On Tue, 19 Mar 2013, Laszlo Boszormenyi (GCS) wrote: > On Tue, 2013-03-19 at 13:51 -0700, Sage Weil wrote: > > On Tue, 19 Mar 2013, Dan Mick wrote: > > > Is there a way out if you remove the keyrings? > > > > Yeah; you can use the keyring in the mon data dir to refetch any keyrings > > you deleted from /etc/ceph/. > But if packages are purged on mon as well... > > > I don't disagree with any of this discussion, BTW; I ask the question > > because I want to understand what the packaging best-practices are before > > we put our foot down for what is "right". > Actually there are two methods to uninstall a package from the system. > One is '-r' or '--remove' options of dpkg . As it's name and the > manpage confirms: "Remove an installed package. -r or --remove remove > everything _except conffiles_. This may avoid having to reconfigure the > package if it is reinstalled later.". The second is '-P' or '--purge', > which stands for '[...] removes everything, including conffiles.". > Debian policy chapter 10 [1] writes about files and their handling. Its > subchapter 10.7 [2] talks about configuration files. Their handling is > expressed in subchapter 6.8 [3]. > > In short, if user asks to purge the package, then the keys have to be > removed as well. If someone thinks about a reinstallation, s/he should > use remove instead. To be safe, I see one option. On purge, a debconf > message can be displayed notifying the user about the keys are going to > be removed as well. Abort of purge or backup of keys can be offered, > based on the choice. The keys aren't a problem; they are still in the mon database (/var/lib/ceph/mon/...). The real question is whether purge should remove /var/lib/ceph and /var/log/ceph... sage -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html