From 6814f27123bf6fdefdc33e7a674161b0d275e00c Mon Sep 17 00:00:00 2001
From: Teddy Andrieux <teddy.andrieux@scality.com>
Date: Fri, 22 Jan 2021 17:30:55 +0100
Subject: [PATCH 1/2] script: Add check about CA:minion matching bootstrap
 minion id

Currently in the bootstrap we use the local node as bootstrap node and
also as CA minion, adding a check to be sure that the minion id provided
in the bootstrap config match the local minion id.
NOTE: This check is only part of the script and not somewhere else in
Salt, the `CA:minion` key inside the bootstrap configuration
is here for being able to install MetalK8s using another Salt minion
as CA
---
 CHANGELOG.md         |  4 ++++
 scripts/common.sh.in | 11 +++++++++++
 2 files changed, 15 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7c3466f88b..80a1f136f2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,10 @@
   MetalK8s UI node page
   (PR [#3045](https://github.com/scality/metalk8s/pull/3045))
 
+- Improve error handling when providing invalid CA minion in Bootstrap
+  configuration file
+  (PR [#3065](https://github.com/scality/metalk8s/pull/3065))
+
 ### Bug fixes
 - [#3022](https://github.com/scality/metalk8s/issues/3022) - Ensure salt-master
   container can start at reboot even if local salt-minion is down
diff --git a/scripts/common.sh.in b/scripts/common.sh.in
index d6713e4634..705e0333aa 100644
--- a/scripts/common.sh.in
+++ b/scripts/common.sh.in
@@ -354,6 +354,17 @@ configure_salt_minion_local_mode() {
 }
 
 check_local_node() {
+    # NOTE: Today using bootstrap script, bootstrap node is also the CA
+    # minion, so check for minion id equal to CA minion
+    minion_id="$("$SALT_CALL" --out txt --local grains.get id | cut -c 8-)"
+    ca_minion="$("$SALT_CALL" --out txt --local pillar.get metalk8s:ca:minion | cut -c 8-)"
+    if [ "$minion_id" != "$ca_minion" ]; then
+        echo "CA minion \"$ca_minion\" from bootstrap configuration is not equal" \
+            "to the local minion ID \"$minion_id\", you need to change" \
+            "the local minion ID, or update the bootstrap configuration." 1>&2
+        return 1
+    fi
+
     "$SALT_CALL" --local --retcode-passthrough metalk8s_checks.node \
         saltenv=metalk8s-@@VERSION
 }

From b891c77285d4adc6e66a9aad17ce1edd6fe5ee3e Mon Sep 17 00:00:00 2001
From: Teddy Andrieux <teddy.andrieux@scality.com>
Date: Fri, 22 Jan 2021 17:35:24 +0100
Subject: [PATCH 2/2] script: Replace tabs with whitespace in bootstrap script

---
 scripts/bootstrap.sh.in | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/bootstrap.sh.in b/scripts/bootstrap.sh.in
index fdd9c15d90..472a58f3fe 100755
--- a/scripts/bootstrap.sh.in
+++ b/scripts/bootstrap.sh.in
@@ -170,8 +170,8 @@ bootstrap_file_is_present() {
 main() {
     run "Determine the OS" determine_os
     if [ -z "${PYTHON:-}" ]; then
-	run "Installing Python3 package" install_packages python3
-	PYTHON=${PYTHON:-$(command -v python3)}
+        run "Installing Python3 package" install_packages python3
+        PYTHON=${PYTHON:-$(command -v python3)}
     fi
     run "Checking that BootstrapConfiguration is present" bootstrap_file_is_present
     run "Pre-minion system tests" pre_minion_checks