[Linux-ha-dev] [RFC] Change the behavior of cibadmin on dangerous
options
Andrew Beekhof
beekhof at gmail.com
Tue Dec 4 12:29:55 MST 2007
i'll implement the --force|-f approach tomorrow.
On Dec 4, 2007, at 6:24 PM, Joachim Banzhaf wrote:
> Hi Hu,
>
> Am Dienstag 04 Dezember 2007 14:29:35 schrieb Xinwei Hu:
>> 2007/12/4, Lars Marowsky-Bree <lmb at suse.de>:
>>> On 2007-12-04T00:20:15, Xinwei Hu <hxinwei at gmail.com> wrote:
>>>> Hi all,
>>>>
>>>> We have a instance about cibadmin recently. A typo of 'cibadmin
>>>> -r
>>>> blahblah' forces the HA into RO mode without any warning, and the
>>>> field engineer almost panic. ;)
>>>
>>> I like the direction.
>
> Me too.
>
>>> The more dangerous commands usually require a --force option on
>>> other
>>> tools. (fsck, mkfs, rpm, drbdadm, ...)
>>
>> The reason that I don't go this way is concerning the portability.
>> getopt_long is not a POSIX standard AFAIK.
>
> Most, if not all heartbeat commands already take long options. I
> cannot see
> your problem here.
>
>>> Reading y/n from stdin is not a good approach; the commands might
>>> require the XML to be on stdin.
>>
>> You are right.
>> So how about let the process give verbose warning message on
>> dangerous
>> options and sleep N seconds before proceeding ?
>
> Noo! Please just add a second option (even a short one like in rm -
> rf).
> Without the second option, if stdin is a tty, then ask for
> confirmation else
> fail (more safe) or go on (more backward compatible). That way,
> there is no
> more SPOF - and that is all I want heartbeat to do for me :-)
>
> Just my 2ct
>
> Joachim
>
> _______________________________________________________
> Linux-HA-Dev: Linux-HA-Dev at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
More information about the Linux-HA-Dev
mailing list