Revert "mon: implement safety interlock for deleting pools"

This reverts commit c993ac9b1fa4037f4cc2674455728ee38a7c978b.

This is too hard to test.  Requiring the pool name twice along with
--yes-i-really-really-mean-it should be sufficient.

Signed-off-by: Sage Weil <sage@inktank.com>

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 96e2aa12ea741caf369c87ca2c0a69a8e198abad..226229591d3e4e9c4dcfce8eba59c64411d071a3 100644 (file)
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -61,7 +61,6 @@ static ostream& _prefix(std::ostream *_dout, Monitor *mon, OSDMap& osdmap) {
 /************ MAPS ****************/
 OSDMonitor::OSDMonitor(Monitor *mn, Paxos *p)
   : PaxosService(mn, p),
-    delete_pool_nonce(0),
     thrash_map(0), thrash_last_up_osd(-1)
 {
   // we need to trim this too
@@ -2780,50 +2779,19 @@ bool OSDMonitor::prepare_command(MMonCommand *m)
        paxos->wait_for_commit(new Monitor::C_Command(mon, m, 0, rs, paxos->get_version()));
        return true;
       } else if (m->cmd[2] == "delete" && m->cmd.size() >= 4) {
-       // osd pool delete <poolname> <poolname again> <nonce>
-       // hey, let's delete a pool!
+       //hey, let's delete a pool!
        int64_t pool = osdmap.lookup_pg_pool_name(m->cmd[3].c_str());
        if (pool < 0) {
          ss << "pool '" << m->cmd[3] << "' does not exist";
          err = 0;
-         goto out;
-       }
-       if (m->cmd.size() < 6) {
-         delete_pool_nonce = rand();
-         delete_pool_nonce_timeout = ceph_clock_now(g_ceph_context);
-         delete_pool_nonce_timeout += 30;
-         ss << "WARNING: this will efficiently **DESTROY** an entire pool of data.  if you are ABSOLUTELY CERTAIN"
-            << " that this is what you want to do, retry listing the pool name twice, followed by " << delete_pool_nonce
-            << " within 30 seconds.";
-         err = -EPERM;
-         goto out;
-       }
-       assert(m->cmd.size() >= 6);
-       if (m->cmd[4] != m->cmd[3]) {
-         ss << "ERROR: you must list the pool name you want to **DESTROY** twice";
-         err = -EPERM;
-         goto out;
-       }
-       unsigned safety = atol(m->cmd[5].c_str());
-       if (safety != delete_pool_nonce) {
-         ss << "ERROR: did not confirm pool deletion with correct confirmation; " << safety << " != " << delete_pool_nonce << "; try again";
-         err = -EPERM;
-         goto out;
-       }
-       if (ceph_clock_now(g_ceph_context) > delete_pool_nonce_timeout) {
-         ss << "ERROR: did not confirm pool deletion within 30 seconds; try again";
-         err = -EPERM;
-         goto out;
+       } else {
+         int ret = _prepare_remove_pool(pool);
+         if (ret == 0)
+           ss << "pool '" << m->cmd[3] << "' deleted";
+         getline(ss, rs);
+         paxos->wait_for_commit(new Monitor::C_Command(mon, m, ret, rs, paxos->get_version()));
+         return true;
        }
-       assert(safety == delete_pool_nonce);
-       delete_pool_nonce = 0;
-       delete_pool_nonce_timeout = utime_t();
-       int ret = _prepare_remove_pool(pool);
-       if (ret == 0)
-         ss << "pool '" << m->cmd[3] << "' deleted";
-       getline(ss, rs);
-       paxos->wait_for_commit(new Monitor::C_Command(mon, m, ret, rs, paxos->get_version()));
-       return true;
       } else if (m->cmd[2] == "rename" && m->cmd.size() == 5) {
        int64_t pool = osdmap.lookup_pg_pool_name(m->cmd[3].c_str());
        if (pool < 0) {

diff --git a/src/mon/OSDMonitor.h b/src/mon/OSDMonitor.h
index e389c65e825f155af3dca648f98bbfdc5350cbfe..9529f731c84e7f52374110d504a8f3bec2f9eaa8 100644 (file)
--- a/src/mon/OSDMonitor.h
+++ b/src/mon/OSDMonitor.h
@@ -123,9 +123,6 @@ private:
 
   map<int,double> osd_weight;
 
-  unsigned delete_pool_nonce;        // safety interlock for removing pools
-  utime_t delete_pool_nonce_timeout;
-
   void check_failures(utime_t now);
   bool check_failure(utime_t now, int target_osd, failure_info_t& fi);