2007/12/5, Lars Marowsky-Bree <[EMAIL PROTECTED]>:
> On 2007-12-04T21:29:35, Xinwei Hu <[EMAIL PROTECTED]> wrote:
>
> > > The more dangerous commands usually require a --force option on other
> > > tools. (fsck, mkfs, rpm, drbdadm, ...)
> > The reason that I don't go this way is concerning the portability.
> > getopt_long is not a POSIX standard AFAIK.
>
> Then make it -f or --force; that would be acceptable as well.
>
> > > For cibadmin, -E, -r, (-b, -h, -l for write commands) seem safe
> > > candidates.
> > >
> > > Reading y/n from stdin is not a good approach; the commands might
> > > require the XML to be on stdin.
> > You are right.
> > So how about let the process give verbose warning message on dangerous
> > options and sleep N seconds before proceeding ?
>
> I don't like sleeping tools. That is annoying in scripts, and when you
> really want the system to do something _now_.
>
> I prefer the -f/--force approach, as it's the most common way on
> Unix/Linux.
OK. I picked -Z/--do-what-i-say then. :)
-E/-r/-w/-b/-f are considered dangerous now.
Also, exit when non-option ARGV-elements are found, as suggested by Dejan.
>
> Regards,
> Lars
>
> --
> Teamlead Kernel, SuSE Labs, Research and Development
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
> "Experience is the name everyone gives to their mistakes." -- Oscar Wilde
>
> _______________________________________________________
> Linux-HA-Dev: [email protected]
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
>
--- ../dev-dsk/crm/admin/cibadmin.c 2007-09-24 13:57:31.000000000 +0800
+++ crm/admin/cibadmin.c 2007-12-05 01:03:45.000000000 +0800
@@ -88,13 +88,15 @@
int operation_status = 0;
cib_t *the_cib = NULL;
-#define OPTARGS "V?o:QDUCEX:t:Srwlsh:MmBfbdRx:pP5"
+#define OPTARGS "V?o:QDUCEX:t:Srwlsh:MmBfbdRx:pP5Z"
int
main(int argc, char **argv)
{
int argerr = 0;
int flag;
+ int cib_dangerous = 0;
+ int cib_forcerun = 0;
char *admin_input_xml = NULL;
char *admin_input_file = NULL;
gboolean admin_input_stdin = FALSE;
@@ -133,6 +135,7 @@
{"help", 0, 0, '?'},
{"reference", 1, 0, 0},
{"timeout", 1, 0, 't'},
+ {"do-what-i-say", 0, 0, 'Z'},
/* common options */
{"obj_type", 1, 0, 'o'},
@@ -184,6 +187,7 @@
case 'E':
cib_action = CIB_OP_ERASE;
+ cib_dangerous = 1;
break;
case 'Q':
cib_action = CIB_OP_QUERY;
@@ -222,10 +226,12 @@
break;
case 'r':
cib_action = CIB_OP_SLAVE;
+ cib_dangerous = 1;
break;
case 'w':
cib_action = CIB_OP_MASTER;
command_options |= cib_scope_local;
+ cib_dangerous = 1;
break;
case 'V':
command_options = command_options | cib_verbose;
@@ -259,13 +265,18 @@
case 'b':
command_options |= cib_inhibit_bcast;
command_options |= cib_scope_local;
+ cib_dangerous = 1;
break;
case 's':
command_options |= cib_sync_call;
break;
case 'f':
command_options |= cib_quorum_override;
+ cib_dangerous = 1;
break;
+ case 'Z':
+ cib_forcerun = 1;
+ break;
default:
printf("Argument code 0%o (%c)"
" is not (?yet?) supported\n",
@@ -280,6 +291,7 @@
while (optind < argc)
printf("%s ", argv[optind++]);
printf("\n");
+ exit(LSB_EXIT_EINVAL);
}
if (optind > argc) {
@@ -294,6 +306,12 @@
usage(crm_system_name, LSB_EXIT_GENERIC);
}
+ if (cib_dangerous && !cib_forcerun) {
+ fprintf(stdout, "You are about to run dangerous commands. Unless --do-what-i-say is gaven, the command will not run.\n");
+ fflush(stdout);
+ exit(LSB_EXIT_EINVAL);
+ }
+
if(admin_input_file != NULL) {
FILE *xml_strm = fopen(admin_input_file, "r");
input = file2xml(xml_strm, FALSE);
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/