Hi Hu,

Am Dienstag 04 Dezember 2007 14:29:35 schrieb Xinwei Hu:
> 2007/12/4, Lars Marowsky-Bree <[EMAIL PROTECTED]>:
> > On 2007-12-04T00:20:15, Xinwei Hu <[EMAIL PROTECTED]> wrote:
> > > Hi all,
> > >
> > >    We have a instance about cibadmin recently. A typo of 'cibadmin -r
> > > blahblah' forces the HA into RO mode without any warning, and the
> > > field engineer almost panic. ;)
> >
> > I like the direction.

Me too.

> > The more dangerous commands usually require a --force option on other
> > tools. (fsck, mkfs, rpm, drbdadm, ...)
>
> The reason that I don't go this way is concerning the portability.
> getopt_long is not a POSIX standard AFAIK.

Most, if not all heartbeat commands already take long options. I cannot see 
your problem here.

> > Reading y/n from stdin is not a good approach; the commands might
> > require the XML to be on stdin.
>
> You are right.
> So how about let the process give verbose warning message on dangerous
> options and sleep N seconds before proceeding ?

Noo! Please just add a second option (even a short one like in rm -rf).
Without the second option, if stdin is a tty, then ask for confirmation else 
fail (more safe) or go on (more backward compatible). That way, there is no 
more SPOF - and that is all I want heartbeat to do for me :-)

Just my 2ct

Joachim
 
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to