2007/12/5, Lars Marowsky-Bree <[EMAIL PROTECTED]>:
> On 2007-12-04T21:29:35, Xinwei Hu <[EMAIL PROTECTED]> wrote:
>
> > > The more dangerous commands usually require a --force option on other
> > > tools. (fsck, mkfs, rpm, drbdadm, ...)
> > The reason that I don't go this way is concerning the portability.
> > getopt_long is not a POSIX standard AFAIK.
>
> Then make it -f or --force; that would be acceptable as well.
>
> > > For cibadmin, -E, -r, (-b, -h, -l for write commands) seem safe
> > > candidates.
> > >
> > > Reading y/n from stdin is not a good approach; the commands might
> > > require the XML to be on stdin.
> > You are right.
> > So how about let the process give verbose warning message on dangerous
> > options and sleep N seconds before proceeding ?
>
> I don't like sleeping tools. That is annoying in scripts, and when you
> really want the system to do something _now_.
>
> I prefer the -f/--force approach, as it's the most common way on
> Unix/Linux.
OK. I picked -Z/--do-what-i-say then. :)
-E/-r/-w/-b/-f are considered dangerous now.
Also,  exit when non-option ARGV-elements are found, as suggested by Dejan.
>
> Regards,
>     Lars
>
> --
> Teamlead Kernel, SuSE Labs, Research and Development
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
> "Experience is the name everyone gives to their mistakes." -- Oscar Wilde
>
> _______________________________________________________
> Linux-HA-Dev: [email protected]
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
>
--- ../dev-dsk/crm/admin/cibadmin.c	2007-09-24 13:57:31.000000000 +0800
+++ crm/admin/cibadmin.c	2007-12-05 01:03:45.000000000 +0800
@@ -88,13 +88,15 @@
 int operation_status = 0;
 cib_t *the_cib = NULL;
 
-#define OPTARGS	"V?o:QDUCEX:t:Srwlsh:MmBfbdRx:pP5"
+#define OPTARGS	"V?o:QDUCEX:t:Srwlsh:MmBfbdRx:pP5Z"
 
 int
 main(int argc, char **argv)
 {
 	int argerr = 0;
 	int flag;
+	int cib_dangerous = 0;
+	int cib_forcerun = 0;
 	char *admin_input_xml = NULL;
 	char *admin_input_file = NULL;
 	gboolean admin_input_stdin = FALSE;
@@ -133,6 +135,7 @@
 		{"help",        0, 0, '?'},
 		{"reference",   1, 0, 0},
 		{"timeout",	1, 0, 't'},
+		{"do-what-i-say", 0, 0, 'Z'},
 
 		/* common options */
 		{"obj_type", 1, 0, 'o'},
@@ -184,6 +187,7 @@
 				
 			case 'E':
 				cib_action = CIB_OP_ERASE;
+				cib_dangerous = 1;
 				break;
 			case 'Q':
 				cib_action = CIB_OP_QUERY;
@@ -222,10 +226,12 @@
 				break;
 			case 'r':
 				cib_action = CIB_OP_SLAVE;
+				cib_dangerous = 1;
 				break;
 			case 'w':
 				cib_action = CIB_OP_MASTER;
 				command_options |= cib_scope_local;
+				cib_dangerous = 1;
 				break;
 			case 'V':
 				command_options = command_options | cib_verbose;
@@ -259,13 +265,18 @@
 			case 'b':
 				command_options |= cib_inhibit_bcast;
 				command_options |= cib_scope_local;
+				cib_dangerous = 1;
 				break;
 			case 's':
 				command_options |= cib_sync_call;
 				break;
 			case 'f':
 				command_options |= cib_quorum_override;
+				cib_dangerous = 1;
 				break;
+			case 'Z':
+				cib_forcerun = 1;
+				break;	
 			default:
 				printf("Argument code 0%o (%c)"
 				       " is not (?yet?) supported\n",
@@ -280,6 +291,7 @@
 		while (optind < argc)
 			printf("%s ", argv[optind++]);
 		printf("\n");
+		exit(LSB_EXIT_EINVAL);
 	}
 
 	if (optind > argc) {
@@ -294,6 +306,12 @@
 		usage(crm_system_name, LSB_EXIT_GENERIC);
 	}
 	
+	if (cib_dangerous && !cib_forcerun) {
+		fprintf(stdout, "You are about to run dangerous commands. Unless --do-what-i-say is gaven, the command will not run.\n");
+		fflush(stdout);
+		exit(LSB_EXIT_EINVAL);
+	}
+
 	if(admin_input_file != NULL) {
 		FILE *xml_strm = fopen(admin_input_file, "r");
 		input = file2xml(xml_strm, FALSE);
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to