From 6b982e4cc00f9f201d7fbffa0282f8f3295f2309 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Fri, 16 Jan 2015 07:54:22 -0800
Subject: [PATCH] mon/OSDMonitor: require mon_allow_pool_delete = true to
 remove pools

This is a simple safety check.  Since we default to true it is currently
opt-in.

Backport: giant, firefly
Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/common/config_opts.h        |  1 +
 src/mon/OSDMonitor.cc           |  6 ++++++
 src/test/mon/osd-pool-create.sh | 16 ++++++++++++++++
 3 files changed, 23 insertions(+)

diff --git a/src/common/config_opts.h b/src/common/config_opts.h
index 08739c417205..080a8d0347eb 100644
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@@ -190,6 +190,7 @@ OPTION(mon_pg_warn_min_pool_objects, OPT_INT, 1000)  // do not warn on pools bel
 OPTION(mon_cache_target_full_warn_ratio, OPT_FLOAT, .66) // position between pool cache_target_full and max where we start warning
 OPTION(mon_osd_full_ratio, OPT_FLOAT, .95) // what % full makes an OSD "full"
 OPTION(mon_osd_nearfull_ratio, OPT_FLOAT, .85) // what % full makes an OSD near full
+OPTION(mon_allow_pool_delete, OPT_BOOL, true) // allow pool deletion
 OPTION(mon_globalid_prealloc, OPT_INT, 100)   // how many globalids to prealloc
 OPTION(mon_osd_report_timeout, OPT_INT, 900)    // grace period before declaring unresponsive OSDs dead
 OPTION(mon_force_standby_active, OPT_BOOL, true) // should mons force standby-replay mds to be active
diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 5e9ea17c880f..71a80ee4dd18 100644
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -6453,6 +6453,12 @@ int OSDMonitor::_check_remove_pool(int64_t pool, const pg_pool_t *p,
     }
     return -EBUSY;
   }
+
+  if (!g_conf->mon_allow_pool_delete) {
+    *ss << "pool deletion is disabled; you must first set the mon_allow_pool_delete config option to true before you can destroy a pool";
+    return -EPERM;
+  }
+
   *ss << "pool '" << poolstr << "' removed";
   return 0;
 }
diff --git a/src/test/mon/osd-pool-create.sh b/src/test/mon/osd-pool-create.sh
index 1cae8a644a1c..428bfe06defb 100755
--- a/src/test/mon/osd-pool-create.sh
+++ b/src/test/mon/osd-pool-create.sh
@@ -17,6 +17,12 @@
 #
 source test/mon/mon-test-helpers.sh
 
+function expect_false()
+{
+    set -x
+    if "$@"; then return 1; else return 0; fi
+}
+
 function run() {
     local dir=$1
 
@@ -220,6 +226,16 @@ function TEST_replicated_pool() {
         grep 'cannot change to type erasure' || return 1
 }
 
+function TEST_no_pool_delete() {
+    local dir=$1
+    run_mon $dir a --public-addr $CEPH_MON
+    ./ceph osd pool create foo 1
+    ./ceph tell mon.a injectargs -- --no-mon-allow-pool-delete
+    expect_false ./ceph osd pool delete foo foo --yes-i-really-really-mean-it
+    ./ceph tell mon.a injectargs -- --mon-allow-pool-delete
+    ./ceph osd pool delete foo foo --yes-i-really-really-mean-it
+}
+
 
 main osd-pool-create
 
-- 
2.47.3