_386.s | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_amd64.go | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_amd64.s | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_arm.go | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_arm.s | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_arm64.go | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_arm64.s | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_mips64.go | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_mips64.s | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_ppc64.go | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_ppc64.s | 24 +++++
+ .../x/sys/unix/zsyscall_openbsd_riscv64.go | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_riscv64.s | 20 ++++
+ .../x/sys/unix/zsyscall_solaris_amd64.go | 1 -
+ .../x/sys/unix/zsyscall_zos_s390x.go | 1 -
+ .../x/sys/unix/zsysctl_openbsd_386.go | 1 -
+ .../x/sys/unix/zsysctl_openbsd_amd64.go | 1 -
+ .../x/sys/unix/zsysctl_openbsd_arm.go | 1 -
+ .../x/sys/unix/zsysctl_openbsd_arm64.go | 1 -
+ .../x/sys/unix/zsysctl_openbsd_mips64.go | 1 -
+ .../x/sys/unix/zsysctl_openbsd_ppc64.go | 1 -
+ .../x/sys/unix/zsysctl_openbsd_riscv64.go | 1 -
+ .../x/sys/unix/zsysnum_darwin_amd64.go | 1 -
+ .../x/sys/unix/zsysnum_darwin_arm64.go | 1 -
+ .../x/sys/unix/zsysnum_dragonfly_amd64.go | 1 -
+ .../x/sys/unix/zsysnum_freebsd_386.go | 1 -
+ .../x/sys/unix/zsysnum_freebsd_amd64.go | 1 -
+ .../x/sys/unix/zsysnum_freebsd_arm.go | 1 -
+ .../x/sys/unix/zsysnum_freebsd_arm64.go | 1 -
+ .../x/sys/unix/zsysnum_freebsd_riscv64.go | 1 -
+ .../x/sys/unix/zsysnum_linux_386.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_amd64.go | 3 +-
+ .../x/sys/unix/zsysnum_linux_arm.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_arm64.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_loong64.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_mips.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_mips64.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_mips64le.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_mipsle.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_ppc.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_ppc64.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_ppc64le.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_riscv64.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_s390x.go | 2 +-
+ .../x/sys/unix/zsysnum_linux_sparc64.go | 2 +-
+ .../x/sys/unix/zsysnum_netbsd_386.go | 1 -
+ .../x/sys/unix/zsysnum_netbsd_amd64.go | 1 -
+ .../x/sys/unix/zsysnum_netbsd_arm.go | 1 -
+ .../x/sys/unix/zsysnum_netbsd_arm64.go | 1 -
+ .../x/sys/unix/zsysnum_openbsd_386.go | 1 -
+ .../x/sys/unix/zsysnum_openbsd_amd64.go | 1 -
+ .../x/sys/unix/zsysnum_openbsd_arm.go | 1 -
+ .../x/sys/unix/zsysnum_openbsd_arm64.go | 1 -
+ .../x/sys/unix/zsysnum_openbsd_mips64.go | 1 -
+ .../x/sys/unix/zsysnum_openbsd_ppc64.go | 1 -
+ .../x/sys/unix/zsysnum_openbsd_riscv64.go | 1 -
+ .../x/sys/unix/zsysnum_zos_s390x.go | 1 -
+ .../golang.org/x/sys/unix/ztypes_aix_ppc.go | 1 -
+ .../golang.org/x/sys/unix/ztypes_aix_ppc64.go | 1 -
+ .../x/sys/unix/ztypes_darwin_amd64.go | 1 -
+ .../x/sys/unix/ztypes_darwin_arm64.go | 1 -
+ .../x/sys/unix/ztypes_dragonfly_amd64.go | 1 -
+ .../x/sys/unix/ztypes_freebsd_386.go | 1 -
+ .../x/sys/unix/ztypes_freebsd_amd64.go | 1 -
+ .../x/sys/unix/ztypes_freebsd_arm.go | 1 -
+ .../x/sys/unix/ztypes_freebsd_arm64.go | 1 -
+ .../x/sys/unix/ztypes_freebsd_riscv64.go | 1 -
+ .../golang.org/x/sys/unix/ztypes_linux.go | 45 ++++++++-
+ .../golang.org/x/sys/unix/ztypes_linux_386.go | 1 -
+ .../x/sys/unix/ztypes_linux_amd64.go | 1 -
+ .../golang.org/x/sys/unix/ztypes_linux_arm.go | 1 -
+ .../x/sys/unix/ztypes_linux_arm64.go | 1 -
+ .../x/sys/unix/ztypes_linux_loong64.go | 1 -
+ .../x/sys/unix/ztypes_linux_mips.go | 1 -
+ .../x/sys/unix/ztypes_linux_mips64.go | 1 -
+ .../x/sys/unix/ztypes_linux_mips64le.go | 1 -
+ .../x/sys/unix/ztypes_linux_mipsle.go | 1 -
+ .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 1 -
+ .../x/sys/unix/ztypes_linux_ppc64.go | 1 -
+ .../x/sys/unix/ztypes_linux_ppc64le.go | 1 -
+ .../x/sys/unix/ztypes_linux_riscv64.go | 1 -
+ .../x/sys/unix/ztypes_linux_s390x.go | 1 -
+ .../x/sys/unix/ztypes_linux_sparc64.go | 1 -
+ .../x/sys/unix/ztypes_netbsd_386.go | 1 -
+ .../x/sys/unix/ztypes_netbsd_amd64.go | 1 -
+ .../x/sys/unix/ztypes_netbsd_arm.go | 1 -
+ .../x/sys/unix/ztypes_netbsd_arm64.go | 1 -
+ .../x/sys/unix/ztypes_openbsd_386.go | 1 -
+ .../x/sys/unix/ztypes_openbsd_amd64.go | 1 -
+ .../x/sys/unix/ztypes_openbsd_arm.go | 1 -
+ .../x/sys/unix/ztypes_openbsd_arm64.go | 1 -
+ .../x/sys/unix/ztypes_openbsd_mips64.go | 1 -
+ .../x/sys/unix/ztypes_openbsd_ppc64.go | 1 -
+ .../x/sys/unix/ztypes_openbsd_riscv64.go | 1 -
+ .../x/sys/unix/ztypes_solaris_amd64.go | 1 -
+ .../golang.org/x/sys/unix/ztypes_zos_s390x.go | 1 -
+ .../golang.org/x/sys/windows/aliases.go | 1 -
+ .../vendor/golang.org/x/sys/windows/empty.s | 1 -
+ .../golang.org/x/sys/windows/eventlog.go | 1 -
+ .../golang.org/x/sys/windows/mksyscall.go | 1 -
+ .../vendor/golang.org/x/sys/windows/race.go | 1 -
+ .../vendor/golang.org/x/sys/windows/race0.go | 1 -
+ .../golang.org/x/sys/windows/registry/key.go | 1 -
+ .../x/sys/windows/registry/mksyscall.go | 1 -
+ .../x/sys/windows/registry/syscall.go | 1 -
+ .../x/sys/windows/registry/value.go | 1 -
+ .../golang.org/x/sys/windows/service.go | 1 -
+ .../vendor/golang.org/x/sys/windows/str.go | 1 -
+ .../golang.org/x/sys/windows/svc/security.go | 1 -
+ .../golang.org/x/sys/windows/svc/service.go | 1 -
+ .../golang.org/x/sys/windows/syscall.go | 1 -
+ .../x/sys/windows/syscall_windows.go | 6 +-
+ .../golang.org/x/sys/windows/types_windows.go | 28 +++++-
+ .../x/sys/windows/zsyscall_windows.go | 28 ++++++
+ .../vendor/golang.org/x/term/term_unix.go | 1 -
+ .../vendor/golang.org/x/term/term_unix_bsd.go | 1 -
+ .../golang.org/x/term/term_unix_other.go | 1 -
+ .../golang.org/x/term/term_unsupported.go | 1 -
+ .../x/text/secure/bidirule/bidirule10.0.0.go | 1 -
+ .../x/text/secure/bidirule/bidirule9.0.0.go | 1 -
+ .../x/text/unicode/bidi/tables10.0.0.go | 1 -
+ .../x/text/unicode/bidi/tables11.0.0.go | 1 -
+ .../x/text/unicode/bidi/tables12.0.0.go | 1 -
+ .../x/text/unicode/bidi/tables13.0.0.go | 1 -
+ .../x/text/unicode/bidi/tables15.0.0.go | 1 -
+ .../x/text/unicode/bidi/tables9.0.0.go | 1 -
+ .../x/text/unicode/norm/tables10.0.0.go | 1 -
+ .../x/text/unicode/norm/tables11.0.0.go | 1 -
+ .../x/text/unicode/norm/tables12.0.0.go | 1 -
+ .../x/text/unicode/norm/tables13.0.0.go | 1 -
+ .../x/text/unicode/norm/tables15.0.0.go | 1 -
+ .../x/text/unicode/norm/tables9.0.0.go | 1 -
+ .../k8s.io/client-go/informers/factory.go | 10 --
+ go-controller/vendor/modules.txt | 16 ++--
+ 341 files changed, 924 insertions(+), 501 deletions(-)
+
+diff --git a/go-controller/go.mod b/go-controller/go.mod
+index e3c730420..394778ac7 100644
+--- a/go-controller/go.mod
++++ b/go-controller/go.mod
+@@ -41,7 +41,7 @@ require (
+ golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb
+ golang.org/x/net v0.17.0
+ golang.org/x/sync v0.2.0
+- golang.org/x/sys v0.13.0
++ golang.org/x/sys v0.15.0
+ golang.org/x/time v0.3.0
+ google.golang.org/grpc v1.56.3
+ google.golang.org/protobuf v1.30.0
+@@ -105,11 +105,11 @@ require (
+ github.com/stretchr/objx v0.5.0 // indirect
+ github.com/vishvananda/netns v0.0.4 // indirect
+ go.opencensus.io v0.24.0 // indirect
+- golang.org/x/crypto v0.14.0 // indirect
++ golang.org/x/crypto v0.17.0 // indirect
+ golang.org/x/mod v0.11.0 // indirect
+ golang.org/x/oauth2 v0.8.0 // indirect
+- golang.org/x/term v0.13.0 // indirect
+- golang.org/x/text v0.13.0 // indirect
++ golang.org/x/term v0.15.0 // indirect
++ golang.org/x/text v0.14.0 // indirect
+ golang.org/x/tools v0.9.1 // indirect
+ gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
+ google.golang.org/appengine v1.6.7 // indirect
+diff --git a/go-controller/go.sum b/go-controller/go.sum
+index da8817fbb..a3818d28a 100644
+--- a/go-controller/go.sum
++++ b/go-controller/go.sum
+@@ -811,8 +811,8 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
+ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
++golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
++golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+ golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+ golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+@@ -1022,12 +1022,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
+ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
++golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
++golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
++golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
++golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+ golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+@@ -1038,8 +1038,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
++golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
++golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+diff --git a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go
+index 2000064a8..5627d70e3 100644
+--- a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go
++++ b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build !go1.19
+-// +build !go1.19
+
+ package execabs
+
+diff --git a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go
+index f364b3418..d60ab1b41 100644
+--- a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go
++++ b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build go1.19
+-// +build go1.19
+
+ package execabs
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+index c9b69937a..73687de74 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build go1.5
+-// +build go1.5
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+index 98bf56b73..fb9458218 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build !go1.5
+-// +build !go1.5
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/race.go b/go-controller/vendor/golang.org/x/sys/plan9/race.go
+index 62377d2ff..c02d9ed33 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/race.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/race.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build plan9 && race
+-// +build plan9,race
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/race0.go b/go-controller/vendor/golang.org/x/sys/plan9/race0.go
+index f8da30876..7b15e15f6 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/race0.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/race0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build plan9 && !race
+-// +build plan9,!race
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/str.go b/go-controller/vendor/golang.org/x/sys/plan9/str.go
+index 55fa8d025..ba3e8ff8a 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/str.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/str.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build plan9
+-// +build plan9
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/syscall.go b/go-controller/vendor/golang.org/x/sys/plan9/syscall.go
+index 67e5b0115..d631fd664 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build plan9
+-// +build plan9
+
+ // Package plan9 contains an interface to the low-level operating system
+ // primitives. OS details vary depending on the underlying system, and
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+index 3f40b9bd7..f780d5c80 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build plan9 && 386
+-// +build plan9,386
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+index 0e6a96aa4..7de61065f 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build plan9 && amd64
+-// +build plan9,amd64
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+index 244c501b7..ea85780f0 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build plan9 && arm
+-// +build plan9,arm
+
+ package plan9
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/aliases.go b/go-controller/vendor/golang.org/x/sys/unix/aliases.go
+index abc89c104..e7d3df4bd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/aliases.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/aliases.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+-// +build go1.9
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+index db9171c2e..269e173ca 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gc
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+index e0fcd9b3d..a4fcef0e0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (freebsd || netbsd || openbsd) && gc
+-// +build freebsd netbsd openbsd
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+index 2b99c349a..1e63615c5 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
+-// +build darwin dragonfly freebsd netbsd openbsd
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+index d702d4adc..6496c3100 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (freebsd || netbsd || openbsd) && gc
+-// +build freebsd netbsd openbsd
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+index fe36a7391..4fd1f54da 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (darwin || freebsd || netbsd || openbsd) && gc
+-// +build darwin freebsd netbsd openbsd
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+index e5b9a8489..42f7eb9e4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (darwin || freebsd || netbsd || openbsd) && gc
+-// +build darwin freebsd netbsd openbsd
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+index d560019ea..f8902667e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (darwin || freebsd || netbsd || openbsd) && gc
+-// +build darwin freebsd netbsd openbsd
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s
+index 8fd101d07..3b4734870 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gc
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+index 7ed38e43c..67e29f317 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gc
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+index 8ef1d5140..d6ae269ce 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gc
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+index 98ae02760..01e5e253c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && arm64 && gc
+-// +build linux
+-// +build arm64
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+index 565357288..2abf12f6e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && loong64 && gc
+-// +build linux
+-// +build loong64
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+index 21231d2ce..f84bae712 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (mips64 || mips64le) && gc
+-// +build linux
+-// +build mips64 mips64le
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+index 6783b26c6..f08f62807 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (mips || mipsle) && gc
+-// +build linux
+-// +build mips mipsle
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+index 19d498934..bdfc024d2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (ppc64 || ppc64le) && gc
+-// +build linux
+-// +build ppc64 ppc64le
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+index e42eb81d5..2e8c99612 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build riscv64 && gc
+-// +build riscv64
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+index c46aab339..2c394b11e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && s390x && gc
+-// +build linux
+-// +build s390x
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+index 5e7a1169c..fab586a2c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gc
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+index f8c5394c1..f949ec547 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gc
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+index 3b54e1858..2f67ba86d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x && gc
+-// +build zos
+-// +build s390x
+-// +build gc
+
+ #include "textflag.h"
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go b/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go
+index 0b7c6adb8..a08657890 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build freebsd
+-// +build freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/constants.go b/go-controller/vendor/golang.org/x/sys/unix/constants.go
+index 394a3965b..6fb7cb77d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/constants.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/constants.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+index 65a998508..d78513461 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix && ppc
+-// +build aix,ppc
+
+ // Functions to access/create device major and minor numbers matching the
+ // encoding used by AIX.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+index 8fc08ad0a..623a5e697 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix && ppc64
+-// +build aix,ppc64
+
+ // Functions to access/create device major and minor numbers matching the
+ // encoding used AIX.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go b/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go
+index a388e59a0..bb6a64fe9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ // Functions to access/create device major and minor numbers matching the
+ // encoding used by z/OS.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dirent.go b/go-controller/vendor/golang.org/x/sys/unix/dirent.go
+index 2499f977b..1ebf11782 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dirent.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dirent.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/endian_big.go b/go-controller/vendor/golang.org/x/sys/unix/endian_big.go
+index a52026557..1095fd31d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/endian_big.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/endian_big.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ //
+ //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
+-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/endian_little.go b/go-controller/vendor/golang.org/x/sys/unix/endian_little.go
+index b0f2bc4ae..b9f0e277b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/endian_little.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/endian_little.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ //
+ //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
+-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/env_unix.go b/go-controller/vendor/golang.org/x/sys/unix/env_unix.go
+index 29ccc4d13..a96da71f4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/env_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/env_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ // Unix environment variables.
