we are running Cassandra in AWS and On-Premise at customer sites, currently 2.1 in production with 3.11 in loadtest.
In a migration path from 2.1 to 3.11.x, I’m afraid that at some point in time we end up in incremental repairs being enabled / ran a first time unintentionally, cause:
a) A lot of online resources / examples do not use the -full command-line option
b) Our internal (support) tickets of course also state nodetool repair command without the -full option, as these are for 2.1
Especially for On-Premise customers (with less control than with our AWS deployments), this asks a bit for getting out-of-control once we have 3.11 out and nodetool repair being run without the -full command-line option.
So, what do you think about a JVM system property, cassandra.yaml … to basically let the operator chose if incremental repairs are allowed or not? I know, such a flag still can be flipped then (by the customer), but as a first safety stage possibly sufficient enough.
Or perhaps something like that is already available (vaguely remember something like that for MV).
Thanks a lot,