Add knob for read-only and "erase_devices"
In https://review.opendev.org/#/c/704725 we merged a change to allow the agent to navigate read-only block devices. By default we always failed on the more secure "erase_devices" clean step as meta-data only erasure still leaves any sensitive information on the storage medium. That being said, it may be operationally okay for read-only devices to be ignored during the "erase_devices" clean step. Only the operator can make that call, and we should enable them to be able to assert that in the configuration to IPA. Change-Id: I475f0215eb0bd149c2d21e6962429181b63e8bdb
This commit is contained in:
parent
0e65f0134d
commit
3d778db0c4
@ -147,6 +147,17 @@ opts = [
|
|||||||
'Test" and typical ramdisk start-up. This value should '
|
'Test" and typical ramdisk start-up. This value should '
|
||||||
'not exceed the [api]ramdisk_heartbeat_timeout '
|
'not exceed the [api]ramdisk_heartbeat_timeout '
|
||||||
'setting.')),
|
'setting.')),
|
||||||
|
cfg.BoolOpt('erase_skip_read_only',
|
||||||
|
default=False,
|
||||||
|
mutable=True,
|
||||||
|
help=_('If the ironic-python-agent should skip read-only '
|
||||||
|
'devices when running the "erase_devices" clean step '
|
||||||
|
'where block devices are zeroed out. This requires '
|
||||||
|
'ironic-python-agent 6.0.0 or greater. By default '
|
||||||
|
'a read-only device will cause non-metadata based '
|
||||||
|
'cleaning operations to fail due to the possible '
|
||||||
|
'operational security risk of data being retained '
|
||||||
|
'between deployments of the bare metal node.')),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -311,6 +311,7 @@ def agent_add_clean_params(task):
|
|||||||
secure_erase = CONF.deploy.enable_ata_secure_erase
|
secure_erase = CONF.deploy.enable_ata_secure_erase
|
||||||
info['agent_enable_ata_secure_erase'] = secure_erase
|
info['agent_enable_ata_secure_erase'] = secure_erase
|
||||||
info['disk_erasure_concurrency'] = CONF.deploy.disk_erasure_concurrency
|
info['disk_erasure_concurrency'] = CONF.deploy.disk_erasure_concurrency
|
||||||
|
info['agent_erase_skip_read_only'] = CONF.deploy.erase_skip_read_only
|
||||||
|
|
||||||
task.node.driver_internal_info = info
|
task.node.driver_internal_info = info
|
||||||
task.node.save()
|
task.node.save()
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds the capability for an operator to set a configuration setting which
|
||||||
|
tells the ironic-python-agent it is okay to skip read-only block devices
|
||||||
|
when performing an ``erase_devices`` cleaning operation. This requires
|
||||||
|
ironic-python-agent version 6.0.0 or greater and can be set using the
|
||||||
|
``[deploy]erase_skip_read_only`` configuration option.
|
||||||
|
other:
|
||||||
|
- |
|
||||||
|
Starting in ironic-python-agent 6.0.0, metadata erasure of read-only
|
||||||
|
devices is skipped by default.
|
Loading…
Reference in New Issue
Block a user