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go b/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go
+index cedaf7e02..7753fddea 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fcntl.go b/go-controller/vendor/golang.org/x/sys/unix/fcntl.go
+index e9b991258..6200876fb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fcntl.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fcntl.go
+@@ -2,8 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+
+-//go:build dragonfly || freebsd || linux || netbsd || openbsd
+-// +build dragonfly freebsd linux netbsd openbsd
++//go:build dragonfly || freebsd || linux || netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+index 29d44808b..13b4acd5c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
+-// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fdset.go b/go-controller/vendor/golang.org/x/sys/unix/fdset.go
+index a8068f94f..9e83d18cd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fdset.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fdset.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+index e377cc9f4..c8bde601e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo.go b/go-controller/vendor/golang.org/x/sys/unix/gccgo.go
+index b06f52d74..aca5721dd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/gccgo.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gccgo && !aix && !hurd
+-// +build gccgo,!aix,!hurd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c b/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c
+index f98a1c542..d468b7b47 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c
++++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gccgo && !aix && !hurd
+-// +build gccgo,!aix,!hurd
+
+ #include <errno.h>
+ #include <stdint.h>
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+index e60e49a3d..972d61bd7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build gccgo && linux && amd64
+-// +build gccgo,linux,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go
+index 15721a510..848840ae4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux
+-// +build linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go
+index 0d12c0851..dbe680eab 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go
+@@ -231,3 +231,8 @@ func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) {
+ func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error {
+ return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value))
+ }
++
++// IoctlLoopConfigure configures all loop device parameters in a single step
++func IoctlLoopConfigure(fd int, value *LoopConfig) error {
++ return ioctlPtr(fd, LOOP_CONFIGURE, unsafe.Pointer(value))
++}
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go
+index 7def9580e..5b0759bd8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || solaris
+-// +build aix solaris
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+index 649913d1e..20f470b9d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
+-// +build darwin dragonfly freebsd hurd linux netbsd openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go
+index cdc21bf76..c8b2a750f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh b/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh
+index 47fa6a7eb..6202638ba 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh
++++ b/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh
+@@ -519,6 +519,7 @@ ccflags="$@"
+ $2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
+ $2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
+ $2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
++ $2 == "LOOP_CONFIGURE" ||
+ $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ ||
+ $2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ ||
+ $2 ~ /^NFC_.*_(MAX)?SIZE$/ ||
+@@ -560,7 +561,7 @@ ccflags="$@"
+ $2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ ||
+ $2 ~ /^PRIO_(PROCESS|PGRP|USER)/ ||
+ $2 ~ /^CLONE_[A-Z_]+/ ||
+- $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ &&
++ $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+|BPF_F_LINK)$/ &&
+ $2 ~ /^(BPF|DLT)_/ ||
+ $2 ~ /^AUDIT_/ ||
+ $2 ~ /^(CLOCK|TIMER)_/ ||
+@@ -663,7 +664,6 @@ echo '// mkerrors.sh' "$@"
+ echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
+ echo
+ echo "//go:build ${GOARCH} && ${GOOS}"
+-echo "// +build ${GOARCH},${GOOS}"
+ echo
+ go tool cgo -godefs -- "$@" _const.go >_error.out
+ cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+index ca0513632..4b68e5978 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
+-// +build aix darwin dragonfly freebsd openbsd solaris
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/mremap.go b/go-controller/vendor/golang.org/x/sys/unix/mremap.go
+index fa93d0aa9..fd45fe529 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/mremap.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/mremap.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux || netbsd
+-// +build linux netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go b/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go
+index 53f1b4c5b..4d0a3430e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+ // For Unix, get the pagesize from the runtime.
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+index eb48294b2..6a09af53e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+@@ -8,54 +8,31 @@ import (
+ "errors"
+ "fmt"
+ "strconv"
+- "syscall"
+- "unsafe"
+ )
+
+ // Pledge implements the pledge syscall.
+ //
+-// The pledge syscall does not accept execpromises on OpenBSD releases
+-// before 6.3.
+-//
+-// execpromises must be empty when Pledge is called on OpenBSD
+-// releases predating 6.3, otherwise an error will be returned.
++// This changes both the promises and execpromises; use PledgePromises or
++// PledgeExecpromises to only change the promises or execpromises
++// respectively.
+ //
+ // For more information see pledge(2).
+ func Pledge(promises, execpromises string) error {
+- maj, min, err := majmin()
+- if err != nil {
++ if err := pledgeAvailable(); err != nil {
+ return err
+ }
+
+- err = pledgeAvailable(maj, min, execpromises)
++ pptr, err := BytePtrFromString(promises)
+ if err != nil {
+ return err
+ }
+
+- pptr, err := syscall.BytePtrFromString(promises)
++ exptr, err := BytePtrFromString(execpromises)
+ if err != nil {
+ return err
+ }
+
+- // This variable will hold either a nil unsafe.Pointer or
+- // an unsafe.Pointer to a string (execpromises).
+- var expr unsafe.Pointer
+-
+- // If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
+- if maj > 6 || (maj == 6 && min > 2) {
+- exptr, err := syscall.BytePtrFromString(execpromises)
+- if err != nil {
+- return err
+- }
+- expr = unsafe.Pointer(exptr)
+- }
+-
+- _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+- if e != 0 {
+- return e
+- }
+-
+- return nil
++ return pledge(pptr, exptr)
+ }
+
+ // PledgePromises implements the pledge syscall.
+@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error {
+ //
+ // For more information see pledge(2).
+ func PledgePromises(promises string) error {
+- maj, min, err := majmin()
+- if err != nil {
+- return err
+- }
+-
+- err = pledgeAvailable(maj, min, "")
+- if err != nil {
++ if err := pledgeAvailable(); err != nil {
+ return err
+ }
+
+- // This variable holds the execpromises and is always nil.
+- var expr unsafe.Pointer
+-
+- pptr, err := syscall.BytePtrFromString(promises)
++ pptr, err := BytePtrFromString(promises)
+ if err != nil {
+ return err
+ }
+
+- _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+- if e != 0 {
+- return e
+- }
+-
+- return nil
++ return pledge(pptr, nil)
+ }
+
+ // PledgeExecpromises implements the pledge syscall.
+@@ -96,30 +59,16 @@ func PledgePromises(promises string) error {
+ //
+ // For more information see pledge(2).
+ func PledgeExecpromises(execpromises string) error {
+- maj, min, err := majmin()
+- if err != nil {
++ if err := pledgeAvailable(); err != nil {
+ return err
+ }
+
+- err = pledgeAvailable(maj, min, execpromises)
++ exptr, err := BytePtrFromString(execpromises)
+ if err != nil {
+ return err
+ }
+
+- // This variable holds the promises and is always nil.
+- var pptr unsafe.Pointer
+-
+- exptr, err := syscall.BytePtrFromString(execpromises)
+- if err != nil {
+- return err
+- }
+-
+- _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
+- if e != 0 {
+- return e
+- }
+-
+- return nil
++ return pledge(nil, exptr)
+ }
+
+ // majmin returns major and minor version number for an OpenBSD system.
+@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) {
+
+ // pledgeAvailable checks for availability of the pledge(2) syscall
+ // based on the running OpenBSD version.
+-func pledgeAvailable(maj, min int, execpromises string) error {
+- // If OpenBSD <= 5.9, pledge is not available.
+- if (maj == 5 && min != 9) || maj < 5 {
+- return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
++func pledgeAvailable() error {
++ maj, min, err := majmin()
++ if err != nil {
++ return err
+ }
+
+- // If OpenBSD <= 6.2 and execpromises is not empty,
+- // return an error - execpromises is not available before 6.3
+- if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
+- return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
++ // Require OpenBSD 6.4 as a minimum.
++ if maj < 6 || (maj == 6 && min <= 3) {
++ return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min)
+ }
+
+ return nil
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+index 463c3eff7..3f0975f3d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build darwin && !ios
+-// +build darwin,!ios
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go b/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go
+index ed0509a01..a4d35db5d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build ios
+-// +build ios
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/race.go b/go-controller/vendor/golang.org/x/sys/unix/race.go
+index 6f6c5fec5..714d2aae7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/race.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/race.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (darwin && race) || (linux && race) || (freebsd && race)
+-// +build darwin,race linux,race freebsd,race
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/race0.go b/go-controller/vendor/golang.org/x/sys/unix/race0.go
+index 706e1322a..4a9f6634c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/race0.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/race0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
+-// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+index 4d6257569..dbd2b6ccb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
+-// +build aix dragonfly freebsd linux netbsd openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+index 2a4ba47c4..130398b6b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build darwin
+-// +build darwin
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+index 3865943f6..c3a62dbb1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ // Socket control messages
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+index 0840fe4a5..4a1eab37e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin freebsd linux netbsd openbsd solaris zos
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall.go b/go-controller/vendor/golang.org/x/sys/unix/syscall.go
+index 63e8c8383..5ea74da98 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ // Package unix contains an interface to the low-level operating system
+ // primitives. OS details vary depending on the underlying system, and
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go
+index e94e6cdac..67ce6cef2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix
+-// +build aix
+
+ // Aix system calls.
+ // This file is compiled as ordinary Go code,
+@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+ if n > 0 {
+ sl += _Socklen(n) + 1
+ }
+- if sa.raw.Path[0] == '@' {
++ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++ // Check sl > 3 so we don't change unnamed socket behavior.
+ sa.raw.Path[0] = 0
+ // Don't count trailing NUL for abstract address.
+ sl--
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+index f2871fa95..1fdaa4760 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix && ppc
+-// +build aix,ppc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+index 75718ec0f..c87f9a9f4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix && ppc64
+-// +build aix,ppc64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go
+index 4217de518..a00c3e545 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build darwin || dragonfly || freebsd || netbsd || openbsd
+-// +build darwin dragonfly freebsd netbsd openbsd
+
+ // BSD system call wrappers shared by *BSD based systems
+ // including OS X (Darwin) and FreeBSD. Like the other
+@@ -317,7 +316,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ if err != nil {
+ return "", err
+ }
+- return string(buf[:vallen-1]), nil
++ return ByteSliceToString(buf[:vallen]), nil
+ }
+
+ //sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+index b37310ce9..0eaecf5fc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+index d51ec9963..f36c6707c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+index 53c96641f..16dc69937 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build darwin && go1.12
+-// +build darwin,go1.12
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+index 4e2d32120..14bab6b2d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+index b8da51004..3967bca77 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+index 47155c483..eff19ada2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+index 08932093f..4f24b517a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm && freebsd
+-// +build arm,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+index d151a0d0e..ac30759ec 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+index d5cd64b37..aab725ca7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go
+index 381fd4673..ba46651f8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build hurd
+-// +build hurd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+index 7cf54a3e4..df89f9e6b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build 386 && hurd
+-// +build 386,hurd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go
+index 87db5a6a8..a863f7052 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go
+@@ -5,7 +5,6 @@
+ // illumos system calls not present on Solaris.
+
+ //go:build amd64 && illumos
+-// +build amd64,illumos
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go
+index fb4e50224..0f85e29e6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go
+@@ -61,15 +61,23 @@ func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) (
+ }
+
+ //sys fchmodat(dirfd int, path string, mode uint32) (err error)
+-
+-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+- // Linux fchmodat doesn't support the flags parameter. Mimick glibc's behavior
+- // and check the flags. Otherwise the mode would be applied to the symlink
+- // destination which is not what the user expects.
+- if flags&^AT_SYMLINK_NOFOLLOW != 0 {
+- return EINVAL
+- } else if flags&AT_SYMLINK_NOFOLLOW != 0 {
+- return EOPNOTSUPP
++//sys fchmodat2(dirfd int, path string, mode uint32, flags int) (err error)
++
++func Fchmodat(dirfd int, path string, mode uint32, flags int) error {
++ // Linux fchmodat doesn't support the flags parameter, but fchmodat2 does.
++ // Try fchmodat2 if flags are specified.
++ if flags != 0 {
++ err := fchmodat2(dirfd, path, mode, flags)
++ if err == ENOSYS {
++ // fchmodat2 isn't available. If the flags are known to be valid,
++ // return EOPNOTSUPP to indicate that fchmodat doesn't support them.
++ if flags&^(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
++ return EINVAL
++ } else if flags&(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
++ return EOPNOTSUPP
++ }
++ }
++ return err
+ }
+ return fchmodat(dirfd, path, mode)
+ }
+@@ -417,7 +425,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+ if n > 0 {
+ sl += _Socklen(n) + 1
+ }
+- if sa.raw.Path[0] == '@' {
++ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++ // Check sl > 3 so we don't change unnamed socket behavior.
+ sa.raw.Path[0] = 0
+ // Don't count trailing NUL for abstract address.
