Re: mkraid secret flag
WARNING: i am going to type the secret command in the following mail. if you
cannot handle it, delete it now. if you want a rational explanation for why i
would do that, read on. i am not trying to be inflammatory, just make a point.
i have been using software raid under linux for quite a while now. both my
current and prior employers are using software raid boxes that i have setup
over the past two+ years. some of the older ones are running kernel 2.0.3x and
the more recent ones are 2.2.x of some sort. some older ones are using the
0.4x raid code, the newer, 0.90.
with these 20 or so machines, i have found the 0.90 tools and kernel level
driver to be much more robust and user friendly. i can remember when raid had
a single mdtab, then MULTIPLE conf files, and now a single raidtab. the newer
versions, with the inclusion of things like martin bene's failed-disk patches,
has been one of the most useful pieces of software i have applied in an x86
server environment. by comparison, the 0.40 raid code, replete with initrds
and weird startup scripts looks quite pathetic.
while there is some point to protecting a user from system damage, the message
that is printed, and the command name needed to actually get the work done,
make the 0.90 code appear unstable or untested.
there are at least hundreds if not thousands of people on this list who use
linux, and linux software raid every day. this is code is stable, and it is
tested. it is bulletproof in comparison to the 0.4x code, and if mr cox has
his way, it will finally be in the main kernel.
as such, i feel it is time to rename the --really-force command from mkraid to
--force. to leave as-is, is just great ammunition for those who would slight
the efforts of the developers as incomplete or amaturish.
people know they are taking their own system into their hands. this is WHY
they are using linux, rather than an os that hides the real innards of the
system from them. the extra logic required to make them type the longer
command, however simple, just adds kruft to the binary, to print a message
that is a GIVEN when you are root on your box.
think about it! rm by default does not -i! and rm is potentially MUCH more
dangerous than mkraid. hell, we tell people on this list ALL THE TIME to run
mkraid --really-force on their EXISTING partitions: "it only overwrites the
raid superblock"! we dont tell people to fix problems with rm -rf * ! should
we go back and change rm to always be in -i mode? fdisk does not print such
messages. mke2fs on a clean partition? no.
i feel that mingo/gadi et al have done a fine job, and these utils need to
take the same approach as other system level programs- no convoluted messages
asking for non-disclosure, just the normal warning, and the five second pause.
raid 0.90 is almost grown up. it should act that way.
wow- that was longer than i intended on such a simple subject- sorry :)
allan noah
James Manning [EMAIL PROTECTED] said:
[ Wednesday, March 15, 2000 ] root wrote:
mkraid --**-force /dev/md0
/me attempts to get the Stupid Idea Of The Month award
Motivation: trying to keep the Sekret Flag a secret is a failed effort
(the number of linux-raid archives, esp. those that are searchable, make
this a given), and a different approach could help things tremendously.
*** Idea #1:
How about --force / -f look for $HOME/.md_force_warning_read and
if not exists:
- print huge warning (and beep thousands of times as desired)
- creat()/close() the file
if exists:
- Do the Horrifically Dangerous stuff
Benefit: everyone has to read at least once (or at a minimum create a
file that says they've read it)
Downside: adds a $HOME/ entry, relies on getenv("HOME"), etc.
*** Idea #2:
--force / -f prints a warning, prompts for input (no fancy term
tricks), and continues only on "yes" being entered (read(1,..) so
we can "echo yes |mkraid --force" in cases we want it automated).
Benefit: warning always generated
Downside: slightly more complicated to script
Both are fairly trivial patches, so I'll be glad to generate the
patch for whichever (if either :) people seem to like.
James
[PATCHES] Re: mkraid secret flag
Patches attached:
#1: allan noah's suggestion (small warning, 5 seconds, that's it)
#2: untested "it compiles" patch for warning file (with Seth's 2 week
recommendation on time-span)
[ Saturday, March 18, 2000 ] m. allan noah wrote:
think about it! rm by default does not -i!
true, although most systems (just going by RH's volume) have alias rm="rm
-i" for root (as well as a couple of other possibly-destructive commands)
i feel that mingo/gadi et al have done a fine job, and these utils need to
take the same approach as other system level programs- no convoluted messages
asking for non-disclosure, just the normal warning, and the five second pause.
raid 0.90 is almost grown up. it should act that way.
raid 0.90 maturity is orthogonal to the issue of whether we want to warn
people on a potentially destructive command. The motivation "It really
sucks to LOSE DATA!" applys equally well to Bug-Free (tm) kernel code
as to stuff in development (ie, you're willing to destroy what's on disk).
In any case, since the patches are small and easy to get almost any
warning behavior desired (or none at all), it'll boil down to distro
preference anyway.
