fix ws config as yaml

cmd/dkl-local-server/boot-iso.go

@@ -51,7 +51,7 @@ func buildBootISO(out io.Writer, ctx *renderContext) (err error) {
 		}
 
 		// create a tag file
-		bootstrapBytes, _, err := ctx.BootstrapConfig()
+		bootstrapBytes, err := ctx.BootstrapConfig()
 		if err != nil {
 			return
 		}

cmd/dkl-local-server/bootv2.go

@@ -4,7 +4,6 @@ import (
 	"archive/tar"
 	"bytes"
 	"crypto"
-	"encoding/json"
 	"fmt"
 	"io"
 	"log"
@@ -12,26 +11,20 @@ import (
 	"os"
 
 	"github.com/klauspost/compress/zstd"
-	yaml "gopkg.in/yaml.v2"
 
 	"novit.tech/direktil/pkg/cpiocat"
 )
 
-func renderBootstrapConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, asJson bool) (err error) {
+func renderBootstrapConfig(w http.ResponseWriter, ctx *renderContext) (err error) {
 	log.Printf("sending bootstrap config for %q", ctx.Host.Name)
 
-	_, cfg, err := ctx.BootstrapConfig()
+	ba, err := ctx.BootstrapConfig()
 	if err != nil {
 		return err
 	}
 
-	if asJson {
+	_, err = w.Write(ba)
-		err = json.NewEncoder(w).Encode(cfg)
+	return
-	} else {
-		err = yaml.NewEncoder(w).Encode(cfg)
-	}
-
-	return nil
 }
 
 func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
@@ -58,8 +51,10 @@ func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
 	for _, layer := range cfg.Layers {
 		switch layer {
 		case "modules":
-
 			layerVersion := ctx.Host.Versions[layer]
+			if layerVersion == "" {
+				layerVersion = ctx.Host.Kernel
+			}
 			modulesPath, err := distFetch("layers", layer, layerVersion)
 			if err != nil {
 				return err
@@ -70,7 +65,7 @@ func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
 	}
 
 	// config
-	cfgBytes, _, err := ctx.BootstrapConfig()
+	cfgBytes, err := ctx.BootstrapConfig()
 	if err != nil {
 		return
 	}

cmd/dkl-local-server/cluster-render-context.go

@@ -117,7 +117,12 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
 				return
 			}
 
-			s = string(ca.Cert)
+			extra, err := caExtraCerts(cluster, name)
+			if err != nil {
+				return
+			}
+
+			s = string(ca.Cert) + extra
 			return
 		},
 
@@ -127,13 +132,18 @@ func templateFuncs(sslCfg *cfsslconfig.Config) map[string]any {
 				return
 			}
 
+			extra, err := caExtraCerts(cluster, name)
+			if err != nil {
+				return
+			}
+
 			dir := "/etc/tls-ca/" + name
 
 			return asYaml([]config.FileDef{
 				{
 					Path:    path.Join(dir, "ca.crt"),
 					Mode:    0644,
-					Content: string(ca.Cert),
+					Content: string(ca.Cert) + extra,
 				},
 				{
 					Path:    path.Join(dir, "ca.key"),

cmd/dkl-local-server/initrd.go

@@ -4,14 +4,12 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
-
-	yaml "gopkg.in/yaml.v2"
 )
 
-func renderConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, asJson bool) (err error) {
+func renderConfig(w http.ResponseWriter, _ *http.Request, ctx *renderContext, asJson bool) (err error) {
 	log.Printf("sending config for %q", ctx.Host.Name)
 
-	_, cfg, err := ctx.Config()
+	cfgBytes, cfg, err := ctx.Config()
 	if err != nil {
 		return err
 	}
@@ -19,7 +17,7 @@ func renderConfig(w http.ResponseWriter, r *http.Request, ctx *renderContext, as
 	if asJson {
 		err = json.NewEncoder(w).Encode(cfg)
 	} else {
-		err = yaml.NewEncoder(w).Encode(cfg)
+		_, err = w.Write(cfgBytes)
 	}
 
 	return nil

cmd/dkl-local-server/render-context.go

@@ -26,8 +26,6 @@ import (
 
 	"novit.tech/direktil/pkg/config"
 	"novit.tech/direktil/pkg/localconfig"
-
-	bsconfig "novit.tech/direktil/pkg/bootstrapconfig"
 )
 
 var cmdlineParam = restful.QueryParameter("cmdline", "Linux kernel cmdline addition")
@@ -102,6 +100,8 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
 		return
 	}
 
