3d778db0c4
In https://review.opendev.org/#/c/704725 we merged a change to allow the agent to navigate read-only block devices. By default we always failed on the more secure "erase_devices" clean step as meta-data only erasure still leaves any sensitive information on the storage medium. That being said, it may be operationally okay for read-only devices to be ignored during the "erase_devices" clean step. Only the operator can make that call, and we should enable them to be able to assert that in the configuration to IPA. Change-Id: I475f0215eb0bd149c2d21e6962429181b63e8bdb
13 lines
503 B
YAML
13 lines
503 B
YAML
---
|
|
features:
|
|
- |
|
|
Adds the capability for an operator to set a configuration setting which
|
|
tells the ironic-python-agent it is okay to skip read-only block devices
|
|
when performing an ``erase_devices`` cleaning operation. This requires
|
|
ironic-python-agent version 6.0.0 or greater and can be set using the
|
|
``[deploy]erase_skip_read_only`` configuration option.
|
|
other:
|
|
- |
|
|
Starting in ironic-python-agent 6.0.0, metadata erasure of read-only
|
|
devices is skipped by default.
|