From f6342dd31f11fd60b73998a0ece743bf6977eec3 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Mon, 25 Jun 2018 14:51:39 -0400
Subject: [PATCH] Allow connect_to_leader to cycle in the parent for loop

Startup was foiled when one entry was bad.  Also add comments
on invite/join needing to be done from current leader, and the need
for better error messages.
---
 confluent_server/confluent/collective/manager.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/confluent_server/confluent/collective/manager.py b/confluent_server/confluent/collective/manager.py
index 2c9bfd6f..99a2dfa5 100644
--- a/confluent_server/confluent/collective/manager.py
+++ b/confluent_server/confluent/collective/manager.py
@@ -36,7 +36,10 @@ def connect_to_leader(cert=None, name=None, leader=None):
     global currentleader
     if leader is None:
         leader = currentleader
-    remote = socket.create_connection((leader, 13001))
+    try:
+        remote = socket.create_connection((leader, 13001))
+    except socket.error:
+        return
     # TLS cert validation is custom and will not pass normal CA vetting
     # to override completely in the right place requires enormous effort, so just defer until after connect
     remote = ssl.wrap_socket(remote, cert_reqs=ssl.CERT_NONE, keyfile='/etc/confluent/privkey.pem',
@@ -108,6 +111,8 @@ def handle_connection(connection, cert, request, local=False):
         if not local:
             return
         if 'invite' == operation:
+            #TODO(jjohnson2): Cannot do the invitation if not the head node, the certificate hand-carrying
+            #can't work in such a case.
             name = request['name']
             invitation = invites.create_server_invitation(name)
             tlvdata.send(connection,
@@ -147,6 +152,7 @@ def handle_connection(connection, cert, request, local=False):
             f.close()
             eventlet.spawn_n(connect_to_leader, cert, name)
     if 'enroll' == operation:
+        #TODO(jjohnson2): error appropriately when asked to enroll, but the master is elsewhere
         mycert = util.get_certificate_from_file('/etc/confluent/srvcert.pem')
         proof = base64.b64decode(request['hmac'])
         myrsp = invites.check_client_proof(request['name'], mycert,