James
--- raidtools-0.90/mkraid.c.origSun Mar 19 03:31:48 2000
+++ raidtools-0.90/mkraid.c Sun Mar 19 03:33:46 2000
@@ -68,7 +68,6 @@
int version = 0, help = 0, debug = 0;
char * configFile = RAID_CONFIG;
int force_flag = 0;
-int old_force_flag = 0;
int upgrade_flag = 0;
int no_resync_flag = 0;
int all_flag = 0;
@@ -79,8 +78,7 @@
enum mkraidFunc func;
struct poptOption optionsTable[] = {
{ "configfile", 'c', POPT_ARG_STRING, configFile, 0 },
- { "force", 'f', 0, old_force_flag, 0 },
- { "really-force", 'R', 0, force_flag, 0 },
+ { "force", 'f', 0, force_flag, 0 },
{ "upgrade", 'u', 0, upgrade_flag, 0 },
{ "dangerous-no-resync", 'r', 0, no_resync_flag, 0 },
{ "help", 'h', 0, help, 0 },
@@ -116,12 +114,8 @@
}
} else if (!strcmp (namestart, "raid0run")) {
func = raid0run;
- if (old_force_flag) {
- fprintf (stderr, "--force not possible for raid0run!\n");
- return (EXIT_FAILURE);
- }
if (force_flag) {
- fprintf (stderr, "--really-force not possible for raid0run!\n");
+ fprintf (stderr, "--force not possible for raid0run!\n");
return (EXIT_FAILURE);
}
if (upgrade_flag) {
@@ -167,23 +161,6 @@
if (getMdVersion(ver)) {
fprintf(stderr, "cannot determine md version: %s\n", strerror(errno));
- return EXIT_FAILURE;
-}
-
-if (old_force_flag (func == mkraid)) {
- fprintf(stderr,
-
-"--force and the new RAID 0.90 hot-add/hot-remove functionality should be\n"
-" used with extreme care! If /etc/raidtab is not in sync with the real array\n"
-" configuration, then a --force will DESTROY ALL YOUR DATA. It's especially\n"
-" dangerous to use -f if the array is in degraded mode. \n\n"
-" PLEASE dont mention the --really-force flag in any email, documentation or\n"
-" HOWTO, just suggest the --force flag instead. Thus everybody will read\n"
-" this warning at least once :) It really sucks to LOSE DATA. If you are\n"
-" confident that everything will go ok then you can use the --really-force\n"
-" flag. Also, if you are unsure what this is all about, dont hesitate to\n"
-" ask questions on [EMAIL PROTECTED]\n");
-
return EXIT_FAILURE;
}
--- raidtools-0.90/mkraid.c.origSun Mar 19 03:31:48 2000
+++ raidtools-0.90/mkraid.c Sun Mar 19 03:55:19 2000
@@ -68,7 +68,6 @@
int version = 0, help = 0, debug = 0;
char * configFile = RAID_CONFIG;
int force_flag = 0;
-int old_force_flag = 0;
int upgrade_flag = 0;
int no_resync_flag = 0;
int all_flag = 0;
@@ -79,8 +78,7 @@
enum mkraidFunc func;
struct poptOption optionsTable[] = {
{ "configfile", 'c', POPT_ARG_STRING, configFile, 0 },
- { "force", 'f', 0, old_force_flag, 0 },
- { "really-force", 'R', 0, force_flag, 0 },
+ { "force", 'f', 0, force_flag, 0 },
{ "upgrade", 'u', 0, upgrade_flag, 0 },
{ "dangerous-no-resync", 'r', 0, no_resync_flag, 0 },
{ "help", 'h', 0, help, 0 },
@@ -116,12 +114,8 @@
}
} else if (!strcmp (namestart, "raid0run")) {
func = raid0run;
- if (old_force_flag) {
- fprintf (stderr, "--force not possible for raid0run!\n");
- return (EXIT_FAILURE);
- }
if (force_flag) {
- fprintf (stderr, "--really-force not possible for raid0run!\n");
+ fprintf (stderr, "--force not possible for raid0run!\n");
return (EXIT_FAILURE);
}
if (upgrade_flag) {
@@ -170,8 +164,17 @@
return EXIT_FAILURE;
}
-if (old_force_flag (func == mkraid)) {
- fprintf(stderr,
+if (force_flag (func == mkraid)) {
mkraid secret flag
[ Wednesday, March 15, 2000 ] root wrote:
mkraid --**-force /dev/md0
/me attempts to get the Stupid Idea Of The Month award
Motivation: trying to keep the Sekret Flag a secret is a failed effort
(the number of linux-raid archives, esp. those that are searchable, make
this a given), and a different approach could help things tremendously.
*** Idea #1:
How about --force / -f look for $HOME/.md_force_warning_read and
if not exists:
- print huge warning (and beep thousands of times as desired)
- creat()/close() the file
if exists:
- Do the Horrifically Dangerous stuff
Benefit: everyone has to read at least once (or at a minimum create a
file that says they've read it)
Downside: adds a $HOME/ entry, relies on getenv("HOME"), etc.
*** Idea #2:
--force / -f prints a warning, prompts for input (no fancy term
tricks), and continues only on "yes" being entered (read(1,..) so
we can "echo yes |mkraid --force" in cases we want it automated).
Benefit: warning always generated
Downside: slightly more complicated to script
Both are fairly trivial patches, so I'll be glad to generate the
patch for whichever (if either :) people seem to like.
James
Re: mkraid secret flag
How about --force / -f look for $HOME/.md_force_warning_read and if not exists: - print huge warning (and beep thousands of times as desired) - creat()/close() the file how about an expiration on the timestamp on this file ie: if the time is longer than 2 weeks make them read it again. I know I forget all sorts of warnings after a while :) -sv
