Compare commits
5 Commits
0dbab431a0
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 06a87a6d07 | |||
| d37c4c2f13 | |||
| 629bb21f12 | |||
| 6d9499ebb1 | |||
| 4ab136be68 |
@ -51,7 +51,7 @@ func buildBootISO(out io.Writer, ctx *renderContext) (err error) {
|
||||
}
|
||||
|
||||
// create a tag file
|
||||
bootstrapBytes, _, err := ctx.BootstrapConfig()
|
||||
bootstrapBytes, err := ctx.BootstrapConfig()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@ -4,7 +4,6 @@ import (
|
||||
"archive/tar"
|
||||
"bytes"
|
||||
"crypto"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
@ -12,26 +11,20 @@ import (
|
||||
"os"
|
||||
|
||||
"github.com/klauspost/compress/zstd"
|
||||
yaml "gopkg.in/yaml.v2"
|
||||
|
||||
"novit.tech/direktil/pkg/cpiocat"
|
||||
)
|
||||
|
||||
func renderBootstrapConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, asJson bool) (err error) {
|
||||
func renderBootstrapConfig(w http.ResponseWriter, ctx *renderContext) (err error) {
|
||||
log.Printf("sending bootstrap config for %q", ctx.Host.Name)
|
||||
|
||||
_, cfg, err := ctx.BootstrapConfig()
|
||||
ba, err := ctx.BootstrapConfig()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if asJson {
|
||||
err = json.NewEncoder(w).Encode(cfg)
|
||||
} else {
|
||||
err = yaml.NewEncoder(w).Encode(cfg)
|
||||
}
|
||||
|
||||
return nil
|
||||
_, err = w.Write(ba)
|
||||
return
|
||||
}
|
||||
|
||||
func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
|
||||
@ -72,7 +65,7 @@ func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
|
||||
}
|
||||
|
||||
// config
|
||||
cfgBytes, _, err := ctx.BootstrapConfig()
|
||||
cfgBytes, err := ctx.BootstrapConfig()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@ -117,7 +117,12 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
|
||||
return
|
||||
}
|
||||
|
||||
s = string(ca.Cert)
|
||||
extra, err := caExtraCerts(cluster, name)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
s = string(ca.Cert) + extra
|
||||
return
|
||||
},
|
||||
|
||||
@ -127,13 +132,18 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
|
||||
return
|
||||
}
|
||||
|
||||
extra, err := caExtraCerts(cluster, name)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
dir := "/etc/tls-ca/" + name
|
||||
|
||||
return asYaml([]config.FileDef{
|
||||
{
|
||||
Path: path.Join(dir, "ca.crt"),
|
||||
Mode: 0644,
|
||||
Content: string(ca.Cert),
|
||||
Content: string(ca.Cert) + extra,
|
||||
},
|
||||
{
|
||||
Path: path.Join(dir, "ca.key"),
|
||||
|
||||
@ -4,14 +4,12 @@ import (
|
||||
"encoding/json"
|
||||
"log"
|
||||
"net/http"
|
||||
|
||||
yaml "gopkg.in/yaml.v2"
|
||||
)
|
||||
|
||||
func renderConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, asJson bool) (err error) {
|
||||
func renderConfig(w http.ResponseWriter, _ *http.Request, ctx *renderContext, asJson bool) (err error) {
|
||||
log.Printf("sending config for %q", ctx.Host.Name)
|
||||
|
||||
_, cfg, err := ctx.Config()
|
||||
cfgBytes, cfg, err := ctx.Config()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -19,7 +17,7 @@ func renderConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, as
|
||||
if asJson {
|
||||
err = json.NewEncoder(w).Encode(cfg)
|
||||
} else {
|
||||
err = yaml.NewEncoder(w).Encode(cfg)
|
||||
_, err = w.Write(cfgBytes)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
||||
@ -26,14 +26,10 @@ import (
|
||||
|
||||
"novit.tech/direktil/pkg/config"
|
||||
"novit.tech/direktil/pkg/localconfig"
|
||||
|
||||
bsconfig "novit.tech/direktil/pkg/bootstrapconfig"
|
||||
)
|
||||
|
||||
var cmdlineParam = restful.QueryParameter("cmdline", "Linux kernel cmdline addition")
|
||||
|
||||
