Merge "Add support for using NVMe specific cleaning"

ironic/conf/deploy.py

@@ -32,6 +32,14 @@ opts = [
                 mutable=True,
                 help=_('Whether to support the use of ATA Secure Erase '
                        'during the cleaning process. Defaults to True.')),
+    cfg.BoolOpt('enable_nvme_secure_erase',
+                default=True,
+                mutable=True,
+                help=_('Whether to support the use of NVMe Secure Erase '
+                       'during the cleaning process. Currently nvme-cli '
+                       'format command is supported with user-data and '
+                       'crypto modes, depending on device capabilities.'
+                       'Defaults to True.')),
     cfg.IntOpt('erase_devices_priority',
                mutable=True,
                help=_('Priority to run in-band erase devices via the Ironic '
@@ -66,12 +74,12 @@ opts = [
     cfg.BoolOpt('continue_if_disk_secure_erase_fails',
                 default=False,
                 mutable=True,
-                help=_('Defines what to do if an ATA secure erase operation '
-                       'fails during cleaning in the Ironic Python Agent. '
-                       'If False, the cleaning operation will fail and the '
-                       'node will be put in ``clean failed`` state. '
-                       'If True, shred will be invoked and cleaning will '
-                       'continue.')),
+                help=_('Defines what to do if a secure erase operation '
+                       '(NVMe or ATA) fails during cleaning in the Ironic '
+                       'Python Agent. If False, the cleaning operation will '
+                       'fail and the node will be put in ``clean failed`` '
+                       'state. If True, shred will be invoked and cleaning '
+                       'will continue.')),
     cfg.IntOpt('disk_erasure_concurrency',
                default=1,
                min=1,

ironic/drivers/modules/deploy_utils.py

@@ -308,7 +308,16 @@ def agent_add_clean_params(task):
     zeroize = CONF.deploy.shred_final_overwrite_with_zeros
     info['agent_erase_devices_zeroize'] = zeroize
     erase_fallback = CONF.deploy.continue_if_disk_secure_erase_fails
+    info['agent_continue_if_secure_erase_failed'] = erase_fallback
+    # NOTE(janders) ``agent_continue_if_ata_erase_failed`` is deprecated and
+    # will be removed in the "Y" cycle. The replacement option
+    # ``agent_continue_if_secure_erase_failed`` is used to control shred
+    #  fallback for both ATA Secure Erase and NVMe Secure Erase.
+    # The ``agent_continue_if_ata_erase_failed`` line can
+    # be deleted along with this comment when support for it is fully removed.
     info['agent_continue_if_ata_erase_failed'] = erase_fallback
+    nvme_secure_erase = CONF.deploy.enable_nvme_secure_erase
+    info['agent_enable_nvme_secure_erase'] = nvme_secure_erase
     secure_erase = CONF.deploy.enable_ata_secure_erase
     info['agent_enable_ata_secure_erase'] = secure_erase
     info['disk_erasure_concurrency'] = CONF.deploy.disk_erasure_concurrency

ironic/tests/unit/drivers/modules/test_deploy_utils.py

@@ -1112,6 +1112,7 @@ class AgentMethodsTestCase(db_base.DbTestCase):
                               'deploy')
         cfg.CONF.set_override('enable_ata_secure_erase', False, 'deploy')
         cfg.CONF.set_override('disk_erasure_concurrency', 8, 'deploy')
+        cfg.CONF.set_override('enable_nvme_secure_erase', False, 'deploy')
         with task_manager.acquire(
                 self.context, self.node.uuid, shared=False) as task:
             utils.agent_add_clean_params(task)
@@ -1120,11 +1121,13 @@ class AgentMethodsTestCase(db_base.DbTestCase):
             self.assertIs(False, task.node.driver_internal_info[
                 'agent_erase_devices_zeroize'])
             self.assertIs(True, task.node.driver_internal_info[
-                'agent_continue_if_ata_erase_failed'])
+                'agent_continue_if_secure_erase_failed'])
             self.assertIs(False, task.node.driver_internal_info[
                 'agent_enable_ata_secure_erase'])
             self.assertEqual(8, task.node.driver_internal_info[
                 'disk_erasure_concurrency'])
+            self.assertIs(False, task.node.driver_internal_info[
+                'agent_enable_nvme_secure_erase'])
 
     @mock.patch('ironic.conductor.utils.is_fast_track', autospec=True)
     @mock.patch.object(pxe.PXEBoot, 'prepare_ramdisk', autospec=True)

releasenotes/notes/adds-nvme-erase-switch-fa91e867e45ede3c.yaml

@@ -0,0 +1,14 @@
+---
+features:
+  - |
+    Adds the ``[deploy]enable_nvme_secure_erase`` option which allows the
+    operator to enable NVMe format option for all nodes being managed by
+    the conductor.
+deprecations:
+  - |
+    Deprecates ATA specific ``agent_continue_if_ata_erase_failed`` agent's
+    option which is replaced with ``agent_continue_if_secure_erase_failed``.
+    The new option supports both ATA and NVMe secure erase. In order to ensure
+    a smooth migration to the new configuration option, the operators need to
+    upgrade Ironic Python Agent image to Wallaby release prior to upgrading
+    Ironic Conductor to Xena.