Re: [pve-devel] [PATCH manager 4/6] api: mon: mds: osd: add safety check endpoints

[Thomas Lamprecht <t.lamprecht@proxmox.com>]

On 14.03.22 17:49, Aaron Lauterer wrote:
> On 2/22/22 09:44, Thomas Lamprecht wrote:
>> On 18.02.22 12:38, Aaron Lauterer wrote:
> [...]
> 
>>
>> In general I see lots of repetition, and in this case I'd rather have a single
>> enpoint that accepts one (or maybe better a list of) service-type(s), and an
>> action (stop/destroy) let's encode in the name (or at least description) that
>> it's a heuristical check, besides things that we possible miss to observe we
>> could never make it 100% safe as we cannot lock the whole ceph cluster between
>> checking and doing an operation, so this will always be a TOCTOU race that
>> expects the admins to have some change management so that they do not interfere
>> with each others maintenance work.
>>
>> So either `/nodes/<nodename>/ceph/cmd-safety-heuristic` or drop the heuristic
>> from the path and just refer to that detail in the description (which shows up
>> in the api viewer, so should be good enough) `/nodes/<nodename>/ceph/cmd-safety`
>>
>> params could be: node, type, id and command
> 
> So IIUC, you prefer to not use the Ceph names transparently?
> 'ok-to-stop', 'ok-to-rm', 'safe-to-destroy'; yes, for Mons it is 'ok-to-rm' and for OSDs 'safe-to-destroy'...

yes, I'd abstract those details away.

> 
> But rather to have our own with the list of services (mon, mds, osd), its ID and then the action of either "stop" or "destroy"?
> 
Yes, one endpoint with type, and (abstract) action.

> And ideally, the option to pass a list of IDs?

the list is really optional, we don't have batch actions for destroy so it would
be a bit superfluous, and we can always adapt the endpoint to take a new ids-list
parameter in the future, if we really require it.