+ sl--
+@@ -1301,7 +1310,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ return "", err
+ }
+ }
+- return string(buf[:vallen-1]), nil
++ return ByteSliceToString(buf[:vallen]), nil
+ }
+
+ func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) {
+@@ -2482,3 +2491,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
+ }
+ return attr, nil
+ }
++
++//sys Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+index c7d9945ea..506dafa7b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build 386 && linux
+-// +build 386,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+index 08086ac6a..38d55641b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
+-// +build linux
+-// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+index 70601ce36..d557cf8de 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && linux
+-// +build amd64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+index 8b0f0f3aa..facdb83b2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && linux && gc
+-// +build amd64,linux,gc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+index da2986415..cd2dd797f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm && linux
+-// +build arm,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+index f5266689a..cf2ee6c75 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm64 && linux
+-// +build arm64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+index 2b1168d7d..ffc4c2b63 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && gc
+-// +build linux,gc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+index 9843fb489..9ebfdcf44 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && gc && 386
+-// +build linux,gc,386
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+index a6008fccd..5f2b57c4c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm && gc && linux
+-// +build arm,gc,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+index 7740af242..d1a3ad826 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && gccgo && 386
+-// +build linux,gccgo,386
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+index e16a12299..f2f67423e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && gccgo && arm
+-// +build linux,gccgo,arm
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+index f6ab02ec1..3d0e98451 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build loong64 && linux
+-// +build loong64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+index 93fe59d25..70963a95a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (mips64 || mips64le)
+-// +build linux
+-// +build mips64 mips64le
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+index aae7f0ffd..c218ebd28 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (mips || mipsle)
+-// +build linux
+-// +build mips mipsle
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+index 66eff19a3..e6c48500c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && ppc
+-// +build linux,ppc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+index 806aa2574..7286a9aa8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (ppc64 || ppc64le)
+-// +build linux
+-// +build ppc64 ppc64le
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+index 5e6ceee12..6f5a28894 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+index 2f89e8f5d..66f31210d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build s390x && linux
+-// +build s390x,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+index 7ca064ae7..11d1f1698 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+index 5199d282f..7a5eb5743 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+index 70a9c52e9..62d8957ae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+index 3eb5942f9..ce6a06885 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm && netbsd
+-// +build arm,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+index fc6ccfd81..d46d689d1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+index 6f34479b5..b25343c71 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
+ }
+
+ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
+- var _p0 unsafe.Pointer
++ var bufptr *Statfs_t
+ var bufsize uintptr
+ if len(buf) > 0 {
+- _p0 = unsafe.Pointer(&buf[0])
++ bufptr = &buf[0]
+ bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+ }
+- r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
+- n = int(r0)
+- if e1 != 0 {
+- err = e1
+- }
+- return
++ return getfsstat(bufptr, bufsize, flags)
+ }
+
+ //sysnb getresuid(ruid *_C_int, euid *_C_int, suid *_C_int)
+@@ -171,6 +166,20 @@ func Getresgid() (rgid, egid, sgid int) {
+
+ //sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+
++//sys fcntl(fd int, cmd int, arg int) (n int, err error)
++//sys fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) = SYS_FCNTL
++
++// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
++func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
++ return fcntl(int(fd), cmd, arg)
++}
++
++// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
++func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
++ _, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk))
++ return err
++}
++
+ //sys ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
+
+ func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+@@ -326,4 +335,7 @@ func Uname(uname *Utsname) error {
+ //sys write(fd int, p []byte) (n int, err error)
+ //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+ //sys munmap(addr uintptr, length uintptr) (err error)
++//sys getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error)
+ //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
++//sys pledge(promises *byte, execpromises *byte) (err error)
++//sys unveil(path *byte, flags *byte) (err error)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+index 6baabcdcb..9ddc89f4f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+index bab25360e..70a3c96ee 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+index 8eed3c4d4..265caa87f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm && openbsd
+-// +build arm,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+index 483dde99d..ac4fda171 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+index 04aa43f41..0a451e6dd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build openbsd
+-// +build openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+index c2796139c..30a308cbb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+index 23199a7ff..ea954330f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go
+index b99cfa134..21974af06 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go
+@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+ if n > 0 {
+ sl += _Socklen(n) + 1
+ }
+- if sa.raw.Path[0] == '@' {
++ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++ // Check sl > 3 so we don't change unnamed socket behavior.
+ sa.raw.Path[0] = 0
+ // Don't count trailing NUL for abstract address.
+ sl--
+@@ -157,7 +158,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ if err != nil {
+ return "", err
+ }
+- return string(buf[:vallen-1]), nil
++ return ByteSliceToString(buf[:vallen]), nil
+ }
+
+ const ImplementsGetwd = true
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+index 0bd25ef81..e02d8ceae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build amd64 && solaris
+-// +build amd64,solaris
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go
+index f6eda2705..77081de8c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+index b6919ca58..05c95bccf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
+-// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
+-// +build gc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+index f6f707acf..23f39b7af 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux && (ppc64le || ppc64) && gc
+-// +build linux
+-// +build ppc64le ppc64
+-// +build gc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+index 4596d041c..b473038c6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ package unix
+
+@@ -1105,7 +1104,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ return "", err
+ }
+
+- return string(buf[:vallen-1]), nil
++ return ByteSliceToString(buf[:vallen]), nil
+ }
+
+ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+index 2c3a4437f..4fcd38de2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build linux
+-// +build linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+index 5bb41d17b..79a84f18b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build (darwin && !ios) || linux
+-// +build darwin,!ios linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+index 71bddefdb..9eb0db664 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build darwin && !ios
+-// +build darwin,!ios
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/timestruct.go b/go-controller/vendor/golang.org/x/sys/unix/timestruct.go
+index 616b1b284..7997b1902 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/timestruct.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/timestruct.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+index 168d5ae77..cb7e598ce 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+@@ -4,39 +4,48 @@
+
+ package unix
+
+-import (
+- "syscall"
+- "unsafe"
+-)
++import "fmt"
+
+ // Unveil implements the unveil syscall.
+ // For more information see unveil(2).
+ // Note that the special case of blocking further
+ // unveil calls is handled by UnveilBlock.
+ func Unveil(path string, flags string) error {
+- pathPtr, err := syscall.BytePtrFromString(path)
+- if err != nil {
++ if err := supportsUnveil(); err != nil {
+ return err
+ }
+- flagsPtr, err := syscall.BytePtrFromString(flags)
++ pathPtr, err := BytePtrFromString(path)
+ if err != nil {
+ return err
+ }
+- _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
+- if e != 0 {
+- return e
++ flagsPtr, err := BytePtrFromString(flags)
++ if err != nil {
++ return err
+ }
+- return nil
++ return unveil(pathPtr, flagsPtr)
+ }
+
+ // UnveilBlock blocks future unveil calls.
+ // For more information see unveil(2).
+ func UnveilBlock() error {
+- // Both pointers must be nil.
+- var pathUnsafe, flagsUnsafe unsafe.Pointer
+- _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
+- if e != 0 {
+- return e
++ if err := supportsUnveil(); err != nil {
++ return err
+ }
++ return unveil(nil, nil)
++}
++
++// supportsUnveil checks for availability of the unveil(2) system call based
++// on the running OpenBSD version.
++func supportsUnveil() error {
++ maj, min, err := majmin()
++ if err != nil {
++ return err
++ }
++
++ // unveil is not available before 6.4
++ if maj < 6 || (maj == 6 && min <= 3) {
++ return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
++ }
++
+ return nil
+ }
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go b/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go
+index f5f8e9f36..e16879396 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build freebsd || netbsd
+-// +build freebsd netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+index ca9799b79..2fb219d78 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc && aix
+-// +build ppc,aix
+
+ // Created by cgo -godefs - DO NOT EDIT
+ // cgo -godefs -- -maix32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+index 200c8c26f..b0e6f5c85 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && aix
+-// +build ppc64,aix
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -maix64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+index 143007627..e40fa8524 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+index ab044a742..bb02aa6c0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+index 17bba0e44..c0e0f8694 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+index f8c2c5138..6c6923906 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+index 96310c3be..dd9163f8e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+index 777b69def..493a2a793 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && freebsd
+-// +build arm,freebsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+index c557ac2db..8b437b307 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+index 341b4d962..67c02dd57 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go
+index f9c7f479b..c73cfe2f1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go
+@@ -1,7 +1,6 @@
+ // Code generated by mkmerge; DO NOT EDIT.
+
+ //go:build linux
+-// +build linux
+
+ package unix
+
+@@ -481,10 +480,13 @@ const (
+ BPF_FROM_BE = 0x8
+ BPF_FROM_LE = 0x0
+ BPF_FS_MAGIC = 0xcafe4a11
++ BPF_F_AFTER = 0x10
+ BPF_F_ALLOW_MULTI = 0x2
+ BPF_F_ALLOW_OVERRIDE = 0x1
+ BPF_F_ANY_ALIGNMENT = 0x2
+- BPF_F_KPROBE_MULTI_RETURN = 0x1
++ BPF_F_BEFORE = 0x8
++ BPF_F_ID = 0x20
++ BPF_F_NETFILTER_IP_DEFRAG = 0x1
+ BPF_F_QUERY_EFFECTIVE = 0x1
+ BPF_F_REPLACE = 0x4
+ BPF_F_SLEEPABLE = 0x10
+@@ -521,6 +523,7 @@ const (
+ BPF_MAJOR_VERSION = 0x1
+ BPF_MAXINSNS = 0x1000
+ BPF_MEM = 0x60
++ BPF_MEMSX = 0x80
+ BPF_MEMWORDS = 0x10
+ BPF_MINOR_VERSION = 0x1
+ BPF_MISC = 0x7
+@@ -776,6 +779,8 @@ const (
+ DEVLINK_GENL_MCGRP_CONFIG_NAME = "config"
+ DEVLINK_GENL_NAME = "devlink"
+ DEVLINK_GENL_VERSION = 0x1
++ DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO = 0x4
++ DEVLINK_PORT_FN_CAP_IPSEC_PACKET = 0x8
+ DEVLINK_PORT_FN_CAP_MIGRATABLE = 0x2
+ DEVLINK_PORT_FN_CAP_ROCE = 0x1
+ DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX = 0x14
+@@ -1698,6 +1703,7 @@ const (
+ KEXEC_ON_CRASH = 0x1
+ KEXEC_PRESERVE_CONTEXT = 0x2
+ KEXEC_SEGMENT_MAX = 0x10
++ KEXEC_UPDATE_ELFCOREHDR = 0x4
+ KEYCTL_ASSUME_AUTHORITY = 0x10
+ KEYCTL_CAPABILITIES = 0x1f
+ KEYCTL_CAPS0_BIG_KEY = 0x10
+@@ -1795,6 +1801,7 @@ const (
+ LOCK_SH = 0x1
+ LOCK_UN = 0x8
+ LOOP_CLR_FD = 0x4c01
++ LOOP_CONFIGURE = 0x4c0a
+ LOOP_CTL_ADD = 0x4c80
+ LOOP_CTL_GET_FREE = 0x4c82
+ LOOP_CTL_REMOVE = 0x4c81
+@@ -2275,6 +2282,7 @@ const (
+ PERF_MEM_LVLNUM_PMEM = 0xe
+ PERF_MEM_LVLNUM_RAM = 0xd
+ PERF_MEM_LVLNUM_SHIFT = 0x21
++ PERF_MEM_LVLNUM_UNC = 0x8
+ PERF_MEM_LVL_HIT = 0x2
+ PERF_MEM_LVL_IO = 0x1000
+ PERF_MEM_LVL_L1 = 0x8
+@@ -3461,6 +3469,7 @@ const (
+ XDP_PACKET_HEADROOM = 0x100
+ XDP_PGOFF_RX_RING = 0x0
+ XDP_PGOFF_TX_RING = 0x80000000
++ XDP_PKT_CONTD = 0x1
+ XDP_RING_NEED_WAKEUP = 0x1
+ XDP_RX_RING = 0x2
+ XDP_SHARED_UMEM = 0x1
+@@ -3473,6 +3482,7 @@ const (
+ XDP_UMEM_REG = 0x4
+ XDP_UMEM_UNALIGNED_CHUNK_FLAG = 0x1
+ XDP_USE_NEED_WAKEUP = 0x8
++ XDP_USE_SG = 0x10
+ XDP_ZEROCOPY = 0x4
+ XENFS_SUPER_MAGIC = 0xabba1974
+ XFS_SUPER_MAGIC = 0x58465342
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+index 30aee00a5..4920821cf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && linux
+-// +build 386,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+index 8ebfa5127..a0c1e4112 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && linux
+-// +build amd64,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+index 271a21cdc..c63985560 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && linux
+-// +build arm,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+index 910c330a3..47cc62e25 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && linux
+-// +build arm64,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+index a640798c9..27ac4a09e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build loong64 && linux
+-// +build loong64,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
+@@ -119,6 +118,7 @@ const (
+ IXOFF = 0x1000
+ IXON = 0x400
+ LASX_CTX_MAGIC = 0x41535801
++ LBT_CTX_MAGIC = 0x42540001
+ LSX_CTX_MAGIC = 0x53580001
+ MAP_ANON = 0x20
+ MAP_ANONYMOUS = 0x20
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+index 0d5925d34..54694642a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips && linux
+-// +build mips,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+index d72a00e0b..3adb81d75 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64 && linux
+-// +build mips64,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+index 02ba129f8..2dfe98f0d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64le && linux
+-// +build mips64le,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+index 8daa6dd96..f5398f84f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mipsle && linux
+-// +build mipsle,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+index 63c8fa2f7..c54f152d6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc && linux
+-// +build ppc,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+index 930799ec1..76057dc72 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && linux
+-// +build ppc64,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+index 8605a7dd7..e0c3725e2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64le && linux
+-// +build ppc64le,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+index 95a016f1c..18f2813ed 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
+@@ -228,6 +227,9 @@ const (
+ PPPIOCUNBRIDGECHAN = 0x7434
+ PPPIOCXFERUNIT = 0x744e
+ PR_SET_PTRACER_ANY = 0xffffffffffffffff
++ PTRACE_GETFDPIC = 0x21
++ PTRACE_GETFDPIC_EXEC = 0x0
++ PTRACE_GETFDPIC_INTERP = 0x1
+ RLIMIT_AS = 0x9
+ RLIMIT_MEMLOCK = 0x8
+ RLIMIT_NOFILE = 0x7
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+index 1ae0108f5..11619d4ec 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build s390x && linux
+-// +build s390x,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+index 1bb7c6333..396d994da 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+index 72f7420d2..130085df4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+index 8d4eb0c08..84769a1a3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+index 9eef9749f..602ded003 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && netbsd
+-// +build arm,netbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -marm _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+index 3b62ba192..efc0406ee 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+index af20e474b..5a6500f83 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+index 6015fcb2b..a5aeeb979 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+index 8d44955e4..0e9748a72 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && openbsd
+-// +build arm,openbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+index ae16fe754..4f4449abc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+index 03d90fe35..76a363f0f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+index 8e2c51b1e..43ca0cdfd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+index 13d403031..b1b8bb200 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+index 1afee6a08..d2ddd3176 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && solaris
+-// +build amd64,solaris
+
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+index fc7d0506f..4dfd2e051 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ // Hand edited based on zerrors_linux_s390x.go
+ // TODO: auto-generate.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+index 97f20ca28..586317c78 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
+
+ //go:build linux && (arm || arm64)
+-// +build linux
+-// +build arm arm64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+index 0b5f79430..d7c881be7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
+
+ //go:build linux && (mips || mips64)
+-// +build linux
+-// +build mips mips64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+index 2807f7e64..2d2de5d29 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
+
+ //go:build linux && (mipsle || mips64le)
+-// +build linux
+-// +build mipsle mips64le
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+index 281ea64e3..5adc79fb5 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
+
+ //go:build linux && (386 || amd64)
+-// +build linux
+-// +build 386 amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+index d1d1d2331..6ea64a3c0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build aix && ppc
+-// +build aix,ppc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+index f99a18adc..99ee4399a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build aix && ppc64
+-// +build aix,ppc64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+index c4d50ae50..b68a78362 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build aix && ppc64 && gc
+-// +build aix,ppc64,gc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+index 6903d3b09..0a87450bf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build aix && ppc64 && gccgo
+-// +build aix,ppc64,gccgo
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+index 1cad561e9..ccb02f240 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build darwin && amd64
+-// +build darwin,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+index b18edbd0e..1b40b997b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build darwin && arm64
+-// +build darwin,arm64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+index 0c67df64a..aad65fc79 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build dragonfly && amd64
+-// +build dragonfly,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+index e6e05d145..c0096391a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build freebsd && 386
+-// +build freebsd,386
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+index 7508accac..7664df749 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build freebsd && amd64
+-// +build freebsd,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+index 7b56aead4..ae099182c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build freebsd && arm
+-// +build freebsd,arm
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+index cc623dcaa..11fd5d45b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build freebsd && arm64
+-// +build freebsd,arm64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+index 581849197..c3d2d6530 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build freebsd && riscv64
+-// +build freebsd,riscv64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+index 6be25cd19..c698cbc01 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build illumos && amd64
+-// +build illumos,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+index 1ff3aec74..1488d2712 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+@@ -1,7 +1,6 @@
+ // Code generated by mkmerge; DO NOT EDIT.
