[DOC] Set cleaning requirement with retirement
Per discussion in IRC, the retirement documentation sets forth an understanding that sensitive data will be removed from the baremetal node, however this is performed through cleaning which inherently sets forth a requirement in automated cleaning. Explicitly note, and provide options should an operator wish to utilize the feature. Change-Id: I6755433b97cacd6ebf6a8f7eb5b404697e0a4349
This commit is contained in:
Julia Kreger
parent
8604a799aa
commit
6ea38a47c5
@ -23,6 +23,27 @@ scheduling of instances, but will still allow for other operations,
|
||||
such as cleaning, to happen (this marks an important difference to
|
||||
nodes which have the ``maintenance`` flag set).
|
||||
|
||||
Requirements
|
||||
============
|
||||
|
||||
The use of the retirement feature requires that automated cleaning
|
||||
be enabled. The default ``[conductor]automated_clean`` setting must
|
||||
not be disabled as the retirement feature is only engaged upon
|
||||
the completion of cleaning as it sets forth the expectation of removing
|
||||
sensitive data from a node.
|
||||
|
||||
If you're uncomfortable with full cleaning, but want to make use of the
|
||||
the retirement feature, a compromise may be to explore use of metadata
|
||||
erasure, however this will leave additional data on disk which you may
|
||||
wish to erase completely. Please consult the configuration for the
|
||||
``[deploy]erase_devices_metadata_priority`` and
|
||||
``[deploy]erase_devices_priority`` settings, and do note that
|
||||
clean steps can be manually invoked through manual cleaning should you
|
||||
wish to trigger the ``erase_devices`` clean step to completely wipe
|
||||
all data from storage devices. Alternatively, automated cleaning can
|
||||
also be enabled on an individual node level using the
|
||||
``baremetal node set --automated-clean <node_id>`` command.
|
||||
|
||||
How to use
|
||||
==========
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user