fix ws config as yaml

feat: ca extra certs
base64 k8s (yaml) decoder expects padding
2026-02-21 14:34:53 +01:00 · 2026-02-21 08:43:43 +01:00 · 2026-02-10 21:08:45 +01:00 · 2026-02-10 15:20:51 +01:00 · 2026-01-26 12:08:54 +01:00
9 changed files with 41 additions and 45 deletions
--- a/cmd/dkl-local-server/boot-iso.go
+++ b/cmd/dkl-local-server/boot-iso.go
@ -51,7 +51,7 @@ func buildBootISO(out io.Writer, ctx *renderContext) (err error) {
 		}
 		// create a tag file
-		bootstrapBytes, _, err := ctx.BootstrapConfig()
+		bootstrapBytes, err := ctx.BootstrapConfig()
 		if err != nil {
 			return
 		}
--- a/cmd/dkl-local-server/bootv2.go
+++ b/cmd/dkl-local-server/bootv2.go
@ -4,7 +4,6 @@ import (
 	"archive/tar"
 	"bytes"
 	"crypto"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
@ -12,26 +11,20 @@ import (
 	"os"
 	"github.com/klauspost/compress/zstd"
 	yaml "gopkg.in/yaml.v2"
 	"novit.tech/direktil/pkg/cpiocat"
 )
-func renderBootstrapConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, asJson bool) (err error) {
+func renderBootstrapConfig(w http.ResponseWriter, ctx *renderContext) (err error) {
 	log.Printf("sending bootstrap config for %q", ctx.Host.Name)
-	_, cfg, err := ctx.BootstrapConfig()
+	ba, err := ctx.BootstrapConfig()
 	if err != nil {
 		return err
 	}
-	if asJson {
+	_, err = w.Write(ba)
-		err = json.NewEncoder(w).Encode(cfg)
+	return
 	} else {
 		err = yaml.NewEncoder(w).Encode(cfg)
 	}
 	return nil
 }
 func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
@ -72,7 +65,7 @@ func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
 	}
 	// config
-	cfgBytes, _, err := ctx.BootstrapConfig()
+	cfgBytes, err := ctx.BootstrapConfig()
 	if err != nil {
 		return
 	}
--- a/cmd/dkl-local-server/cluster-render-context.go
+++ b/cmd/dkl-local-server/cluster-render-context.go
@ -117,7 +117,12 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
 				return
 			}
-			s = string(ca.Cert)
+			extra, err := caExtraCerts(cluster, name)
 			if err != nil {
 				return
 			}
 			s = string(ca.Cert) + extra
 			return
 		},
@ -127,13 +132,18 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
 				return
 			}
 			extra, err := caExtraCerts(cluster, name)
 			if err != nil {
 				return
 			}
 			dir := "/etc/tls-ca/" + name
 			return asYaml([]config.FileDef{
 				{
 					Path:    path.Join(dir, "ca.crt"),
 					Mode:    0644,
-					Content: string(ca.Cert),
+					Content: string(ca.Cert) + extra,
 				},
 				{
 					Path:    path.Join(dir, "ca.key"),
--- a/cmd/dkl-local-server/initrd.go
+++ b/cmd/dkl-local-server/initrd.go
@ -4,14 +4,12 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
 	yaml "gopkg.in/yaml.v2"
 )
-func renderConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, asJson bool) (err error) {
+func renderConfig(w http.ResponseWriter, _ *http.Request, ctx *renderContext, asJson bool) (err error) {
 	log.Printf("sending config for %q", ctx.Host.Name)
-	_, cfg, err := ctx.Config()
+	cfgBytes, cfg, err := ctx.Config()
 	if err != nil {
 		return err
 	}
@ -19,7 +17,7 @@ func renderConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, as
 	if asJson {
 		err = json.NewEncoder(w).Encode(cfg)
 	} else {
-		err = yaml.NewEncoder(w).Encode(cfg)
+		_, err = w.Write(cfgBytes)
 	}
 	return nil
--- a/cmd/dkl-local-server/render-context.go
+++ b/cmd/dkl-local-server/render-context.go
@ -26,14 +26,10 @@ import (
 	"novit.tech/direktil/pkg/config"
 	"novit.tech/direktil/pkg/localconfig"
 	bsconfig "novit.tech/direktil/pkg/bootstrapconfig"
 )
 var cmdlineParam = restful.QueryParameter("cmdline", "Linux kernel cmdline addition")
 var b64 = base64.StdEncoding.WithPadding(base64.NoPadding)