+
+ //go:build linux
+-// +build linux
+
+ package unix
+
+@@ -38,6 +37,21 @@ func fchmodat(dirfd int, path string, mode uint32) (err error) {
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) {
++ var _p0 *byte
++ _p0, err = BytePtrFromString(path)
++ if err != nil {
++ return
++ }
++ _, _, e1 := Syscall6(SYS_FCHMODAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ioctl(fd int, req uint, arg uintptr) (err error) {
+ _, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ if e1 != 0 {
+@@ -2195,3 +2209,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) {
+ }
+ return
+ }
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) {
++ _, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+index 07b549cc2..4def3e9fc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && 386
+-// +build linux,386
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+index 5f481bf83..fef2bc8ba 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && amd64
+-// +build linux,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+index 824cd52c7..a9fd76a88 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && arm
+-// +build linux,arm
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+index e77aecfe9..460065028 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && arm64
+-// +build linux,arm64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+index 806ffd1e1..c8987d264 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && loong64
+-// +build linux,loong64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+index 961a3afb7..921f43061 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && mips
+-// +build linux,mips
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+index ed05005e9..44f067829 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && mips64
+-// +build linux,mips64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+index d365b718f..e7fa0abf0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && mips64le
+-// +build linux,mips64le
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+index c3f1b8bbd..8c5125675 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && mipsle
+-// +build linux,mipsle
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+index a6574cf98..7392fd45e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && ppc
+-// +build linux,ppc
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+index f40990264..41180434e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && ppc64
+-// +build linux,ppc64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+index 9dfcc2997..40c6ce7ae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && ppc64le
+-// +build linux,ppc64le
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+index 0ab4f2ed7..2cfe34adb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && riscv64
+-// +build linux,riscv64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+index 6cde32237..61e6f0709 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && s390x
+-// +build linux,s390x
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+index 5253d65bf..834b84204 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build linux && sparc64
+-// +build linux,sparc64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+index 2df3c5bac..e91ebc14a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build netbsd && 386
+-// +build netbsd,386
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+index a60556bab..be28babbc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build netbsd && amd64
+-// +build netbsd,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+index 9f788917a..fb587e826 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build netbsd && arm
+-// +build netbsd,arm
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+index 82a4cb2dc..d576438bb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build netbsd && arm64
+-// +build netbsd,arm64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+index 66b3b6456..a1d061597 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build openbsd && 386
+-// +build openbsd,386
+
+ package unix
+
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+index 3dcacd30d..41b561731 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4
+ DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_fcntl(SB)
++GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4
++DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_ppoll(SB)
+ GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4
+ DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
+
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_getfsstat(SB)
++GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $4
++DATA ·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_utimensat(SB)
+ GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4
+ DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_pledge(SB)
++GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4
++DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_unveil(SB)
++GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4
++DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+index c5c4cc112..5b2a74097 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build openbsd && amd64
+-// +build openbsd,amd64
+
+ package unix
+
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+index 2763620b0..4019a656f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_fcntl(SB)
++GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_ppoll(SB)
+ GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_getfsstat(SB)
++GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_utimensat(SB)
+ GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_pledge(SB)
++GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_unveil(SB)
++GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+index 93bfbb328..f6eda1344 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build openbsd && arm
+-// +build openbsd,arm
+
+ package unix
+
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+index c92231404..ac4af24f9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4
+ DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_fcntl(SB)
++GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4
++DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_ppoll(SB)
+ GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $4
+ DATA ·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
+
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_getfsstat(SB)
++GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $4
++DATA ·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_utimensat(SB)
+ GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4
+ DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_pledge(SB)
++GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4
++DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_unveil(SB)
++GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4
++DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+index a107b8fda..55df20ae9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build openbsd && arm64
+-// +build openbsd,arm64
+
+ package unix
+
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+index a6bc32c92..f77d53212 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_fcntl(SB)
++GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_ppoll(SB)
+ GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_getfsstat(SB)
++GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_utimensat(SB)
+ GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_pledge(SB)
++GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_unveil(SB)
++GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+index c427de509..8c1155cbc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build openbsd && mips64
+-// +build openbsd,mips64
+
+ package unix
+
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+index b4e7bceab..fae140b62 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_fcntl(SB)
++GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_ppoll(SB)
+ GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_getfsstat(SB)
++GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_utimensat(SB)
+ GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_pledge(SB)
++GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_unveil(SB)
++GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+index 60c1a99ae..7cc80c58d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build openbsd && ppc64
+-// +build openbsd,ppc64
+
+ package unix
+
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+index ca3f76600..9d1e0ff06 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+@@ -213,6 +213,12 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++ CALL libc_fcntl(SB)
++ RET
++GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ CALL libc_ppoll(SB)
+ RET
+@@ -801,8 +807,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++ CALL libc_getfsstat(SB)
++ RET
++GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ CALL libc_utimensat(SB)
+ RET
+ GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++ CALL libc_pledge(SB)
++ RET
++GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++ CALL libc_unveil(SB)
++ RET
++GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+index 52eba360f..0688737f4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build openbsd && riscv64
+-// +build openbsd,riscv64
+
+ package unix
+
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++ r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++ n = int(r0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++ _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++ if e1 != 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+index 477a7d5b2..da115f9a4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_fcntl(SB)
++GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_ppoll(SB)
+ GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL ·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_getfsstat(SB)
++GLOBL ·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA ·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_utimensat(SB)
+ GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_pledge(SB)
++GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++ JMP libc_unveil(SB)
++GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+index b40189464..829b87feb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build solaris && amd64
+-// +build solaris,amd64
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+index 1d8fe1d4b..94f011238 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+index 55e048471..3a58ae819 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+index d2243cf83..dcb7a0eb7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+index 82dc51bd8..db5a7bf13 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build arm && openbsd
+-// +build arm,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+index cbdda1a4a..7be575a77 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+index f55eae1a8..d6e3174c6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+index e44054470..ee97157d0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+index a0db82fce..35c3b91d0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+index f8298ff9b..5edda7687 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+index 5eb433bbf..0dc9e8b4d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+index 703675c0c..308ddf3a1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+index 4e0d96107..418664e3d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+index 01636b838..34d0b86d7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+index ad99bc106..b71cf45e2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && freebsd
+-// +build arm,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+index 89dcc4274..e32df1c1e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+index ee37aaa0c..15ad6111f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+index 9862853d3..fcf3ecbdd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && linux
+-// +build 386,linux
+
+ package unix
+
+@@ -448,4 +447,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+index 8901f0f4e..f56dc2504 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && linux
+-// +build amd64,linux
+
+ package unix
+
+@@ -370,4 +369,6 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
++ SYS_MAP_SHADOW_STACK = 453
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+index 6902c37ee..974bf2467 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && linux
+-// +build arm,linux
+
+ package unix
+
+@@ -412,4 +411,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+index a6d3dff81..39a2739e2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && linux
+-// +build arm64,linux
+
+ package unix
+
+@@ -315,4 +314,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+index b18f3f710..cf9c9d77e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build loong64 && linux
+-// +build loong64,linux
+
+ package unix
+
+@@ -309,4 +308,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+index 0302e5e3d..10b7362ef 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips && linux
+-// +build mips,linux
+
+ package unix
+
+@@ -432,4 +431,5 @@ const (
+ SYS_FUTEX_WAITV = 4449
+ SYS_SET_MEMPOLICY_HOME_NODE = 4450
+ SYS_CACHESTAT = 4451
++ SYS_FCHMODAT2 = 4452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+index 6693ba4a0..cd4d8b4fd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64 && linux
+-// +build mips64,linux
+
+ package unix
+
+@@ -362,4 +361,5 @@ const (
+ SYS_FUTEX_WAITV = 5449
+ SYS_SET_MEMPOLICY_HOME_NODE = 5450
+ SYS_CACHESTAT = 5451
++ SYS_FCHMODAT2 = 5452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+index fd93f4987..2c0efca81 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64le && linux
+-// +build mips64le,linux
+
+ package unix
+
+@@ -362,4 +361,5 @@ const (
+ SYS_FUTEX_WAITV = 5449
+ SYS_SET_MEMPOLICY_HOME_NODE = 5450
+ SYS_CACHESTAT = 5451
++ SYS_FCHMODAT2 = 5452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+index 760ddcadc..a72e31d39 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mipsle && linux
+-// +build mipsle,linux
+
+ package unix
+
+@@ -432,4 +431,5 @@ const (
+ SYS_FUTEX_WAITV = 4449
+ SYS_SET_MEMPOLICY_HOME_NODE = 4450
+ SYS_CACHESTAT = 4451
++ SYS_FCHMODAT2 = 4452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+index cff2b2555..c7d1e3747 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc && linux
+-// +build ppc,linux
+
+ package unix
+
+@@ -439,4 +438,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+index a4b2405d0..f4d4838c8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && linux
+-// +build ppc64,linux
+
+ package unix
+
+@@ -411,4 +410,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+index aca54b4e3..b64f0e591 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64le && linux
+-// +build ppc64le,linux
+
+ package unix
+
+@@ -411,4 +410,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+index 9d1738d64..95711195a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+
+ package unix
+
+@@ -316,4 +315,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+index 022878dc8..f94e943bc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build s390x && linux
+-// +build s390x,linux
+
+ package unix
+
+@@ -377,4 +376,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+index 4100a761c..ba0c2bc51 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+
+ package unix
+
+@@ -390,4 +389,5 @@ const (
+ SYS_FUTEX_WAITV = 449
+ SYS_SET_MEMPOLICY_HOME_NODE = 450
+ SYS_CACHESTAT = 451
++ SYS_FCHMODAT2 = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+index 3a6699eba..b2aa8cd49 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+index 5677cd4f1..524a1b1c9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+index e784cb6db..d59b943ac 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && netbsd
+-// +build arm,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+index bd4952efa..31e771d53 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+index 597733813..9fd77c6cb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+index 16af29189..af10af28c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+index f59b18a97..cc2028af4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && openbsd
+-// +build arm,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+index 721ef5910..c06dd4415 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+index 01c43a01f..9ddbf3e08 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+index f258cfa24..19a6ee413 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+index 07919e0ec..05192a782 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+index 073daad43..b2e308581 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+index 7a8161c1d..3e6d57cae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc && aix
+-// +build ppc,aix
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+index 07ed733c5..3a219bdce 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && aix
+-// +build ppc64,aix
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+index 690cefc3d..091d107f3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+index 5bffc10ea..28ff4ef74 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+index d0ba8e9b8..30e405bb4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+index 29dc48337..6cbd094a3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+index 0a89b2890..7c03b6ee7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+index c8666bb15..422107ee8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && freebsd
+-// +build arm,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+index 88fb48a88..505a12acf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+index 698dc975e..cc986c790 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go
+index 18aa70b42..bbf8399ff 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go
+@@ -1,7 +1,6 @@
+ // Code generated by mkmerge; DO NOT EDIT.
