feat: allow disabling injection of extra cmdline in cluster create

The command `talosctl cluster create` injects some extra cmdline though SMBIOS OEM variable `io.systemd.stub.kernel-cmdline-extra` when systemd-boot is used (e.g., when UEFI is enabled).

Introduce a new flag to optionally disable this behavior. This allows getting more consistent behavior when testing with a mixed set of UKI and non-UKI machines.

Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>

Author: utkuozdemir

cmd/talosctl/cmd/mgmt/cluster/create/clusterops/configmaker/internal/makers/qemu.go

@@ -177,6 +177,7 @@ func (m *Qemu) AddExtraGenOps() error {
 func (m *Qemu) AddExtraProvisionOpts() error {
 	m.ProvisionOps = slices.Concat(m.ProvisionOps, []provision.Option{
 		provision.WithBootlader(m.EOps.BootloaderEnabled),
+		provision.WithSkipInjectingExtraCmdline(m.EOps.SkipInjectingExtraCmdline),
 		provision.WithUEFI(m.EOps.UefiEnabled),
 		provision.WithTPM1_2(m.EOps.Tpm1_2Enabled),
 		provision.WithTPM2(m.EOps.Tpm2Enabled),

cmd/talosctl/cmd/mgmt/cluster/create/clusterops/options.go

@@ -105,6 +105,7 @@ type Qemu struct {
 	NodeDiskImagePath         string
 	NodeIPXEBootScript        string
 	BootloaderEnabled         bool
+	SkipInjectingExtraCmdline bool
 	UefiEnabled               bool
 	Tpm1_2Enabled             bool
 	Tpm2Enabled               bool

cmd/talosctl/cmd/mgmt/cluster/create/cmd_dev.go

@@ -47,6 +47,7 @@ func getCreateCmd(cmdName string, hidden bool) *cobra.Command {
 		diskBlockSizeFlag             = "disk-block-size"
 		useVIPFlag                    = "use-vip"
 		bootloaderEnabledFlag         = "with-bootloader"
+		skipInjectingExtraCmdlineFlag = "skip-injecting-extra-cmdline"
 		controlPlanePortFlag          = "control-plane-port"
 		firewallFlag                  = "with-firewall"
 		tpmEnabledFlag                = "with-tpm1_2"
@@ -210,6 +211,8 @@ func getCreateCmd(cmdName string, hidden bool) *cobra.Command {
 		qemu.StringVar(&qOps.NodeDiskImagePath, nodeDiskImagePathFlag, qOps.NodeDiskImagePath, "disk image to use")
 		qemu.StringVar(&qOps.NodeIPXEBootScript, nodeIPXEBootScriptFlag, qOps.NodeIPXEBootScript, "iPXE boot script (URL) to use")
 		qemu.BoolVar(&qOps.BootloaderEnabled, bootloaderEnabledFlag, qOps.BootloaderEnabled, "enable bootloader to load kernel and initramfs from disk image after install")
+		qemu.BoolVar(&qOps.SkipInjectingExtraCmdline, skipInjectingExtraCmdlineFlag, qOps.SkipInjectingExtraCmdline,
+			"skip injecting extra kernel cmdline parameters via EFI vars through bootloader")
 		qemu.BoolVar(&qOps.UefiEnabled, uefiEnabledFlag, qOps.UefiEnabled, "enable UEFI on x86_64 architecture")
 		qemu.BoolVar(&qOps.Tpm1_2Enabled, tpmEnabledFlag, qOps.Tpm1_2Enabled, "enable TPM 1.2 emulation support using swtpm")
 		qemu.BoolVar(&qOps.Tpm2Enabled, tpm2EnabledFlag, qOps.Tpm2Enabled, "enable TPM 2.0 emulation support using swtpm")

pkg/provision/options.go

@@ -196,6 +196,15 @@ func WithSiderolinkAgent(v bool) Option {
 	}
 }
 
+// WithSkipInjectingExtraCmdline prevents injecting extra kernel args into EFI vars.
+func WithSkipInjectingExtraCmdline(v bool) Option {
+	return func(o *Options) error {
+		o.SkipInjectingExtraCmdline = v
+
+		return nil
+	}
+}
+
 // Options describes Provisioner parameters.
 type Options struct {
 	LogWriter          io.Writer
@@ -207,6 +216,9 @@ type Options struct {
 	// Enable bootloader by booting from disk image after install.
 	BootloaderEnabled bool
 
+	// SkipInjectingExtraCmdline prevents injecting extra kernel args, e.g., console=ttyS0, into the EFI vars. Only applies when UEFI is enabled.
+	SkipInjectingExtraCmdline bool
+
 	// Enable UEFI (for amd64), arm64 can only boot UEFI
 	UEFIEnabled bool
 	// Enable TPM 1.2 emulation using swtpm.

