mon/OSDMonitor: require mon_allow_pool_delete = true to remove pools

This is a simple safety check.  Since we default to true it is currently
opt-in.

Backport: giant, firefly
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 6b982e4cc00f9f201d7fbffa0282f8f3295f2309)

Conflicts:
     src/test/mon/osd-pool-create.sh

     Changed $CEPH_MON to 127.0.0.1 -- the CEPH_MON was introduced after
     firefly to allow tests to run in parallel. Back in firefly all tests
     use the same port because 127.0.0.1 was hardcoded. We can't
     conveniently backport all that's necessary for tests to run in
     parallel, therefore we keep the 127.0.0.1 hardcoded.

Conflicts:
	src/test/mon/osd-pool-create.sh
            TEST_no_pool_delete() follows a different test than in master

diff --git a/src/common/config_opts.h b/src/common/config_opts.h
index d8ecdc70357c764a78cff6045c45df1a3059a264..2001acc3f187a1da56e718d6f18afe050578cdb1 100644 (file)
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@@ -172,6 +172,7 @@ OPTION(mon_pg_warn_min_pool_objects, OPT_INT, 1000)  // do not warn on pools bel
 OPTION(mon_cache_target_full_warn_ratio, OPT_FLOAT, .66) // position between pool cache_target_full and max where we start warning
 OPTION(mon_osd_full_ratio, OPT_FLOAT, .95) // what % full makes an OSD "full"
 OPTION(mon_osd_nearfull_ratio, OPT_FLOAT, .85) // what % full makes an OSD near full
+OPTION(mon_allow_pool_delete, OPT_BOOL, true) // allow pool deletion
 OPTION(mon_globalid_prealloc, OPT_INT, 100)   // how many globalids to prealloc
 OPTION(mon_osd_report_timeout, OPT_INT, 900)    // grace period before declaring unresponsive OSDs dead
 OPTION(mon_force_standby_active, OPT_BOOL, true) // should mons force standby-replay mds to be active

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 9fac2c9aec53c798644ca6a08ad63741c58cbdd5..3558551c5f706f83ff05f1468ae8f7c2588c7ef7 100644 (file)
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -5993,6 +5993,12 @@ int OSDMonitor::_check_remove_pool(int64_t pool, const pg_pool_t *p,
     }
     return -EBUSY;
   }
+
+  if (!g_conf->mon_allow_pool_delete) {
+    *ss << "pool deletion is disabled; you must first set the mon_allow_pool_delete config option to true before you can destroy a pool";
+    return -EPERM;
+  }
+
   *ss << "pool '" << poolstr << "' removed";
   return 0;
 }

diff --git a/src/test/mon/osd-pool-create.sh b/src/test/mon/osd-pool-create.sh
index ef18eb57bd26c7f89d23c644c64be24e20772511..b276f8880c57a943d0ed1d287c230222c14c11a5 100755 (executable)
--- a/src/test/mon/osd-pool-create.sh
+++ b/src/test/mon/osd-pool-create.sh
@@ -16,6 +16,12 @@
 #
 source test/mon/mon-test-helpers.sh
 
+function expect_false()
+{
+    set -x
+    if "$@"; then return 1; else return 0; fi
+}
+
 function run() {
     local dir=$1
 
@@ -244,6 +250,16 @@ function TEST_utf8_cli() {
     ./ceph osd pool delete 黄 黄 --yes-i-really-really-mean-it
 }
 
+function TEST_no_pool_delete() {
+    local dir=$1
+    run_mon $dir a --public-addr 127.0.0.1
+    ./ceph osd pool create foo 1
+    ./ceph tell mon.a injectargs -- --no-mon-allow-pool-delete
+    expect_false ./ceph osd pool delete foo foo --yes-i-really-really-mean-it
+    ./ceph tell mon.a injectargs -- --mon-allow-pool-delete
+    ./ceph osd pool delete foo foo --yes-i-really-really-mean-it
+}
+
 main osd-pool-create
 
 # Local Variables: