[Linux-ha-dev] [RFC] Change the behavior of cibadmin on dangerous
options
Joachim Banzhaf
joachimbanzhaf at compuserve.de
Tue Dec 4 10:24:18 MST 2007
Hi Hu,
Am Dienstag 04 Dezember 2007 14:29:35 schrieb Xinwei Hu:
> 2007/12/4, Lars Marowsky-Bree <lmb at suse.de>:
> > On 2007-12-04T00:20:15, Xinwei Hu <hxinwei at gmail.com> wrote:
> > > Hi all,
> > >
> > > We have a instance about cibadmin recently. A typo of 'cibadmin -r
> > > blahblah' forces the HA into RO mode without any warning, and the
> > > field engineer almost panic. ;)
> >
> > I like the direction.
Me too.
> > The more dangerous commands usually require a --force option on other
> > tools. (fsck, mkfs, rpm, drbdadm, ...)
>
> The reason that I don't go this way is concerning the portability.
> getopt_long is not a POSIX standard AFAIK.
Most, if not all heartbeat commands already take long options. I cannot see
your problem here.
> > Reading y/n from stdin is not a good approach; the commands might
> > require the XML to be on stdin.
>
> You are right.
> So how about let the process give verbose warning message on dangerous
> options and sleep N seconds before proceeding ?
Noo! Please just add a second option (even a short one like in rm -rf).
Without the second option, if stdin is a tty, then ask for confirmation else
fail (more safe) or go on (more backward compatible). That way, there is no
more SPOF - and that is all I want heartbeat to do for me :-)
Just my 2ct
Joachim
More information about the Linux-HA-Dev
mailing list