Il 06/03/2018 11:13, Ronny Aasen ha scritto:
On 06. mars 2018 10:26, Max Cuttins wrote:
Il 05/03/2018 20:17, Gregory Farnum ha scritto:
You're not wrong, and indeed that's why I pushed back on the latest
attempt to make deleting pools even more cumbersome.
But having a "trash" concept is also pretty weird. If admins can
override it to just immediately delete the data (if they need the
space), how is that different from just being another hoop to jump
through? If we want to give the data owners a chance to undo, how do
we identify and notify *them* rather than the admin running the
command? But if admins can't override the trash and delete
immediately, what do we do for things like testing and proofs of
concept where large-scale data creates and deletes are to be expected?
I'm talking about my experience:
* Data Owner are a little bit in their LA LA LAND, and think that they
can safely delete some of their data without losses.
* Data Owner should think that their pool have been really deleted
* Data Owner should not been akwnoledge about the existance of the
* So Data Owner ask to restore from backup (but instead we'll use
easily the trash).
Said so, we also have to think that:
* Administrator is always GOD, so he need to be in the possibility to
override if needed whenever he needs.
* However Administrator should just put in status delete without
override this behaviour if there is not need to do so.
* Override should be allowed only with many cumbersome telling you
that YOU SHOULD NOT OVERRIDE - PLEASE AVOID OVERRIDE
I don't like that the software can limit administrators to do his
job... in the end Administrator'll always find its way to do what he
want (it's the root).
Of course I like the feature to push the Admin to follow the right
some sort of active/inactive toggle both on RBD images, pools, buckets
and filesystems trees is nice to allow admins to perform scream tests.
"data owner requests deletion - admin disables pool(kicks all clients)
- data owner screams - admin reactivates"
sounds much better then the last step beeing admin checking if the
backups are good.,..
i try to do something similar by renaming pools to be deleted but that
is not allways the same as inactive.
I like the name "scream test"... it really look like that! :)
ceph-users mailing list