Bug 1703606
| Summary: | Prompt before destroying cluster | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Robert Bost <rbost> |
| Component: | Installer | Assignee: | Abhinav Dahiya <adahiya> |
| Installer sub component: | openshift-installer | QA Contact: | Johnny Liu <jialiu> |
| Status: | CLOSED NOTABUG | Docs Contact: | |
| Severity: | medium | ||
| Priority: | low | CC: | bleanhar |
| Version: | 4.1.0 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.2.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-07-03 01:06:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1664187 | ||
|
Description
Robert Bost
2019-04-26 21:36:29 UTC
(In reply to Robert Bost from comment #0) > Description of problem: > Running `./openshift-install destroy cluster` immediately begins deleting > items from cluster. It would be worthwhile to introduce an 'Are you sure' > prompt here. Why did you run the destroy cluster command if you didn't want to destroy the cluster? (In reply to Abhinav Dahiya from comment #1) > (In reply to Robert Bost from comment #0) > > Description of problem: > > Running `./openshift-install destroy cluster` immediately begins deleting > > items from cluster. It would be worthwhile to introduce an 'Are you sure' > > prompt here. > > Why did you run the destroy cluster command if you didn't want to destroy > the cluster? currently all users expect to destroy cluster without approval. therefore this is going to be a API breaking change for a lot of users with scripts. Therefore we want to collect from information from users that would want such a change. Personally this is inline with other UNIX programs that *just* do the job when invoked. > Why did you run the destroy cluster command if you didn't want to destroy > the cluster? Sorry, I should have been more clear in my bug description (I filed it on a Friday evening). I think we would be doing an end user a favor asking them if they are sure before destroying the entire cluster. > currently all users expect to destroy cluster without approval. therefore > this is going to be a API breaking change for a lot of users with scripts. > Therefore we want to collect from information from users that would want > such a change. > > Personally this is inline with other UNIX programs that *just* do the job > when invoked. That's fine, if this can't be done it can't be done. I'm at least going to move this out of 4.1 since it's not a blocker. One thing we might want to consider some form of safety net in the case of production clusters. It's not like a user isn't intending to delete a cluster, they might not be deleting the cluster they think they are deleting though. The good news with Openshift 4 is that admins won't likely interact with the installer once a cluster has reached "production" level as much as in OpenShift 3, meaning, the risks probably aren't as high. In any case, it's worth considering some sort of 'deletion protection' flag that could optionally be set on a cluster in some way. This would be consistent with some cloud providers (I'm thinking about AWS termination protection). (In reply to Robert Bost from comment #3) > > Why did you run the destroy cluster command if you didn't want to destroy > > the cluster? > > Sorry, I should have been more clear in my bug description (I filed it on a > Friday evening). I think we would be doing an end user a favor asking them > if they are sure before destroying the entire cluster. > > > currently all users expect to destroy cluster without approval. therefore > > this is going to be a API breaking change for a lot of users with scripts. > > Therefore we want to collect from information from users that would want > > such a change. > > > > Personally this is inline with other UNIX programs that *just* do the job > > when invoked. > > That's fine, if this can't be done it can't be done. So 1) this is not a bug, but an RFE which should be tracked https://jira.coreos.com/secure/RapidBoard.jspa?rapidView=165&view=detail 2) we believe that the prompt before destroy is not necessary as the command itself is the permission. Sorry for the long delay. I've filed https://issues.redhat.com/browse/RFE-646 |