var b64 = base64.StdEncoding.WithPadding(base64.NoPadding)
|
||||
|
||||
type renderContext struct {
|
||||
Host *localconfig.Host
|
||||
SSLConfig *cfsslconfig.Config
|
||||
@ -114,19 +110,8 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
|
||||
return
|
||||
}
|
||||
|
||||
func (ctx *renderContext) BootstrapConfig() (ba []byte, cfg *bsconfig.Config, err error) {
|
||||
ba, err = ctx.render(ctx.Host.BootstrapConfig)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cfg = &bsconfig.Config{}
|
||||
if err = yaml.Unmarshal(ba, cfg); err != nil {
|
||||
log.Print("invalid bootstrap config yaml:\n", string(ba))
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
func (ctx *renderContext) BootstrapConfig() (ba []byte, err error) {
|
||||
return ctx.render(ctx.Host.BootstrapConfig)
|
||||
}
|
||||
|
||||
func (ctx *renderContext) render(templateText string) (ba []byte, err error) {
|
||||
@ -190,8 +175,7 @@ func (ctx *renderContext) TemplateFuncs() map[string]any {
|
||||
|
||||
for name, method := range map[string]any{
|
||||
"base64": func(input string) string {
|
||||
enc := base64.StdEncoding.WithPadding(base64.NoPadding)
|
||||
return enc.EncodeToString([]byte(input))
|
||||
return base64.StdEncoding.EncodeToString([]byte(input))
|
||||
},
|
||||
|
||||
"host_ip": func() (s string) {
|
||||
|
||||
@ -79,6 +79,17 @@ func getUsableClusterCA(cluster, name string) (ca CA, err error) {
|
||||
return
|
||||
}
|
||||
|
||||
func caExtraCerts(cluster, name string) (extra string, err error) {
|
||||
cfg, err := readConfig()
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
if cfg.ExtraCaCerts != nil {
|
||||
extra = cfg.ExtraCaCerts[cluster+"/"+name]
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")
|
||||
|
||||
func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) {
|
||||
|
||||
@ -211,9 +211,7 @@ func renderHost(w http.ResponseWriter, r *http.Request, what string, host *local
|
||||
|
||||
// boot v2
|
||||
case "bootstrap-config":
|
||||
err = renderBootstrapConfig(w, r, ctx, false)
|
||||
case "bootstrap-config.json":
|
||||
err = renderBootstrapConfig(w, r, ctx, true)
|
||||
err = renderBootstrapConfig(w, ctx)
|
||||
|
||||
default:
|
||||
http.NotFound(w, r)
|
||||
|
||||
2
go.mod
2
go.mod
@ -25,7 +25,7 @@ require (
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
k8s.io/apimachinery v0.33.2
|
||||
m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766
|
||||
novit.tech/direktil/pkg v0.0.0-20260125193049-56f78e083a84
|
||||
novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51
|
||||
)
|
||||
|
||||
replace github.com/zmap/zlint/v3 => github.com/zmap/zlint/v3 v3.3.1
|
||||
|
||||
6
go.sum
6
go.sum
@ -346,5 +346,7 @@ k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8
|
||||
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
|
||||
m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766 h1:JRzMBDbUwrTTGDJaJSH0ap4vRL0Q9CN1bG8a6n49eaQ=
|
||||
m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766/go.mod h1:BMv3aOSYpupuiiG3Ch3ND88aB5CfAks3YZuRLE8j1ls=
|
||||
novit.tech/direktil/pkg v0.0.0-20260125193049-56f78e083a84 h1:eqLPaRpVth1WgdvprKKtc4CVF13dkxuKbo7bLzlYG6s=
|
||||
novit.tech/direktil/pkg v0.0.0-20260125193049-56f78e083a84/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
|
||||
novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd h1:proGf8Cid9tzJzoRbqQHGGpZZKTpUDFwOREbjYrCbkM=
|
||||
novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
|
||||
novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51 h1:NBcpvWcTBMzFos0pkuLsbVCQ+mHf8KqNOdVywMX6FFk=
|
||||
novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
|
||||
|
||||
Reference in New Issue
Block a user