Okay, so my plan is to implement this as a 32 char pwgen, put it in leader settings and have non-leaders wait for the password to appear, along with all the checking that leadership hasn't changed, etc. Essentially, this is already done with the 'heat-domain-admin-password' setting.
I've also noticed what might be a race in the leader_elected() call:
@hooks.hook('leader-elected')
def leader_elected():
if is_leader() and not leader_get('heat-domain-admin-passwd'): leader_set({'heat-domain-admin-passwd': pwgen(32)})
There is a small possibility, I believe, that leader_set(..) could fail if another leader is elected between the call to is_leader() and leader_set(). It is small, but could lead to an error out on the hook. The retry would probably take care of the issue, although it would look ugly in the logs.
Okay, so my plan is to implement this as a 32 char pwgen, put it in leader settings and have non-leaders wait for the password to appear, along with all the checking that leadership hasn't changed, etc. Essentially, this is already done with the 'heat-domain- admin-password' setting.
I've also noticed what might be a race in the leader_elected() call:
@hooks. hook('leader- elected' ) get('heat- domain- admin-passwd' ):
leader_ set({'heat- domain- admin-passwd' : pwgen(32)})
def leader_elected():
if is_leader() and not leader_
There is a small possibility, I believe, that leader_set(..) could fail if another leader is elected between the call to is_leader() and leader_set(). It is small, but could lead to an error out on the hook. The retry would probably take care of the issue, although it would look ugly in the logs.