[ovs-dev] Read only versions of the *ctl binaries
Ryan Moats
rmoats at us.ibm.com
Mon Aug 1 18:14:31 UTC 2016
Ben Pfaff <blp at ovn.org> wrote on 08/01/2016 12:49:16 PM:
> From: Ben Pfaff <blp at ovn.org>
> To: Ryan Moats/Omaha/IBM at IBMUS
> Cc: Kyle Mestery/Silicon Valley/IBM at IBMUS, "dev at openvswitch.org"
> <dev at openvswitch.org>
> Date: 08/01/2016 12:49 PM
> Subject: Re: [ovs-dev] Read only versions of the *ctl binaries
>
> On Mon, Aug 01, 2016 at 12:00:17PM -0500, Ryan Moats wrote:
> > When it comes to ovs-appctl, we're looking to set log level access
only.
> > Since this doesn't really fit into what I think of when I see
"--dry-run",
> > I'm wondering if this variation of the wrapper concept above
> > would do the trick:
> >
> > #! /bin/sh
> > # <code to limit $1 to proper targets>
> > # <code to limit $2 to proper log levels>
> > exec /real/path/to/ovs-appctl vlog/set "$1:$2"
>
> Makes sense to me.
>
> I've also been pondering the difference between --dry-run, which allows
> but essentially ignores any command that writes, and some new option we
> might invent like --read-only, which would reject with an error any
> command that writes. --dry-run might be surprising given that it would
> accept silently any command that modifies state.
>
Ack - that was my original idea, but I admit that it gets more intrusive.
Because of the silent accept, I'm writing the gamut of smoke tests
to make sure that the calling write commands with dry-run doesn't
actually *do* anything.
More information about the dev
mailing list