I agree as well. We shouldn't be deleting any data without the explicit consent of the user. The approach proposed by MS is better than the earlier approach. ~kaushal On Tue, Jun 3, 2014 at 1:02 AM, M S Vishwanath Bhat <msvbhat at gmail.com> wrote:> > > > On 2 June 2014 20:22, Vijay Bellur <vbellur at redhat.com> wrote: >> >> On 04/23/2014 05:50 AM, Vijay Bellur wrote: >>> >>> On 04/20/2014 11:42 PM, Lalatendu Mohanty wrote: >>>> >>>> On 04/16/2014 11:39 AM, Avra Sengupta wrote: >>>>> >>>>> The whole purpose of introducing the soft-limit is, that at any point >>>>> of time the number of >>>>> snaps should not exceed the hard limit. If we trigger auto-delete on >>>>> hitting hard-limit, then >>>>> the purpose itself is lost, because at that point we would be taking a >>>>> snap, making the limit >>>>> hard-limit + 1, and then triggering auto-delete, which violates the >>>>> sanctity of the hard-limit. >>>>> Also what happens when we are at hard-limit + 1, and another snap is >>>>> issued, while auto-delete >>>>> is yet to process the first delete. At that point we end up at >>>>> hard-limit + 1. Also what happens >>>>> if for a particular snap the auto-delete fails. >>>>> >>>>> We should see the hard-limit, as something set by the admin keeping in >>>>> mind the resource consumption >>>>> and at no-point should we cross this limit, come what may. If we hit >>>>> this limit, the create command >>>>> should fail asking the user to delete snaps using the "snapshot >>>>> delete" command. >>>>> >>>>> The two options Raghavendra mentioned are applicable for the >>>>> soft-limit only, in which cases on >>>>> hitting the soft-limit >>>>> >>>>> 1. Trigger auto-delete >>>>> >>>>> or >>>>> >>>>> 2. Log a warning-message, for the user saying the number of snaps is >>>>> exceeding the snap-limit and >>>>> display the number of available snaps >>>>> >>>>> Now which of these should happen also depends on the user, because the >>>>> auto-delete option >>>>> is configurable. >>>>> >>>>> So if the auto-delete option is set as true, auto-delete should be >>>>> triggered and the above message >>>>> should also be logged. >>>>> >>>>> But if the option is set as false, only the message should be logged. >>>>> >>>>> This is the behaviour as designed. Adding Rahul, and Seema in the >>>>> mail, to reflect upon the >>>>> behaviour as well. >>>>> >>>>> Regards, >>>>> Avra >>>> >>>> >>>> This sounds correct. However we need to make sure that the usage or >>>> documentation around this should be good enough , so that users >>>> understand the each of the limits correctly. >>>> >>> >>> It might be better to avoid the usage of the term "soft-limit". >>> soft-limit as used in quota and other places generally has an alerting >>> connotation. Something like "auto-deletion-limit" might be better. >>> >> >> I still see references to "soft-limit" and auto deletion seems to get >> triggered upon reaching soft-limit. >> >> Why is the ability to auto delete not configurable? It does seem pretty >> nasty to go about deleting snapshots without obtaining explicit consent from >> the user. > > > I agree with Vijay here. It's not good to delete a snap (even though it is > oldest) without the explicit consent from user. > > FYI It took me more than 2 weeks to figure out that my snaps were getting > autodeleted after reaching "soft-limit". For all I know I had not done > anything and my snap restore were failing. > > I propose to remove the terms "soft" and "hard" limit. I believe there > should be a limit (just "limit") after which all snapshot creates should > fail with proper error messages. And there can be a water-mark after which > user should get warning messages. So below is my proposal. > > auto-delete + snap-limit: If the snap-limit is set to n, next snap create > (n+1th) will succeed only if if auto-delete is set to on/true/1 and oldest > snap will get deleted automatically. If autodelete is set to off/false/0 , > (n+1)th snap create will fail with proper error message from gluster CLI > command. But again by default autodelete should be off. > > snap-water-mark: This should come in picture only if autodelete is turned > off. It should not have any meaning if auto-delete is turned ON. Basically > it's usage is to give the user warning that limit almost being reached and > it is time for admin to decide which snaps should be deleted (or which > should be kept) > > *my two cents* > > -MS > >> >> >> Cheers, >> >> Vijay >> >> _______________________________________________ >> Gluster-devel mailing list >> Gluster-devel at gluster.org >> http://supercolony.gluster.org/mailman/listinfo/gluster-devel > > > > _______________________________________________ > Gluster-devel mailing list > Gluster-devel at gluster.org > http://supercolony.gluster.org/mailman/listinfo/gluster-devel >