+
+ //go:build linux
+-// +build linux
+
+ package unix
+
+@@ -2672,6 +2671,7 @@ const (
+ BPF_PROG_TYPE_LSM = 0x1d
+ BPF_PROG_TYPE_SK_LOOKUP = 0x1e
+ BPF_PROG_TYPE_SYSCALL = 0x1f
++ BPF_PROG_TYPE_NETFILTER = 0x20
+ BPF_CGROUP_INET_INGRESS = 0x0
+ BPF_CGROUP_INET_EGRESS = 0x1
+ BPF_CGROUP_INET_SOCK_CREATE = 0x2
+@@ -2716,6 +2716,11 @@ const (
+ BPF_PERF_EVENT = 0x29
+ BPF_TRACE_KPROBE_MULTI = 0x2a
+ BPF_LSM_CGROUP = 0x2b
++ BPF_STRUCT_OPS = 0x2c
++ BPF_NETFILTER = 0x2d
++ BPF_TCX_INGRESS = 0x2e
++ BPF_TCX_EGRESS = 0x2f
++ BPF_TRACE_UPROBE_MULTI = 0x30
+ BPF_LINK_TYPE_UNSPEC = 0x0
+ BPF_LINK_TYPE_RAW_TRACEPOINT = 0x1
+ BPF_LINK_TYPE_TRACING = 0x2
+@@ -2726,6 +2731,18 @@ const (
+ BPF_LINK_TYPE_PERF_EVENT = 0x7
+ BPF_LINK_TYPE_KPROBE_MULTI = 0x8
+ BPF_LINK_TYPE_STRUCT_OPS = 0x9
++ BPF_LINK_TYPE_NETFILTER = 0xa
++ BPF_LINK_TYPE_TCX = 0xb
++ BPF_LINK_TYPE_UPROBE_MULTI = 0xc
++ BPF_PERF_EVENT_UNSPEC = 0x0
++ BPF_PERF_EVENT_UPROBE = 0x1
++ BPF_PERF_EVENT_URETPROBE = 0x2
++ BPF_PERF_EVENT_KPROBE = 0x3
++ BPF_PERF_EVENT_KRETPROBE = 0x4
++ BPF_PERF_EVENT_TRACEPOINT = 0x5
++ BPF_PERF_EVENT_EVENT = 0x6
++ BPF_F_KPROBE_MULTI_RETURN = 0x1
++ BPF_F_UPROBE_MULTI_RETURN = 0x1
+ BPF_ANY = 0x0
+ BPF_NOEXIST = 0x1
+ BPF_EXIST = 0x2
+@@ -2743,6 +2760,8 @@ const (
+ BPF_F_MMAPABLE = 0x400
+ BPF_F_PRESERVE_ELEMS = 0x800
+ BPF_F_INNER_MAP = 0x1000
++ BPF_F_LINK = 0x2000
++ BPF_F_PATH_FD = 0x4000
+ BPF_STATS_RUN_TIME = 0x0
+ BPF_STACK_BUILD_ID_EMPTY = 0x0
+ BPF_STACK_BUILD_ID_VALID = 0x1
+@@ -2763,6 +2782,7 @@ const (
+ BPF_F_ZERO_CSUM_TX = 0x2
+ BPF_F_DONT_FRAGMENT = 0x4
+ BPF_F_SEQ_NUMBER = 0x8
++ BPF_F_NO_TUNNEL_KEY = 0x10
+ BPF_F_TUNINFO_FLAGS = 0x10
+ BPF_F_INDEX_MASK = 0xffffffff
+ BPF_F_CURRENT_CPU = 0xffffffff
+@@ -2779,6 +2799,8 @@ const (
+ BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10
+ BPF_F_ADJ_ROOM_NO_CSUM_RESET = 0x20
+ BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 0x40
++ BPF_F_ADJ_ROOM_DECAP_L3_IPV4 = 0x80
++ BPF_F_ADJ_ROOM_DECAP_L3_IPV6 = 0x100
+ BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff
+ BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38
+ BPF_F_SYSCTL_BASE_NAME = 0x1
+@@ -2867,6 +2889,8 @@ const (
+ BPF_DEVCG_DEV_CHAR = 0x2
+ BPF_FIB_LOOKUP_DIRECT = 0x1
+ BPF_FIB_LOOKUP_OUTPUT = 0x2
++ BPF_FIB_LOOKUP_SKIP_NEIGH = 0x4
++ BPF_FIB_LOOKUP_TBID = 0x8
+ BPF_FIB_LKUP_RET_SUCCESS = 0x0
+ BPF_FIB_LKUP_RET_BLACKHOLE = 0x1
+ BPF_FIB_LKUP_RET_UNREACHABLE = 0x2
+@@ -2902,6 +2926,7 @@ const (
+ BPF_CORE_ENUMVAL_EXISTS = 0xa
+ BPF_CORE_ENUMVAL_VALUE = 0xb
+ BPF_CORE_TYPE_MATCHES = 0xc
++ BPF_F_TIMER_ABS = 0x1
+ )
+
+ const (
+@@ -2980,6 +3005,12 @@ type LoopInfo64 struct {
+ Encrypt_key [32]uint8
+ Init [2]uint64
+ }
++type LoopConfig struct {
++ Fd uint32
++ Size uint32
++ Info LoopInfo64
++ _ [8]uint64
++}
+
+ type TIPCSocketAddr struct {
+ Ref uint32
+@@ -5883,3 +5914,15 @@ type SchedAttr struct {
+ }
+
+ const SizeofSchedAttr = 0x38
++
++type Cachestat_t struct {
++ Cache uint64
++ Dirty uint64
++ Writeback uint64
++ Evicted uint64
++ Recently_evicted uint64
++}
++type CachestatRange struct {
++ Off uint64
++ Len uint64
++}
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+index 6d8acbcc5..438a30aff 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && linux
+-// +build 386,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+index 59293c688..adceca355 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && linux
+-// +build amd64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+index 40cfa38c2..eeaa00a37 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && linux
+-// +build arm,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+index 055bc4216..6739aa91d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && linux
+-// +build arm64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+index f28affbc6..9920ef631 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build loong64 && linux
+-// +build loong64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+index 9d71e7ccd..2923b799a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips && linux
+-// +build mips,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+index fd5ccd332..ce2750ee4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64 && linux
+-// +build mips64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+index 7704de77a..3038811d7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64le && linux
+-// +build mips64le,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+index df00b8757..efc6fed18 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mipsle && linux
+-// +build mipsle,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+index 0942840db..9a654b75a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc && linux
+-// +build ppc,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+index 034874395..40d358e33 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && linux
+-// +build ppc64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+index bad067047..148c6ceb8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64le && linux
+-// +build ppc64le,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+index 1b4c97c32..72ba81543 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+index aa268d025..71e765508 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build s390x && linux
+-// +build s390x,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+index 444045b6c..4abbdb9de 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+index 9bc4c8f9d..f22e7947d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+index bb05f655d..066a7d83d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+index db40e3a19..439548ec9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && netbsd
+-// +build arm,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+index 11121151c..16085d3bb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+index 26eba23b7..afd13a3af 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+index 5a5479886..5d97f1f9b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+index be58c4e1f..34871cdc1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm && openbsd
+-// +build arm,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+index 52338266c..5911bceb3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+index 605cfdb12..e4f24f3bc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+index d6724c010..ca50a7930 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+index ddfd27a43..d7d7f7902 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+index 0400747c6..14160576d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+
+ //go:build amd64 && solaris
+-// +build amd64,solaris
+
+ package unix
+
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+index aec1efcb3..54f31be63 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build zos && s390x
+-// +build zos,s390x
+
+ // Hand edited based on ztypes_linux_s390x.go
+ // TODO: auto-generate.
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/aliases.go b/go-controller/vendor/golang.org/x/sys/windows/aliases.go
+index a20ebea63..ce2d713d6 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/aliases.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/aliases.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows && go1.9
+-// +build windows,go1.9
+
+ package windows
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/empty.s b/go-controller/vendor/golang.org/x/sys/windows/empty.s
+index fdbbbcd31..ba64caca5 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/empty.s
++++ b/go-controller/vendor/golang.org/x/sys/windows/empty.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build !go1.12
+-// +build !go1.12
+
+ // This file is here to allow bodyless functions with go:linkname for Go 1.11
+ // and earlier (see https://golang.org/issue/23311).
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/eventlog.go b/go-controller/vendor/golang.org/x/sys/windows/eventlog.go
+index 2cd60645e..6c366955d 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/eventlog.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/eventlog.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ package windows
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go b/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go
+index 8563f79c5..dbcdb090c 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build generate
+-// +build generate
+
+ package windows
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/race.go b/go-controller/vendor/golang.org/x/sys/windows/race.go
+index 9196b089c..0f1bdc386 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/race.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/race.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows && race
+-// +build windows,race
+
+ package windows
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/race0.go b/go-controller/vendor/golang.org/x/sys/windows/race0.go
+index 7bae4817a..0c78da78b 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/race0.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/race0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows && !race
+-// +build windows,!race
+
+ package windows
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/key.go b/go-controller/vendor/golang.org/x/sys/windows/registry/key.go
+index 6c8d97b6a..fd8632444 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/key.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/key.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ // Package registry provides access to the Windows registry.
+ //
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+index ee74927d3..bbf86ccf0 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build generate
+-// +build generate
+
+ package registry
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go b/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go
+index 417335123..f533091c1 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ package registry
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/value.go b/go-controller/vendor/golang.org/x/sys/windows/registry/value.go
+index 2789f6f18..74db26b94 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/value.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/value.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ package registry
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/service.go b/go-controller/vendor/golang.org/x/sys/windows/service.go
+index c44a1b963..a9dc6308d 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/service.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/service.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ package windows
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/str.go b/go-controller/vendor/golang.org/x/sys/windows/str.go
+index 4fc01434e..6a4f9ce6a 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/str.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/str.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ package windows
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/svc/security.go b/go-controller/vendor/golang.org/x/sys/windows/svc/security.go
+index 1c51006ea..6a1f3c627 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/svc/security.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/svc/security.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ package svc
+
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/svc/service.go b/go-controller/vendor/golang.org/x/sys/windows/svc/service.go
+index e9e47f0b4..c96932d96 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/svc/service.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/svc/service.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ // Package svc provides everything required to build Windows service.
+ package svc
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/syscall.go b/go-controller/vendor/golang.org/x/sys/windows/syscall.go
+index 8732cdb95..e85ed6b9c 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build windows
+-// +build windows
+
+ // Package windows contains an interface to the low-level operating system
+ // primitives. OS details vary depending on the underlying system, and
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go b/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go
+index 35cfc57ca..47dc57967 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go
+@@ -155,6 +155,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
+ //sys GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW
+ //sys GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW
+ //sys SetDefaultDllDirectories(directoryFlags uint32) (err error)
++//sys AddDllDirectory(path *uint16) (cookie uintptr, err error) = kernel32.AddDllDirectory
++//sys RemoveDllDirectory(cookie uintptr) (err error) = kernel32.RemoveDllDirectory
+ //sys SetDllDirectory(path string) (err error) = kernel32.SetDllDirectoryW
+ //sys GetVersion() (ver uint32, err error)
+ //sys FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
+@@ -233,6 +235,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
+ //sys CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
+ //sys DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
+ //sys getTickCount64() (ms uint64) = kernel32.GetTickCount64
++//sys GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
+ //sys SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
+ //sys GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
+ //sys SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
+@@ -969,7 +972,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
+ if n > 0 {
+ sl += int32(n) + 1
+ }
+- if sa.raw.Path[0] == '@' {
++ if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++ // Check sl > 3 so we don't change unnamed socket behavior.
+ sa.raw.Path[0] = 0
+ // Don't count trailing NUL for abstract address.