+	// log.Print("rendered config:\n", string(ba))
+
 	cfg = &config.Config{}
 	if err = yaml.Unmarshal(ba, cfg); err != nil {
 		return
@@ -110,19 +110,8 @@ func (ctx *renderContext) Config() (ba []byte, cfg *config.Config, err error) {
 	return
 }
 
-func (ctx *renderContext) BootstrapConfig() (ba []byte, cfg *bsconfig.Config, err error) {
+func (ctx *renderContext) BootstrapConfig() (ba []byte, err error) {
-	ba, err = ctx.render(ctx.Host.BootstrapConfig)
+	return ctx.render(ctx.Host.BootstrapConfig)
-	if err != nil {
-		return
-	}
-
-	cfg = &bsconfig.Config{}
-	if err = yaml.Unmarshal(ba, cfg); err != nil {
-		log.Print("invalid bootstrap config yaml:\n", string(ba))
-		return
-	}
-
-	return
 }
 
 func (ctx *renderContext) render(templateText string) (ba []byte, err error) {
@@ -186,9 +175,9 @@ func (ctx *renderContext) TemplateFuncs() map[string]any {
 
 	for name, method := range map[string]any{
 		"base64": func(input string) string {
-			enc := base64.StdEncoding.WithPadding(base64.NoPadding)
+			return base64.StdEncoding.EncodeToString([]byte(input))
-			return enc.EncodeToString([]byte(input))
 		},
+
 		"host_ip": func() (s string) {
 			return ctx.Host.IPs[0]
 		},

cmd/dkl-local-server/ws-cluster-cas.go

@@ -79,6 +79,17 @@ func getUsableClusterCA(cluster, name string) (ca CA, err error) {
 	return
 }
 
+func caExtraCerts(cluster, name string) (extra string, err error) {
+	cfg, err := readConfig()
+	if err != nil {
+		return
+	}
+	if cfg.ExtraCaCerts != nil {
+		extra = cfg.ExtraCaCerts[cluster+"/"+name]
+	}
+	return
+}
+
 var clusterCASignedKeys = newClusterSecretKV[KeyCert]("CA-signed-keys")
 
 func wsClusterCASignedKeys(req *restful.Request, resp *restful.Response) {

cmd/dkl-local-server/ws-host.go

@@ -211,9 +211,7 @@ func renderHost(w http.ResponseWriter, r *http.Request, what string, host *local
 
 	// boot v2
 	case "bootstrap-config":
-		err = renderBootstrapConfig(w, r, ctx, false)
+		err = renderBootstrapConfig(w, ctx)
-	case "bootstrap-config.json":
-		err = renderBootstrapConfig(w, r, ctx, true)
 
 	default:
 		http.NotFound(w, r)

go.mod

@@ -25,7 +25,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/apimachinery v0.33.2
 	m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766
-	novit.tech/direktil/pkg v0.0.0-20250706092353-d857af8032a1
+	novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51
 )
 
 replace github.com/zmap/zlint/v3 => github.com/zmap/zlint/v3 v3.3.1

go.sum

@@ -346,5 +346,7 @@ k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8
 k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766 h1:JRzMBDbUwrTTGDJaJSH0ap4vRL0Q9CN1bG8a6n49eaQ=
 m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766/go.mod h1:BMv3aOSYpupuiiG3Ch3ND88aB5CfAks3YZuRLE8j1ls=
-novit.tech/direktil/pkg v0.0.0-20250706092353-d857af8032a1 h1:hKj9qhbTAoTxYIj6KaMLJp9I+bvZfkSM/QwK8Bd496o=
+novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd h1:proGf8Cid9tzJzoRbqQHGGpZZKTpUDFwOREbjYrCbkM=
-novit.tech/direktil/pkg v0.0.0-20250706092353-d857af8032a1/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
+novit.tech/direktil/pkg v0.0.0-20260210141740-4d5661fa8ecd/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
+novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51 h1:NBcpvWcTBMzFos0pkuLsbVCQ+mHf8KqNOdVywMX6FFk=
+novit.tech/direktil/pkg v0.0.0-20260221072850-b72bed72bb51/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=