[Linux-ha-dev] Heartbeat - Dev: changeset 11642:54085bc025ce

Alan Robertson alanr at unix.sh
Fri Dec 7 00:22:32 MST 2007 

Andrew Beekhof wrote:
> http://hg.linux-ha.org/dev/rev/54085bc025ce
> 
> 
> "This was (at least) caused by a bug in the ssh plugin."
> 
> uhhh... no.
> the plugin behaved correctly - it's _supposed_ to report failure when it 
> can't complete the stonith operation.
> 
> "risk: near-zero - changes were not made to any production code"
> 
> again, no.
> 
> you know full well that people use the ssh agents and that the change is 
> incredibly dangerous for those people.
> 
> if you want to make these cts-specific hacks, please create a new agent 
> called external/cts or perhaps external/broken and do them there.
> anything else is just irresponsible.

What I know full well that I have never wavered in strongly advising 
against using the ssh plugin in production.

The SSH plugin was written specifically for CTS - nothing else.  It was 
written because my machines kept blowing out power supplies, etc from 
being stonithed with a real power switch in CTS thousands of time.  It 
has always been documented as a test tool ONLY.  At one time Lars and I 
discussed leaving it out of what's shipped in the plugin library but it 
made life too messy, so we left it in, and documented it as 
not-for-production.

This has been discussed dozens of times over the last 6 or 7 years, and 
the recommendation every time it's come up has been to never use it in 
production.

Also note, that this is NOT the "ssh" plugin, but the "external/ssh" 
plugin.  The "ssh" plugin is unchanged.  The external/ssh plugin was 
written to exercise the new "external" stonith module, and comes with 
the same caveat:  "Never use it in production".

 From what your strong reaction to this change, I'm guessing that you 
might have advised some people to use it in production...

I stand by my recommendation that it never be used in production, but 
given that what seems to be implied about your recommendations, I can 
make that last set of changes optional based on a parameter to the RA, 
which we can then supply in CTS.
	livedangerously=yes

No point in having three stonith agents that do the same thing - we 
already have two.

These changes are in changeset 11643:35a4edc666b8, which has now been 
pushed into 'dev'.

-- 
     Alan Robertson <alanr at unix.sh>

"Openness is the foundation and preservative of friendship...  Let me 
claim from you at all times your undisguised opinions." - William 
Wilberforce

More information about the Linux-HA-Dev mailing list