+ sl--
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/types_windows.go b/go-controller/vendor/golang.org/x/sys/windows/types_windows.go
+index b88dc7c85..359780f6a 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/types_windows.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/types_windows.go
+@@ -1094,7 +1094,33 @@ const (
+
+ SOMAXCONN = 0x7fffffff
+
+- TCP_NODELAY = 1
++ TCP_NODELAY = 1
++ TCP_EXPEDITED_1122 = 2
++ TCP_KEEPALIVE = 3
++ TCP_MAXSEG = 4
++ TCP_MAXRT = 5
++ TCP_STDURG = 6
++ TCP_NOURG = 7
++ TCP_ATMARK = 8
++ TCP_NOSYNRETRIES = 9
++ TCP_TIMESTAMPS = 10
++ TCP_OFFLOAD_PREFERENCE = 11
++ TCP_CONGESTION_ALGORITHM = 12
++ TCP_DELAY_FIN_ACK = 13
++ TCP_MAXRTMS = 14
++ TCP_FASTOPEN = 15
++ TCP_KEEPCNT = 16
++ TCP_KEEPIDLE = TCP_KEEPALIVE
++ TCP_KEEPINTVL = 17
++ TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18
++ TCP_ICMP_ERROR_INFO = 19
++
++ UDP_NOCHECKSUM = 1
++ UDP_SEND_MSG_SIZE = 2
++ UDP_RECV_MAX_COALESCED_SIZE = 3
++ UDP_CHECKSUM_COVERAGE = 20
++
++ UDP_COALESCED_INFO = 3
+
+ SHUT_RD = 0
+ SHUT_WR = 1
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+index 8b1688de4..146a1f019 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+@@ -184,6 +184,7 @@ var (
+ procGetAdaptersInfo = modiphlpapi.NewProc("GetAdaptersInfo")
+ procGetBestInterfaceEx = modiphlpapi.NewProc("GetBestInterfaceEx")
+ procGetIfEntry = modiphlpapi.NewProc("GetIfEntry")
++ procAddDllDirectory = modkernel32.NewProc("AddDllDirectory")
+ procAssignProcessToJobObject = modkernel32.NewProc("AssignProcessToJobObject")
+ procCancelIo = modkernel32.NewProc("CancelIo")
+ procCancelIoEx = modkernel32.NewProc("CancelIoEx")
+@@ -253,6 +254,7 @@ var (
+ procGetFileAttributesW = modkernel32.NewProc("GetFileAttributesW")
+ procGetFileInformationByHandle = modkernel32.NewProc("GetFileInformationByHandle")
+ procGetFileInformationByHandleEx = modkernel32.NewProc("GetFileInformationByHandleEx")
++ procGetFileTime = modkernel32.NewProc("GetFileTime")
+ procGetFileType = modkernel32.NewProc("GetFileType")
+ procGetFinalPathNameByHandleW = modkernel32.NewProc("GetFinalPathNameByHandleW")
+ procGetFullPathNameW = modkernel32.NewProc("GetFullPathNameW")
+@@ -329,6 +331,7 @@ var (
+ procReadProcessMemory = modkernel32.NewProc("ReadProcessMemory")
+ procReleaseMutex = modkernel32.NewProc("ReleaseMutex")
+ procRemoveDirectoryW = modkernel32.NewProc("RemoveDirectoryW")
++ procRemoveDllDirectory = modkernel32.NewProc("RemoveDllDirectory")
+ procResetEvent = modkernel32.NewProc("ResetEvent")
+ procResizePseudoConsole = modkernel32.NewProc("ResizePseudoConsole")
+ procResumeThread = modkernel32.NewProc("ResumeThread")
+@@ -1604,6 +1607,15 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) {
+ return
+ }
+
++func AddDllDirectory(path *uint16) (cookie uintptr, err error) {
++ r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
++ cookie = uintptr(r0)
++ if cookie == 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
+ func AssignProcessToJobObject(job Handle, process Handle) (err error) {
+ r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0)
+ if r1 == 0 {
+@@ -2185,6 +2197,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte,
+ return
+ }
+
++func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
++ r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
++ if r1 == 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
+ func GetFileType(filehandle Handle) (n uint32, err error) {
+ r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
+ n = uint32(r0)
+@@ -2870,6 +2890,14 @@ func RemoveDirectory(path *uint16) (err error) {
+ return
+ }
+
++func RemoveDllDirectory(cookie uintptr) (err error) {
++ r1, _, e1 := syscall.Syscall(procRemoveDllDirectory.Addr(), 1, uintptr(cookie), 0, 0)
++ if r1 == 0 {
++ err = errnoErr(e1)
++ }
++ return
++}
++
+ func ResetEvent(event Handle) (err error) {
+ r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0)
+ if r1 == 0 {
+diff --git a/go-controller/vendor/golang.org/x/term/term_unix.go b/go-controller/vendor/golang.org/x/term/term_unix.go
+index 62c2b3f41..1ad0ddfe3 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unix.go
++++ b/go-controller/vendor/golang.org/x/term/term_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+
+ package term
+
+diff --git a/go-controller/vendor/golang.org/x/term/term_unix_bsd.go b/go-controller/vendor/golang.org/x/term/term_unix_bsd.go
+index 853b3d698..9dbf54629 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unix_bsd.go
++++ b/go-controller/vendor/golang.org/x/term/term_unix_bsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build darwin || dragonfly || freebsd || netbsd || openbsd
+-// +build darwin dragonfly freebsd netbsd openbsd
+
+ package term
+
+diff --git a/go-controller/vendor/golang.org/x/term/term_unix_other.go b/go-controller/vendor/golang.org/x/term/term_unix_other.go
+index 1e8955c93..1b36de799 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unix_other.go
++++ b/go-controller/vendor/golang.org/x/term/term_unix_other.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build aix || linux || solaris || zos
+-// +build aix linux solaris zos
+
+ package term
+
+diff --git a/go-controller/vendor/golang.org/x/term/term_unsupported.go b/go-controller/vendor/golang.org/x/term/term_unsupported.go
+index f1df85065..3c409e588 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unsupported.go
++++ b/go-controller/vendor/golang.org/x/term/term_unsupported.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !zos && !windows && !solaris && !plan9
+-// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!zos,!windows,!solaris,!plan9
+
+ package term
+
+diff --git a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
+index 8a7392c4a..784bb8808 100644
+--- a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build go1.10
+-// +build go1.10
+
+ package bidirule
+
+diff --git a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
+index bb0a92001..8e1e94395 100644
+--- a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+
+ //go:build !go1.10
+-// +build !go1.10
+
+ package bidirule
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+index 42fa8d72c..d2bd71181 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.10 && !go1.13
+-// +build go1.10,!go1.13
+
+ package bidi
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+index 56a0e1ea2..f76bdca27 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.13 && !go1.14
+-// +build go1.13,!go1.14
+
+ package bidi
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
+index baacf32b4..3aa2c3bdf 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.14 && !go1.16
+-// +build go1.14,!go1.16
+
+ package bidi
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
+index ffadb7beb..a71375790 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.16 && !go1.21
+-// +build go1.16,!go1.21
+
+ package bidi
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
+index 92cce5802..f15746f7d 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.21
+-// +build go1.21
+
+ package bidi
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
+index f517fdb20..c164d3791 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build !go1.10
+-// +build !go1.10
+
+ package bidi
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+index f5a078827..1af161c75 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.10 && !go1.13
+-// +build go1.10,!go1.13
+
+ package norm
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+index cb7239c43..eb73ecc37 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.13 && !go1.14
+-// +build go1.13,!go1.14
+
+ package norm
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
+index 11b273300..276cb8d8c 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.14 && !go1.16
+-// +build go1.14,!go1.16
+
+ package norm
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
+index f65785e8a..0cceffd73 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.16 && !go1.21
+-// +build go1.16,!go1.21
+
+ package norm
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
+index e1858b879..b0819e42d 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build go1.21
+-// +build go1.21
+
+ package norm
+
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+index 0175eae50..bf65457d9 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+
+ //go:build !go1.10
+-// +build !go1.10
+
+ package norm
+
+diff --git a/go-controller/vendor/k8s.io/client-go/informers/factory.go b/go-controller/vendor/k8s.io/client-go/informers/factory.go
+index 9fc86441a..7dd0ae635 100644
+--- a/go-controller/vendor/k8s.io/client-go/informers/factory.go
++++ b/go-controller/vendor/k8s.io/client-go/informers/factory.go
+@@ -60,7 +60,6 @@ type sharedInformerFactory struct {
+ lock sync.Mutex
+ defaultResync time.Duration
+ customResync map[reflect.Type]time.Duration
+- transform cache.TransformFunc
+
+ informers map[reflect.Type]cache.SharedIndexInformer
+ // startedInformers is used for tracking which informers have been started.
+@@ -99,14 +98,6 @@ func WithNamespace(namespace string) SharedInformerOption {
+ }
+ }
+
+-// WithTransform sets a transform on all informers.
+-func WithTransform(transform cache.TransformFunc) SharedInformerOption {
+- return func(factory *sharedInformerFactory) *sharedInformerFactory {
+- factory.transform = transform
+- return factory
+- }
+-}
+-
+ // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
+ func NewSharedInformerFactory(client kubernetes.Interface, defaultResync time.Duration) SharedInformerFactory {
+ return NewSharedInformerFactoryWithOptions(client, defaultResync)
+@@ -211,7 +202,6 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
+ }
+
+ informer = newFunc(f.client, resyncPeriod)
+- informer.SetTransform(f.transform)
+ f.informers[informerType] = informer
+
+ return informer
+diff --git a/go-controller/vendor/modules.txt b/go-controller/vendor/modules.txt
+index c88f00fa8..a9683f0a0 100644
+--- a/go-controller/vendor/modules.txt
++++ b/go-controller/vendor/modules.txt
+@@ -385,8 +385,8 @@ go.opencensus.io/internal
+ go.opencensus.io/trace
+ go.opencensus.io/trace/internal
+ go.opencensus.io/trace/tracestate
+-# golang.org/x/crypto v0.14.0
+-## explicit; go 1.17
++# golang.org/x/crypto v0.17.0
++## explicit; go 1.18
+ golang.org/x/crypto/ed25519
+ # golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb
+ ## explicit; go 1.20
+@@ -420,19 +420,19 @@ golang.org/x/oauth2/internal
+ # golang.org/x/sync v0.2.0
+ ## explicit
+ golang.org/x/sync/errgroup
+-# golang.org/x/sys v0.13.0
+-## explicit; go 1.17
++# golang.org/x/sys v0.15.0
++## explicit; go 1.18
+ golang.org/x/sys/execabs
+ golang.org/x/sys/plan9
+ golang.org/x/sys/unix
+ golang.org/x/sys/windows
+ golang.org/x/sys/windows/registry
+ golang.org/x/sys/windows/svc
+-# golang.org/x/term v0.13.0
+-## explicit; go 1.17
++# golang.org/x/term v0.15.0
++## explicit; go 1.18
+ golang.org/x/term
+-# golang.org/x/text v0.13.0
+-## explicit; go 1.17
++# golang.org/x/text v0.14.0
++## explicit; go 1.18
+ golang.org/x/text/encoding
+ golang.org/x/text/encoding/charmap
+ golang.org/x/text/encoding/htmlindex
+--
+2.43.0
+
diff --git a/images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch b/images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch
new file mode 100644
index 0000000..60dd327
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch
@@ -0,0 +1,26 @@
+From 71b19667c04fd114e49d3fda957e26e7fa595675 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Sun, 4 Feb 2024 14:15:49 -0500
+Subject: [PATCH] stop creating ovnkube eps
+
+---
+ dist/images/ovnkube.sh | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/dist/images/ovnkube.sh b/dist/images/ovnkube.sh
+index 1d3059cf8..069d36648 100755
+--- a/dist/images/ovnkube.sh
++++ b/dist/images/ovnkube.sh
+@@ -908,9 +908,6 @@ sb-ovsdb() {
+ }
+ ovn-sbctl --inactivity-probe=0 set-connection p${transport}:${ovn_sb_port}:$(bracketify ${ovn_db_host})
+
+- # create the ovnkube-db endpoints
+- wait_for_event attempts=10 check_ovnkube_db_ep ${ovn_db_host} ${ovn_nb_port}
+- set_ovnkube_db_ep ${ovn_db_host}
+ if memory_trim_on_compaction_supported "sbdb"
+ then
+ # Enable SBDB memory trimming on DB compaction, Every 10mins DBs are compacted
+--
+2.43.0
+
diff --git a/images/placement/Earthfile b/images/placement/Earthfile
index 64d6afd..e843c08 100644
--- a/images/placement/Earthfile
+++ b/images/placement/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=placement
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=a361622d749d3b24aad638ec1b03a7d7124a87b3
@@ -14,5 +15,5 @@
FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
COPY +build/venv /var/lib/openstack
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/senlin/Earthfile b/images/senlin/Earthfile
index 7e67788..8decded 100644
--- a/images/senlin/Earthfile
+++ b/images/senlin/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=senlin
ARG --global RELEASE=2023.2
ARG --global PROJECT_REF=5382259276d6be6807634c58c7b69b03b57ad6f5
@@ -14,5 +15,5 @@
FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
COPY +build/venv /var/lib/openstack
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/staffeln/Earthfile b/images/staffeln/Earthfile
index 9be3407..2f60cc3 100644
--- a/images/staffeln/Earthfile
+++ b/images/staffeln/Earthfile
@@ -1,5 +1,6 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=staffeln
ARG --global RELEASE=master
ARG --global PROJECT_REF=v2.2.3
@@ -15,5 +16,5 @@
FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
COPY +build/venv /var/lib/openstack
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/tempest/Earthfile b/images/tempest/Earthfile
index 61dd5df..2160336 100644
--- a/images/tempest/Earthfile
+++ b/images/tempest/Earthfile
@@ -1,21 +1,49 @@
VERSION 0.7
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
ARG --global PROJECT=tempest
ARG --global RELEASE=master
ARG --global PROJECT_REF=699749ec27897efe9bd7824664237c16c3339c03
+build.plugin:
+ ARG PLUGIN
+ FROM ../openstack-service+builder --RELEASE=${RELEASE}
+ DO ../openstack-service+GIT_CHECKOUT \
+ --PROJECT=${PLUGIN} \
+ --PROJECT_REF=${RELEASE}
+ SAVE ARTIFACT /src
+
+octavia-test-server:
+ FROM golang:1.18
+ COPY (+build.plugin/src --PLUGIN=octavia-tempest-plugin) /src
+ ENV GO111MODULE=off
+ ENV CGO_ENABLED=0
+ ENV GOOS=linux
+ RUN go build \
+ -a -ldflags '-s -w -extldflags -static' \
+ -o /build/test_server.bin \
+ /src/octavia_tempest_plugin/contrib/test_server/test_server.go
+ SAVE ARTIFACT /build/test_server.bin
+
build:
FROM ../openstack-service+builder --RELEASE=${RELEASE}
+ COPY (+build.plugin/src --PLUGIN=barbican-tempest-plugin) /barbican-tempest-plugin
+ COPY (+build.plugin/src --PLUGIN=cinder-tempest-plugin) /cinder-tempest-plugin
+ COPY (+build.plugin/src --PLUGIN=heat-tempest-plugin) /heat-tempest-plugin
+ COPY (+build.plugin/src --PLUGIN=keystone-tempest-plugin) /keystone-tempest-plugin
+ COPY (+build.plugin/src --PLUGIN=neutron-tempest-plugin) /neutron-tempest-plugin
+ COPY (+build.plugin/src --PLUGIN=octavia-tempest-plugin) /octavia-tempest-plugin
DO ../openstack-service+BUILD_VENV \
--PROJECT=${PROJECT} \
--PROJECT_REF=${PROJECT_REF} \
- --PIP_PACKAGES="git+https://github.com/openstack/barbican-tempest-plugin.git git+https://github.com/openstack/cinder-tempest-plugin.git git+https://github.com/openstack/heat-tempest-plugin.git git+https://github.com/openstack/keystone-tempest-plugin.git git+https://github.com/openstack/neutron-tempest-plugin.git git+https://github.com/openstack/octavia-tempest-plugin.git"
+ --PIP_PACKAGES="/barbican-tempest-plugin /cinder-tempest-plugin /heat-tempest-plugin /keystone-tempest-plugin /neutron-tempest-plugin /octavia-tempest-plugin junitxml"
image:
FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
+ COPY +octavia-test-server/test_server.bin /opt/octavia-tempest-plugin/test_server.bin
COPY +build/venv /var/lib/openstack
DO ../+APT_INSTALL \
- --PACKAGES "iputils-ping"
+ --PACKAGES "iputils-ping openssh-client"
SAVE IMAGE --push \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
- ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+ ${REGISTRY}/${PROJECT}:${RELEASE} \
+ ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/meta/runtime.yml b/meta/runtime.yml
index 33f1892..ce6befd 100644
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@@ -1,2 +1,2 @@
---
-requires_ansible: ">=2.13.4"
+requires_ansible: ">=2.14.0"
diff --git a/molecule/aio/converge.yml b/molecule/aio/converge.yml
new file mode 100644
index 0000000..d6415d8
--- /dev/null
+++ b/molecule/aio/converge.yml
@@ -0,0 +1,45 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Install Ceph
+ ansible.builtin.import_playbook: vexxhost.ceph.site
+ vars:
+ # TODO(mnaser): Drop this once we switch to vexxhost.ceph 3.0.0
+ ceph_version: 18.2.1
+ ceph_repository_version: 18.2.1
+
+- name: Install Kubernetes
+ ansible.builtin.import_playbook: vexxhost.atmosphere.kubernetes
+
+- name: Install CSI
+ ansible.builtin.import_playbook: vexxhost.atmosphere.csi
+
+- name: Deploy Infrastructure
+ ansible.builtin.import_playbook: vexxhost.atmosphere.infrastructure
+
+- name: Deploy OpenStack
+ ansible.builtin.import_playbook: vexxhost.atmosphere.openstack
+
+- name: Configure networking
+ hosts: all
+ tasks:
+ - name: Add IP address to "br-ex"
+ changed_when: false
+ ansible.builtin.shell:
+ cmd: ip addr add 10.96.250.10/24 dev br-ex || true
+
+ - name: Set "br-ex" interface to "up"
+ changed_when: false
+ ansible.builtin.shell:
+ cmd: ip link set br-ex up || true
diff --git a/molecule/aio/create.yml b/molecule/aio/create.yml
new file mode 100644
index 0000000..4e4235c
--- /dev/null
+++ b/molecule/aio/create.yml
@@ -0,0 +1,99 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Wait for user to read warning
+ hosts: localhost
+ tasks:
+ - name: Wait for user to read warning
+ ignore_errors: true # noqa: ignore-errors
+ ansible.builtin.fail:
+ msg: >-
+ ⚠️
+ This code will make substantial changes to your machine, it is strongly
+ recommended that you run this on a server or virtual machine that you
+ dedicate to this purpose.
