From 7797ed67d2f9140b7eb9f182b06d04233e1e309c Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Sat, 7 Apr 2018 14:40:38 -0500 Subject: [PATCH] mon/OSDMonitor: require --yes-i-really-mean-it for force-create-pg This command declares data loss permanent. Be sure the user really means it. Signed-off-by: Sage Weil --- PendingReleaseNotes | 6 ++++++ src/mon/MonCommands.h | 3 ++- src/mon/OSDMonitor.cc | 7 +++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/PendingReleaseNotes b/PendingReleaseNotes index 031b15b3a858c..5cbf328bc05b8 100644 --- a/PendingReleaseNotes +++ b/PendingReleaseNotes @@ -209,3 +209,9 @@ method. See http://docs.ceph.com/docs/luminous/mgr/restful for details. first need to define a username and password. See the documentation for a feature overview and installation instructions: http://docs.ceph.com/docs/master/mgr/dashboard/ + +* The 'osd force-create-pg' command now requires a force option to + proceed because the command is dangerous: it declares that data loss + is permanent and instructs the cluster to proceed with an empty PG + in its place, without making any further efforts to find the missing + data. diff --git a/src/mon/MonCommands.h b/src/mon/MonCommands.h index 01079e95b5e32..24bf1e4242158 100644 --- a/src/mon/MonCommands.h +++ b/src/mon/MonCommands.h @@ -825,7 +825,8 @@ COMMAND("osd reweightn " \ "reweight osds with {: ,...})", "osd", "rw", "cli,rest") COMMAND("osd force-create-pg " \ - "name=pgid,type=CephPgid ", + "name=pgid,type=CephPgid,"\ + "name=sure,type=CephChoices,strings=--yes-i-really-mean-it,req=false", \ "force creation of pg ", "osd", "rw", "cli,rest") COMMAND("osd pg-temp " \ diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc index 2989e7b4c199d..ad012cb0adc49 100644 --- a/src/mon/OSDMonitor.cc +++ b/src/mon/OSDMonitor.cc @@ -11559,6 +11559,13 @@ bool OSDMonitor::prepare_command_impl(MonOpRequestRef op, err = -ENOENT; goto reply; } + string sure; + cmd_getval(cct, cmdmap, "sure", sure); + if (sure != "--yes-i-really-mean-it") { + ss << "This command will recreate a lost (as in data lost) PG with data in it, such that the cluster will give up ever trying to recover the lost data. Do this only if you are certain that all copies of the PG are in fact lost and you are willing to accept that the data is permanently destroyed. Pass --yes-i-really-mean-it to proceed."; + err = -EPERM; + goto reply; + } bool creating_now; { std::lock_guard l(creating_pgs_lock); -- 2.39.5