 type renderContext struct {
 	Host      *localconfig.Host
 	SSLConfig *cfsslconfig.Config
@ -114,19 +110,8 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
 	return
 }
-func (ctx *renderContext) BootstrapConfig() (ba []byte, cfg *bsconfig.Config, err error) {
+func (ctx *renderContext) BootstrapConfig() (ba []byte, err error) {
-	ba, err = ctx.render(ctx.Host.BootstrapConfig)
+	return ctx.render(ctx.Host.BootstrapConfig)
 	if err != nil {
 		return
 	}
 	cfg = &bsconfig.Config{}
 	if err = yaml.Unmarshal(ba, cfg); err != nil {
 		log.Print("invalid bootstrap config yaml:\n", string(ba))
 		return
 	}
 	return
 }
 func (ctx *renderContext) render(templateText string) (ba []byte, err error) {
@ -190,8 +175,7 @@ func (ctx *renderContext) TemplateFuncs() map[string]any {
 	for name, method := range map[string]any{
 		"base64": func(input string) string {
-			enc := base64.StdEncoding.WithPadding(base64.NoPadding)
+			return base64.StdEncoding.EncodeToString([]byte(input))
 			return enc.EncodeToString([]byte(input))
 		},
 		"host_ip": func() (s string) {
--- a/cmd/dkl-local-server/ws-cluster-cas.go
+++ b/cmd/dkl-local-server/ws-cluster-cas.go
@ -79,6 +79,17 @@ func getUsableClusterCA(cluster, name string) (ca CA, err error) {
 	return
 }
 func caExtraCerts(cluster, name string) (extra string, err error) {
 	cfg, err := readConfig()
 	if err != nil {
 		return
 	}
 	if cfg.ExtraCaCerts != nil {
 		extra = cfg.ExtraCaCerts[cluster+"/"+name]
 	}
 	return
 }
 var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")
 func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) {
--- a/cmd/dkl-local-server/ws-host.go
+++ b/cmd/dkl-local-server/ws-host.go
@ -211,9 +211,7 @@ func renderHost(w http.ResponseWriter, r *http.Request, what string, host *local
 	// boot v2
 	case "bootstrap-config":
-		err = renderBootstrapConfig(w, r, ctx, false)
+		err = renderBootstrapConfig(w, ctx)
 	case "bootstrap-config.json":
 		err = renderBootstrapConfig(w, r, ctx, true)
 	default:
 		http.NotFound(w, r)
--- a/go.mod
+++ b/go.mod
@ -25,7 +25,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/apimachinery v0.33.2
 	m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766
-	novit.tech/direktil/pkg v0.0.0-20260125193049-56f78e083a84
+	novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51
 )
 replace github.com/zmap/zlint/v3 => github.com/zmap/zlint/v3 v3.3.1
--- a/go.sum
+++ b/go.sum
@ -346,5 +346,7 @@ k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8
 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766 h1:JRzMBDbUwrTTGDJaJSH0ap4vRL0Q9CN1bG8a6n49eaQ=
 m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766/go.mod h1:BMv3aOSYpupuiiG3Ch3ND88aB5CfAks3YZuRLE8j1ls=
-novit.tech/direktil/pkg v0.0.0-20260125193049-56f78e083a84 h1:eqLPaRpVth1WgdvprKKtc4CVF13dkxuKbo7bLzlYG6s=
+novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd h1:proGf8Cid9tzJzoRbqQHGGpZZKTpUDFwOREbjYrCbkM=
-novit.tech/direktil/pkg v0.0.0-20260125193049-56f78e083a84/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
+novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
 novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51 h1:NBcpvWcTBMzFos0pkuLsbVCQ+mHf8KqNOdVywMX6FFk=
 novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
Author	SHA1	Message	Date
Mikaël Cluseau	06a87a6d07	fix ws config as yaml	2026-02-21 14:34:53 +01:00
Mikaël Cluseau	d37c4c2f13	feat: ca extra certs	2026-02-21 08:43:43 +01:00
Mikaël Cluseau	629bb21f12	base64 k8s (yaml) decoder expects padding	2026-02-10 21:08:45 +01:00
Mikaël Cluseau	6d9499ebb1	bump pkg dep	2026-02-10 15:20:51 +01:00
Mikaël Cluseau	4ab136be68	cleanup	2026-01-26 12:08:54 +01:00