+ ⚠️
+
+ - name: Wait for user to read warning
+ ansible.builtin.wait_for:
+ timeout: 15
+
+- name: Generate workspace
+ ansible.builtin.import_playbook: vexxhost.atmosphere.generate_workspace
+ vars:
+ workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
+ domain_name: "{{ ansible_default_ipv4['address'].replace('.', '-') }}.{{ lookup('env', 'ATMOSPHERE_DNS_SUFFIX_NAME') | default('nip.io', True) }}"
+
+- name: Setup networking
+ hosts: all
+ become: true
+ vars:
+ management_bridge: "br-mgmt"
+ tasks:
+ - name: Create bridge for management network
+ ignore_errors: true # noqa: ignore-errors
+ changed_when: false
+ ansible.builtin.command:
+ cmd: "ip link add name {{ management_bridge }} type bridge"
+
+ - name: Create fake interface for management bridge
+ ignore_errors: true # noqa: ignore-errors
+ changed_when: false
+ ansible.builtin.command:
+ cmd: "ip link add dummy0 type dummy"
+
+ # NOTE(mnaser): The bridge will not go up until it has an interface
+ # so we need to assign the dummy interface to the bridge
+ - name: Assign dummy interface to management bridge
+ ignore_errors: true # noqa: ignore-errors
+ changed_when: false
+ ansible.builtin.command:
+ cmd: "ip link set dummy0 master {{ management_bridge }}"
+
+ - name: Assign IP address for management bridge
+ ignore_errors: true # noqa: ignore-errors
+ changed_when: false
+ ansible.builtin.command:
+ cmd: "ip addr add 10.96.240.200/24 dev {{ management_bridge }}"
+
+ - name: Bring up interfaces
+ ignore_errors: true # noqa: ignore-errors
+ changed_when: false
+ ansible.builtin.command:
+ cmd: "ip link set {{ item }} up"
+ loop:
+ - br-mgmt
+ - dummy0
+
+- name: Setup host for deployment
+ hosts: all
+ become: true
+ tasks:
+ - name: Purge "snapd" package
+ become: true
+ ansible.builtin.apt:
+ name: snapd
+ state: absent
+ purge: true
+
+ # TODO(mnaser): Get rid of this once default workspace uses this.
+ - name: Overwrite existing osds.yml file
+ ansible.builtin.copy:
+ dest: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/group_vars/cephs/osds.yml"
+ mode: '0644'
+ content: |
+ ceph_osd_devices:
+ - "/dev/ceph-{{ inventory_hostname_short }}-osd0/data"
+ - "/dev/ceph-{{ inventory_hostname_short }}-osd1/data"
+ - "/dev/ceph-{{ inventory_hostname_short }}-osd2/data"
diff --git a/molecule/ceph/group_vars/.gitkeep b/molecule/aio/group_vars/.gitkeep
similarity index 100%
rename from molecule/ceph/group_vars/.gitkeep
rename to molecule/aio/group_vars/.gitkeep
diff --git a/molecule/aio/group_vars/all/molecule.yml b/molecule/aio/group_vars/all/molecule.yml
new file mode 100644
index 0000000..583eea8
--- /dev/null
+++ b/molecule/aio/group_vars/all/molecule.yml
@@ -0,0 +1,249 @@
+ceph_conf_overrides:
+ - section: global
+ option: mon allow pool size one
+ value: true
+ - section: global
+ option: osd crush chooseleaf type
+ value: 0
+ - section: mon
+ option: auth allow insecure global id reclaim
+ value: false
+
+kubernetes_keepalived_interface: br-mgmt
+
+cilium_helm_values:
+ operator:
+ replicas: 1
+
+csi_driver: local-path-provisioner
+
+cluster_issuer_type: self-signed
+
+ingress_nginx_helm_values:
+ controller:
+ config:
+ worker-processes: 2
+
+percona_xtradb_cluster_spec:
+ allowUnsafeConfigurations: true
+ pxc:
+ size: 1
+ haproxy:
+ size: 1
+
+keystone_helm_values:
+ conf:
+ keystone:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ pod:
+ replicas:
+ api: 1
+
+barbican_helm_values:
+ conf:
+ barbican:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ pod:
+ replicas:
+ api: 1
+
+rook_ceph_cluster_radosgw_spec:
+ metadataPool:
+ failureDomain: osd
+ dataPool:
+ failureDomain: osd
+ gateway:
+ instances: 1
+
+glance_helm_values:
+ conf:
+ glance:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ workers: 2
+ glance_store:
+ rbd_store_replication: 1
+ pod:
+ replicas:
+ api: 1
+glance_images:
+ - name: cirros
+ url: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
+ min_disk: 1
+ disk_format: raw
+ container_format: bare
+ is_public: true
+
+staffeln_helm_values:
+ conf:
+ staffeln:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ pod:
+ replicas:
+ api: 1
+ conductor: 1
+
+cinder_helm_values:
+ conf:
+ ceph:
+ pools:
+ backup:
+ replication: 1
+ cinder.volumes:
+ replication: 1
+ cinder:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ osapi_volume_workers: 2
+ pod:
+ replicas:
+ api: 1
+ scheduler: 1
+
+placement_helm_values:
+ conf:
+ placement:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ placement_api_uwsgi:
+ uwsgi:
+ processes: 2
+ pod:
+ replicas:
+ api: 1
+
+atmosphere_network_backend: "{{ lookup('env', 'ATMOSPHERE_NETWORK_BACKEND') | default('openvswitch', True) }}"
+ovn_helm_values:
+ conf:
+ auto_bridge_add:
+ br-ex: null
+ pod:
+ replicas:
+ ovn_ovsdb_nb: 1
+ ovn_ovsdb_sb: 1
+ ovn_northd: 1
+
+coredns_helm_values:
+ replicaCount: 1
+
+nova_helm_values:
+ # TODO: reserve memory for host for aio scenario?
+ conf:
+ nova:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ osapi_compute_workers: 2
+ metadata_workers: 2
+ conductor:
+ workers: 2
+ scheduler:
+ workers: 2
+ pod:
+ replicas:
+ api_metadata: 1
+ osapi: 1
+ conductor: 1
+ scheduler: 1
+ novncproxy: 1
+ spiceproxy: 1
+
+neutron_helm_values:
+ conf:
+ neutron:
+ DEFAULT:
+ api_workers: 2
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ rpc_workers: 2
+ metadata_workers: 2
+ pod:
+ replicas:
+ server: 1
+
+senlin_helm_values:
+ conf:
+ senlin:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ pod:
+ replicas:
+ api: 1
+ conductor: 1
+ engine: 1
+ health_manager: 1
+
+heat_helm_values:
+ conf:
+ heat:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ num_engine_workers: 2
+ heat_api:
+ workers: 2
+ heat_api_cfn:
+ workers: 2
+ heat_api_cloudwatch:
+ workers: 2
+ pod:
+ replicas:
+ api: 1
+ cfn: 1
+ cloudwatch: 1
+ engine: 1
+
+octavia_helm_values:
+ conf:
+ octavia:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ controller_worker:
+ workers: 2
+ octavia_api_uwsgi:
+ uwsgi:
+ processes: 2
+ pod:
+ replicas:
+ api: 1
+ worker: 1
+ housekeeping: 1
+
+magnum_helm_values:
+ conf:
+ magnum:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ api:
+ workers: 2
+ conductor:
+ workers: 2
+ pod:
+ replicas:
+ api: 1
+ conductor: 1
+magnum_image_disk_format: qcow2
+magnum_images:
+ - name: ubuntu-2204-kube-v1.27.8s
+ url: https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.27.8.qcow2
+ distro: ubuntu
+
+manila_helm_values:
+ conf:
+ manila:
+ DEFAULT:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ osapi_share_workers: 2
+ pod:
+ replicas:
+ api: 1
+ scheduler: 1
+
+horizon_helm_values:
+ conf:
+ horizon:
+ local_settings:
+ debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+ pod:
+ replicas:
+ server: 1
diff --git a/molecule/ceph/host_vars/.gitkeep b/molecule/aio/host_vars/.gitkeep
similarity index 100%
rename from molecule/ceph/host_vars/.gitkeep
rename to molecule/aio/host_vars/.gitkeep
diff --git a/molecule/aio/molecule.yml b/molecule/aio/molecule.yml
new file mode 100644
index 0000000..e88073a
--- /dev/null
+++ b/molecule/aio/molecule.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+dependency:
+ name: galaxy
+driver:
+ name: default
+ options:
+ managed: False
+ ansible_connection_options:
+ ansible_become: "true"
+ ansible_connection: local
+platforms:
+ - name: instance
+ groups:
+ - controllers
+ - cephs
+ - computes
+provisioner:
+ name: ansible
+ config_options:
+ defaults:
+ callbacks_enabled: ansible.posix.profile_tasks
+ inventory:
+ links:
+ host_vars: "${ATMOSPHERE_ANSIBLE_VARS_PATH-$MOLECULE_SCENARIO_DIRECTORY}/host_vars"
+ group_vars: "${ATMOSPHERE_ANSIBLE_VARS_PATH-$MOLECULE_SCENARIO_DIRECTORY}/group_vars"
+verifier:
+ name: ansible
diff --git a/molecule/aio/prepare.yml b/molecule/aio/prepare.yml
new file mode 100644
index 0000000..e621e60
--- /dev/null
+++ b/molecule/aio/prepare.yml
@@ -0,0 +1,32 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Create fake devices for Ceph
+ ansible.builtin.import_playbook: vexxhost.ceph.create_fake_devices
+
+- name: Prepare system for Neutron
+ ansible.builtin.import_playbook: ../shared/prepare/neutron.yml
+
+# TODO(mnaser): Drop this once we switch to vexxhost.ceph 3.0.0
+- name: Configure Ceph workarounds
+ hosts: cephs
+ roles:
+ - vexxhost.ceph.repository
+ post_tasks:
+ - name: Install "ceph-volume"
+ ansible.builtin.package:
+ name: ceph-volume
+ state: present
+ vars:
+ ceph_version: 18.2.1
diff --git a/molecule/ceph/verify.yml b/molecule/aio/verify.yml
similarity index 81%
rename from molecule/ceph/verify.yml
rename to molecule/aio/verify.yml
index b88e217..3a4757b 100644
--- a/molecule/ceph/verify.yml
+++ b/molecule/aio/verify.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
+# Copyright (c) 2024 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
@@ -12,4 +12,5 @@
# License for the specific language governing permissions and limitations
# under the License.
-- import_playbook: vexxhost.atmosphere.tempest
+- name: Run Tempest tests
+ ansible.builtin.import_playbook: vexxhost.atmosphere.tempest
diff --git a/molecule/ceph/cleanup.yml b/molecule/ceph/cleanup.yml
deleted file mode 100644
index f9359ab..0000000
--- a/molecule/ceph/cleanup.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- ansible.builtin.import_playbook: vexxhost.ceph.destroy_fake_devices
-
-- hosts: localhost
- connection: local
- gather_facts: false
- no_log: "{{ molecule_no_log }}"
- vars:
- workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
- tasks:
- - name: Capture var files to delete
- find:
- paths:
- - "{{ workspace_path }}/group_vars"
- - "{{ workspace_path }}/host_vars"
- file_type: file
- recurse: true
- excludes:
- - "molecule.yml"
- register: _var_files
-
- - name: Delete var files
- file:
- path: "{{ item.path }}"
- state: absent
- with_items: "{{ _var_files['files'] }}"
diff --git a/molecule/ceph/converge.yml b/molecule/ceph/converge.yml
deleted file mode 100644
index fc75f20..0000000
--- a/molecule/ceph/converge.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- ansible.builtin.import_playbook: vexxhost.ceph.site
-- ansible.builtin.import_playbook: vexxhost.atmosphere.kubernetes
-
-# NOTE(mnaser): When using Docker with custom networks, it will use 127.0.0.11
-# as the DNS server which trips up the CoreDNS "loop" plugin.