pkg/provision/providers/qemu/launch.go

@@ -30,28 +30,29 @@ type LaunchConfig struct {
 	StatePath string
 
 	// VM options
-	DiskPaths         []string
-	DiskDrivers       []string
-	DiskBlockSizes    []uint
-	VCPUCount         int64
-	MemSize           int64
-	KernelImagePath   string
-	InitrdPath        string
-	ISOPath           string
-	USBPath           string
-	UKIPath           string
-	ExtraISOPath      string
-	PFlashImages      []string
-	KernelArgs        string
-	MonitorPath       string
-	DefaultBootOrder  string
-	BootloaderEnabled bool
-	TPMConfig         tpmConfig
-	NodeUUID          uuid.UUID
-	BadRTC            bool
-	ArchitectureData  Arch
-	WithDebugShell    bool
-	IOMMUEnabled      bool
+	DiskPaths                 []string
+	DiskDrivers               []string
+	DiskBlockSizes            []uint
+	VCPUCount                 int64
+	MemSize                   int64
+	KernelImagePath           string
+	InitrdPath                string
+	ISOPath                   string
+	USBPath                   string
+	UKIPath                   string
+	ExtraISOPath              string
+	PFlashImages              []string
+	KernelArgs                string
+	MonitorPath               string
+	DefaultBootOrder          string
+	BootloaderEnabled         bool
+	TPMConfig                 tpmConfig
+	NodeUUID                  uuid.UUID
+	BadRTC                    bool
+	ArchitectureData          Arch
+	WithDebugShell            bool
+	IOMMUEnabled              bool
+	SkipInjectingExtraCmdline bool
 
 	// Talos config
 	Config string
@@ -314,9 +315,11 @@ func launchVM(config *LaunchConfig) error {
 		}
 	}
 
-	args = append(args,
-		"-smbios", fmt.Sprintf("type=11,value=%s=%s", constants.SDStubCmdlineExtraOEMVar, config.sdStubExtraCmdline),
-	)
+	if !config.SkipInjectingExtraCmdline {
+		args = append(args,
+			"-smbios", fmt.Sprintf("type=11,value=%s=%s", constants.SDStubCmdlineExtraOEMVar, config.sdStubExtraCmdline),
+		)
+	}
 
 	if config.BadRTC {
 		args = append(args,

pkg/provision/providers/qemu/node.go

@@ -163,23 +163,24 @@ func (p *provisioner) createNode(ctx context.Context, state *provision.State, cl
 		DiskBlockSizes: xslices.Map(nodeReq.Disks, func(disk *provision.Disk) uint {
 			return disk.BlockSize
 		}),
-		VCPUCount:         vcpuCount,
-		MemSize:           memSize,
-		KernelArgs:        cmdline.String(),
-		ExtraISOPath:      extraISOPath,
-		PFlashImages:      pflashImages,
-		MonitorPath:       state.GetRelativePath(fmt.Sprintf("%s.monitor", nodeReq.Name)),
-		BadRTC:            nodeReq.BadRTC,
-		DefaultBootOrder:  defaultBootOrder,
-		BootloaderEnabled: opts.BootloaderEnabled,
-		NodeUUID:          nodeUUID,
-		Config:            nodeConfig,
-		TFTPServer:        nodeReq.TFTPServer,
-		IPXEBootFileName:  nodeReq.IPXEBootFilename,
-		APIBindAddress:    apiBind,
-		WithDebugShell:    opts.WithDebugShell,
-		IOMMUEnabled:      opts.IOMMUEnabled,
-		Network:           getLaunchNetworkConfig(state, clusterReq, nodeReq),
+		VCPUCount:                 vcpuCount,
+		MemSize:                   memSize,
+		KernelArgs:                cmdline.String(),
+		ExtraISOPath:              extraISOPath,
+		PFlashImages:              pflashImages,
+		MonitorPath:               state.GetRelativePath(fmt.Sprintf("%s.monitor", nodeReq.Name)),
+		BadRTC:                    nodeReq.BadRTC,
+		DefaultBootOrder:          defaultBootOrder,
+		BootloaderEnabled:         opts.BootloaderEnabled,
+		SkipInjectingExtraCmdline: opts.SkipInjectingExtraCmdline,
+		NodeUUID:                  nodeUUID,
+		Config:                    nodeConfig,
+		TFTPServer:                nodeReq.TFTPServer,
+		IPXEBootFileName:          nodeReq.IPXEBootFilename,
+		APIBindAddress:            apiBind,
+		WithDebugShell:            opts.WithDebugShell,
+		IOMMUEnabled:              opts.IOMMUEnabled,
+		Network:                   getLaunchNetworkConfig(state, clusterReq, nodeReq),
 
 		// Generate a random MAC address.
 		// On linux this is later overridden to the interface mac.

website/content/v1.12/reference/cli.md

@@ -185,6 +185,7 @@ talosctl cluster create dev [flags]
       --registry-insecure-skip-verify strings    list of registry hostnames to skip TLS verification for
       --registry-mirror strings                  list of registry mirrors to use in format: <registry host>=<mirror URL>
       --skip-injecting-config                    skip injecting config from embedded metadata server, write config files to current directory
+      --skip-injecting-extra-cmdline             skip injecting extra kernel cmdline parameters via EFI vars through bootloader
       --skip-k8s-node-readiness-check            skip k8s node readiness checks
       --skip-kubeconfig                          skip merging kubeconfig from the created cluster
       --talos-version string                     the desired Talos version to generate config for (default "latest")