-- name: Switch CoreDNS to use CloudFlare DNS
- hosts: controllers[0]
- become: true
- tasks:
- - name: Update CoreDNS ConfigMap
- kubernetes.core.k8s:
- state: present
- definition:
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: coredns
- namespace: kube-system
- data:
- Corefile: |
- .:53 {
- errors
- health {
- lameduck 5s
- }
- ready
- kubernetes cluster.local in-addr.arpa ip6.arpa {
- pods insecure
- fallthrough in-addr.arpa ip6.arpa
- ttl 30
- }
- prometheus :9153
- forward . 1.1.1.1 {
- max_concurrent 1000
- }
- cache 30
- loop
- reload
- loadbalance
- }
- notify:
- - Rollout CoreDNS
- - Wait for CoreDNS to be ready
- handlers:
- - name: Rollout CoreDNS
- command: kubectl -n kube-system rollout restart deploy/coredns
- - name: Wait for CoreDNS to be ready
- command: kubectl -n kube-system rollout status deploy/coredns
-
-- ansible.builtin.import_playbook: vexxhost.atmosphere.csi
-- ansible.builtin.import_playbook: vexxhost.atmosphere.openstack
diff --git a/molecule/ceph/group_vars/all/molecule.yml b/molecule/ceph/group_vars/all/molecule.yml
deleted file mode 100644
index 5264d6d..0000000
--- a/molecule/ceph/group_vars/all/molecule.yml
+++ /dev/null
@@ -1,126 +0,0 @@
-ceph_conf_overrides:
- - section: global
- option: osd crush chooseleaf type
- value: 0
- - section: mon
- option: auth allow insecure global id reclaim
- value: false
-
-kubernetes_keepalived_interface: eth0
-
-cilium_helm_values:
- operator:
- replicas: 1
-
-csi_driver: local-path-provisioner
-
-cluster_issuer_type: self-signed
-
-ingress_nginx_helm_values:
- controller:
- config:
- worker-processes: 2
-
-percona_xtradb_cluster_spec:
- allowUnsafeConfigurations: true
- pxc:
- size: 1
- haproxy:
- size: 1
-
-keystone_helm_values:
- pod:
- replicas:
- api: 1
-
-barbican_helm_values:
- pod:
- replicas:
- api: 1
-
-rook_ceph_cluster_radosgw_spec:
- metadataPool:
- failureDomain: osd
- dataPool:
- failureDomain: osd
- gateway:
- instances: 1
-
-glance_helm_values:
- conf:
- glance:
- DEFAULT:
- workers: 2
- pod:
- replicas:
- api: 1
-glance_images:
- - name: cirros
- url: http://download.cirros-cloud.net/0.6.1/cirros-0.6.1-x86_64-disk.img
- min_disk: 1
- disk_format: raw
- container_format: bare
- is_public: true
-
-cinder_helm_values:
- pod:
- replicas:
- api: 1
- scheduler: 1
-
-placement_helm_values:
- pod:
- replicas:
- api: 1
-
-coredns_helm_values:
- replicaCount: 1
-
-atmosphere_network_backend: "{{ lookup('env', 'ATMOSPHERE_NETWORK_BACKEND') | default('openvswitch', True) }}"
-ovn_helm_values:
- conf:
- auto_bridge_add:
- br-ex: eth1
- pod:
- replicas:
- ovn_ovsdb_nb: 1
- ovn_ovsdb_sb: 1
- ovn_northd: 1
-
-nova_helm_values:
- conf:
- nova:
- DEFAULT:
- osapi_compute_workers: 2
- metadata_workers: 2
- conductor:
- workers: 2
- scheduler:
- workers: 2
- pod:
- replicas:
- api_metadata: 1
- osapi: 1
- conductor: 1
- scheduler: 1
- novncproxy: 1
- spiceproxy: 1
-
-neutron_helm_values:
- conf:
- auto_bridge_add:
- br-ex: eth1
- neutron:
- DEFAULT:
- api_workers: 2
- rpc_workers: 2
- metadata_workers: 2
- pod:
- replicas:
- server: 1
-
-tempest_helm_values:
- conf:
- tempest:
- service_available:
- horizon: false
diff --git a/molecule/ceph/molecule.yml b/molecule/ceph/molecule.yml
deleted file mode 100644
index 90c6a83..0000000
--- a/molecule/ceph/molecule.yml
+++ /dev/null
@@ -1,84 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-dependency:
- name: galaxy
-driver:
- name: docker
-platforms:
- - name: instance
- image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest
- command: ${MOLECULE_DOCKER_COMMAND:-""}
- privileged: true
- cgroupns_mode: host
- pre_build_image: true
- purge_networks: true
- dns_servers:
- - 1.1.1.1
- docker_networks:
- - name: mgmt
- ipam_config:
- - subnet: 10.96.240.0/24
- gateway: 10.96.240.1
- - name: public
- ipam_config:
- - subnet: 10.96.250.0/24
- gateway: 10.96.250.1
- networks:
- - name: mgmt
- - name: public
- security_opts:
- - apparmor=unconfined
- volumes:
- - /dev:/dev
- - /lib/modules:/lib/modules:ro
- - /sys/fs/cgroup:/sys/fs/cgroup:rw
- - /usr/src:/usr/src:ro
- groups:
- - controllers
- - cephs
- - computes
-provisioner:
- name: ansible
- config_options:
- connection:
- pipelining: true
- tags:
- skip: >-
- sysctl,
- ethtool,
- node-feature-discovery,
- kube-prometheus-stack,
- loki,
- vector,
- ipmi-exporter,
- prometheus-pushgateway,
- multipathd,
- lpfc,
- senlin,
- designate,
- heat,
- octavia,
- magnum,
- manila,
- horizon,
- openstack-exporter
- options:
- inventory: "${MOLECULE_EPHEMERAL_DIRECTORY}/workspace"
- inventory:
- links:
- host_vars: "${MOLECULE_SCENARIO_DIRECTORY}/host_vars"
- group_vars: "${MOLECULE_SCENARIO_DIRECTORY}/group_vars"
-verifier:
- name: ansible
diff --git a/molecule/ceph/prepare.yml b/molecule/ceph/prepare.yml
deleted file mode 100644
index f3337d9..0000000
--- a/molecule/ceph/prepare.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- import_playbook: vexxhost.atmosphere.generate_workspace
- vars:
- workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
- domain_name: "{{ '{{' }} ansible_default_ipv4['address'].replace('.', '-') {{ '}}' }}.{{ lookup('env', 'ATMOSPHERE_DNS_SUFFIX_NAME') | default('nip.io', True) }}"
-
-- name: Prepare
- hosts: all
- become: true
- pre_tasks:
- - name: Wait for systemd to complete initialization
- ansible.builtin.command: systemctl is-system-running
- register: systemctl_status
- until: >
- 'running' in systemctl_status.stdout or
- 'degraded' in systemctl_status.stdout
- retries: 30
- delay: 5
- changed_when: false
- failed_when: systemctl_status.rc > 1
- tasks:
- - name: Refresh cache & install "iptables"
- ansible.builtin.package:
- name: iptables
- update_cache: true
-
- # NOTE(mnaser): The base image installs Ansible using `pip` which breaks
- # the system Python, we uninstall all Python packages.
- - name: Fix Python installation
- block:
- - name: Get all Python packages
- ansible.builtin.command: pip freeze
- register: pip_freeze
-
- - name: Uninstall all Python packages
- ansible.builtin.pip:
- name: "{{ pip_freeze.stdout_lines }}"
- state: absent
-
-- ansible.builtin.import_playbook: vexxhost.ceph.create_fake_devices
-
-- hosts: controllers
- become: true
- tasks:
- - name: Overwrite existing osds.yml file
- delegate_to: localhost
- ansible.builtin.copy:
- dest: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/group_vars/cephs/osds.yml"
- content: |
- ceph_osd_devices:
- - "/dev/ceph-{{ inventory_hostname_short }}-osd0/data"
- - "/dev/ceph-{{ inventory_hostname_short }}-osd1/data"
- - "/dev/ceph-{{ inventory_hostname_short }}-osd2/data"
-
- - name: Set masquerade rule
- become: yes
- ansible.builtin.iptables:
- table: nat
- chain: POSTROUTING
- source: 10.96.250.0/24
- out_interface: "{{ ansible_default_ipv4.interface }}"
- jump: MASQUERADE
diff --git a/playbooks/generate_workspace.yml b/playbooks/generate_workspace.yml
index 3df0c4a..0b11184 100644
--- a/playbooks/generate_workspace.yml
+++ b/playbooks/generate_workspace.yml
@@ -168,7 +168,6 @@
- name: Generate endpoints for workspace
hosts: localhost
- gather_facts: false
vars:
_endpoints_path: "{{ workspace_path }}/group_vars/all/endpoints.yml"
# Input variables
diff --git a/playbooks/infrastructure.yml b/playbooks/infrastructure.yml
new file mode 100644
index 0000000..db62f05
--- /dev/null
+++ b/playbooks/infrastructure.yml
@@ -0,0 +1,49 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy Infrastructure
+ hosts: controllers[0]
+ become: true
+ roles:
+ - role: cert_manager
+ tags:
+ - cert-manager
+
+ - role: cluster_issuer
+ tags:
+ - cluster-issuer
+
+ - role: ingress_nginx
+ tags:
+ - ingress-nginx
+
+ - role: rabbitmq_cluster_operator
+ tags:
+ - rabbitmq-cluster-operator
+
+ - role: percona_xtradb_cluster_operator
+ tags:
+ - percona-xtradb-cluster-operator
+
+ - role: percona_xtradb_cluster
+ tags:
+ - percona-xtradb-cluster
+
+ - role: keycloak
+ tags:
+ - keycloak
+
+ - role: keepalived
+ tags:
+ - keepalived
diff --git a/playbooks/monitoring.yml b/playbooks/monitoring.yml
new file mode 100644
index 0000000..c5249b9
--- /dev/null
+++ b/playbooks/monitoring.yml
@@ -0,0 +1,41 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy Monitoring
+ hosts: controllers[0]
+ become: true
+ roles:
+ - role: node_feature_discovery
+ tags:
+ - node-feature-discovery
+
+ - role: kube_prometheus_stack
+ tags:
+ - kube-prometheus-stack
+
+ - role: loki
+ tags:
+ - loki
+
+ - role: vector
+ tags:
+ - vector
+
+ - role: ipmi_exporter
+ tags:
+ - ipmi-exporter
+
+ - role: prometheus_pushgateway
+ tags:
+ - prometheus-pushgateway
diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml
index 5f3827b..be3cc7c 100644
--- a/playbooks/openstack.yml
+++ b/playbooks/openstack.yml
@@ -12,65 +12,10 @@
# License for the specific language governing permissions and limitations
# under the License.
-- hosts: controllers[0]
+- name: Deploy OpenStack
+ hosts: controllers[0]
become: true
roles:
- - role: cert_manager
- tags:
- - cert-manager
-
- - role: cluster_issuer
- tags:
- - cluster-issuer
-
- - role: ingress_nginx
- tags:
- - ingress-nginx
-
- - role: rabbitmq_cluster_operator
- tags:
- - rabbitmq-cluster-operator
-
- - role: percona_xtradb_cluster_operator
- tags:
- - percona-xtradb-cluster-operator
-
- - role: percona_xtradb_cluster
- tags:
- - percona-xtradb-cluster
-
- - role: keycloak
- tags:
- - keycloak
-
- - role: node_feature_discovery
- tags:
- - node-feature-discovery
-
- - role: kube_prometheus_stack
- tags:
- - kube-prometheus-stack
-
- - role: loki
- tags:
- - loki
-
- - role: vector
- tags:
- - vector
-
- - role: ipmi_exporter
- tags:
- - ipmi-exporter
-
- - role: prometheus_pushgateway
- tags:
- - prometheus-pushgateway
-
- - role: keepalived
- tags:
- - keepalived
-
- role: memcached
tags:
- memcached
diff --git a/playbooks/site.yml b/playbooks/site.yml
index 8b7255b..5d44097 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -13,6 +13,18 @@
# under the License.
- import_playbook: vexxhost.ceph.site
-- import_playbook: vexxhost.atmosphere.kubernetes
-- import_playbook: vexxhost.atmosphere.csi
-- import_playbook: vexxhost.atmosphere.openstack
+
+- name: Install Kubernetes
+ import_playbook: vexxhost.atmosphere.kubernetes
+
+- name: Install CSI
+ import_playbook: vexxhost.atmosphere.csi
+
+- name: Deploy Infrastructure
+ ansible.builtin.import_playbook: vexxhost.atmosphere.infrastructure
+
+- name: Deploy Monitoring
+ ansible.builtin.import_playbook: vexxhost.atmosphere.monitoring
+
+- name: Deploy OpenStack
+ import_playbook: vexxhost.atmosphere.openstack
diff --git a/roles/cluster_issuer/handlers/main.yml b/roles/cluster_issuer/handlers/main.yml
index 711faa3..ce91b4f 100644
--- a/roles/cluster_issuer/handlers/main.yml
+++ b/roles/cluster_issuer/handlers/main.yml
@@ -13,5 +13,6 @@
# under the License.
- name: Update CA certificates on host
+ changed_when: true
ansible.builtin.command:
cmd: update-ca-certificates
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index b8bfad7..6d06192 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -192,7 +192,7 @@
staffeln_db_sync: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:c09b73991d4ffa3b582e8d6c92888b6964f7023d69a84762de1a62678cad1777
staffeln_conductor: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:c09b73991d4ffa3b582e8d6c92888b6964f7023d69a84762de1a62678cad1777
staffeln_api: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:c09b73991d4ffa3b582e8d6c92888b6964f7023d69a84762de1a62678cad1777
- tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:82300000bc99670cc3f4be3ba0e8577a0e8e59ef9d58ca71d069a9a1928804f5
+ tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:e60b44b4a181f04879db1aa364e9b29904e705243b7a06fb27ecf9ae002660d0
vector: docker.io/timberio/vector:0.27.0-debian@sha256:29f23dab76fa306b67b10eac3e9decdb01c906f8aa3b00a2f5b2e8ae088b84e0
atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True)
diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml
index 1a2d277..7fd6458 100644
--- a/roles/keycloak/meta/main.yml
+++ b/roles/keycloak/meta/main.yml
@@ -26,8 +26,7 @@
dependencies:
- role: defaults
- role: openstack_helm_endpoints
- vars:
- openstack_helm_endpoints_list: ["oslo_db"]
+ openstack_helm_endpoints_list: ["oslo_db"]
- role: vexxhost.kubernetes.upload_helm_chart
vars:
upload_helm_chart_src: "{{ keycloak_helm_chart_path }}"
diff --git a/roles/openstack_helm_endpoints/tasks/main.yml b/roles/openstack_helm_endpoints/tasks/main.yml
index 6e4056f..afabb02 100644
--- a/roles/openstack_helm_endpoints/tasks/main.yml
+++ b/roles/openstack_helm_endpoints/tasks/main.yml
@@ -14,7 +14,6 @@
- name: Retrieve list of all the needed endpoints
ansible.builtin.set_fact:
- # noqa: yaml[line-length]
openstack_helm_endpoints_list: |-
{{ lookup('ansible.builtin.file', '../../../charts/' ~ openstack_helm_endpoints_chart ~ '/values.yaml', split_lines=False) | from_yaml | community.general.json_query('keys(endpoints)') | difference(_openstack_helm_endpoints_ignore) }}
when:
diff --git a/roles/staffeln/vars/main.yml b/roles/staffeln/vars/main.yml
index 5f26973..c0be4b3 100644
--- a/roles/staffeln/vars/main.yml
+++ b/roles/staffeln/vars/main.yml
@@ -23,8 +23,8 @@
conf:
staffeln:
conductor:
- backup_metadata_key: "{{staffeln_backup_metadata_key}}"
- retention_metadata_key: "{{staffeln_retention_metadata_key}}"
+ backup_metadata_key: "{{ staffeln_backup_metadata_key }}"
+ retention_metadata_key: "{{ staffeln_retention_metadata_key }}"
manifests:
ingress_api: false
service_ingress_api: false
diff --git a/roles/tempest/vars/main.yml b/roles/tempest/vars/main.yml
index c1eb848..39eb424 100644
--- a/roles/tempest/vars/main.yml
+++ b/roles/tempest/vars/main.yml
@@ -38,10 +38,15 @@
v3_endpoint_type: internal
image:
endpoint_type: internal
+ load_balancer:
+ endpoint_type: internal
+ enable_security_groups: true
network:
endpoint_type: internal
floating_network_name: public
shared_physical_network: false
+ network-feature-enabled:
+ port_security: true
placement:
endpoint_type: internal
validation:
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index f11ac39..0000000
--- a/shell.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs ? import <nixpkgs> { } }:
-
-pkgs.mkShell {
- packages = with pkgs; [
- pkgs.earthly
- pkgs.go
- pkgs.poetry
- ];
-}