Add support for using NVMe specific cleaning
This change adds support for utilising NVMe specific cleaning tools on supported devices. This will remove the neccessity of using shred to securely delete the contents of a NVMe drive and enable using nvme-cli tools instead, improving cleaning performance and reducing wear on the device. Story: 2008290 Task: 41168 Change-Id: I2f63db9b739e53699bd5f164b79640927bf757d7
This commit is contained in:
parent
e7a372b017
commit
b66471e39d
@ -32,6 +32,14 @@ opts = [
|
|||||||
mutable=True,
|
mutable=True,
|
||||||
help=_('Whether to support the use of ATA Secure Erase '
|
help=_('Whether to support the use of ATA Secure Erase '
|
||||||
'during the cleaning process. Defaults to True.')),
|
'during the cleaning process. Defaults to True.')),
|
||||||
|
cfg.BoolOpt('enable_nvme_secure_erase',
|
||||||
|
default=True,
|
||||||
|
mutable=True,
|
||||||
|
help=_('Whether to support the use of NVMe Secure Erase '
|
||||||
|
'during the cleaning process. Currently nvme-cli '
|
||||||
|
'format command is supported with user-data and '
|
||||||
|
'crypto modes, depending on device capabilities.'
|
||||||
|
'Defaults to True.')),
|
||||||
cfg.IntOpt('erase_devices_priority',
|
cfg.IntOpt('erase_devices_priority',
|
||||||
mutable=True,
|
mutable=True,
|
||||||
help=_('Priority to run in-band erase devices via the Ironic '
|
help=_('Priority to run in-band erase devices via the Ironic '
|
||||||
@ -66,12 +74,12 @@ opts = [
|
|||||||
cfg.BoolOpt('continue_if_disk_secure_erase_fails',
|
cfg.BoolOpt('continue_if_disk_secure_erase_fails',
|
||||||
default=False,
|
default=False,
|
||||||
mutable=True,
|
mutable=True,
|
||||||
help=_('Defines what to do if an ATA secure erase operation '
|
help=_('Defines what to do if a secure erase operation '
|
||||||
'fails during cleaning in the Ironic Python Agent. '
|
'(NVMe or ATA) fails during cleaning in the Ironic '
|
||||||
'If False, the cleaning operation will fail and the '
|
'Python Agent. If False, the cleaning operation will '
|
||||||
'node will be put in ``clean failed`` state. '
|
'fail and the node will be put in ``clean failed`` '
|
||||||
'If True, shred will be invoked and cleaning will '
|
'state. If True, shred will be invoked and cleaning '
|
||||||
'continue.')),
|
'will continue.')),
|
||||||
cfg.IntOpt('disk_erasure_concurrency',
|
cfg.IntOpt('disk_erasure_concurrency',
|
||||||
default=1,
|
default=1,
|
||||||
min=1,
|
min=1,
|
||||||
|
@ -308,7 +308,16 @@ def agent_add_clean_params(task):
|
|||||||
zeroize = CONF.deploy.shred_final_overwrite_with_zeros
|
zeroize = CONF.deploy.shred_final_overwrite_with_zeros
|
||||||
info['agent_erase_devices_zeroize'] = zeroize
|
info['agent_erase_devices_zeroize'] = zeroize
|
||||||
erase_fallback = CONF.deploy.continue_if_disk_secure_erase_fails
|
erase_fallback = CONF.deploy.continue_if_disk_secure_erase_fails
|
||||||
|
info['agent_continue_if_secure_erase_failed'] = erase_fallback
|
||||||
|
# NOTE(janders) ``agent_continue_if_ata_erase_failed`` is deprecated and
|
||||||
|
# will be removed in the "Y" cycle. The replacement option
|
||||||
|
# ``agent_continue_if_secure_erase_failed`` is used to control shred
|
||||||
|
# fallback for both ATA Secure Erase and NVMe Secure Erase.
|
||||||
|
# The ``agent_continue_if_ata_erase_failed`` line can
|
||||||
|
# be deleted along with this comment when support for it is fully removed.
|
||||||
info['agent_continue_if_ata_erase_failed'] = erase_fallback
|
info['agent_continue_if_ata_erase_failed'] = erase_fallback
|
||||||
|
nvme_secure_erase = CONF.deploy.enable_nvme_secure_erase
|
||||||
|
info['agent_enable_nvme_secure_erase'] = nvme_secure_erase
|
||||||
secure_erase = CONF.deploy.enable_ata_secure_erase
|
secure_erase = CONF.deploy.enable_ata_secure_erase
|
||||||
info['agent_enable_ata_secure_erase'] = secure_erase
|
info['agent_enable_ata_secure_erase'] = secure_erase
|
||||||
info['disk_erasure_concurrency'] = CONF.deploy.disk_erasure_concurrency
|
info['disk_erasure_concurrency'] = CONF.deploy.disk_erasure_concurrency
|
||||||
|
@ -1147,6 +1147,7 @@ class AgentMethodsTestCase(db_base.DbTestCase):
|
|||||||
'deploy')
|
'deploy')
|
||||||
cfg.CONF.set_override('enable_ata_secure_erase', False, 'deploy')
|
cfg.CONF.set_override('enable_ata_secure_erase', False, 'deploy')
|
||||||
cfg.CONF.set_override('disk_erasure_concurrency', 8, 'deploy')
|
cfg.CONF.set_override('disk_erasure_concurrency', 8, 'deploy')
|
||||||
|
cfg.CONF.set_override('enable_nvme_secure_erase', False, 'deploy')
|
||||||
with task_manager.acquire(
|
with task_manager.acquire(
|
||||||
self.context, self.node.uuid, shared=False) as task:
|
self.context, self.node.uuid, shared=False) as task:
|
||||||
utils.agent_add_clean_params(task)
|
utils.agent_add_clean_params(task)
|
||||||
@ -1155,11 +1156,13 @@ class AgentMethodsTestCase(db_base.DbTestCase):
|
|||||||
self.assertIs(False, task.node.driver_internal_info[
|
self.assertIs(False, task.node.driver_internal_info[
|
||||||
'agent_erase_devices_zeroize'])
|
'agent_erase_devices_zeroize'])
|
||||||
self.assertIs(True, task.node.driver_internal_info[
|
self.assertIs(True, task.node.driver_internal_info[
|
||||||
'agent_continue_if_ata_erase_failed'])
|
'agent_continue_if_secure_erase_failed'])
|
||||||
self.assertIs(False, task.node.driver_internal_info[
|
self.assertIs(False, task.node.driver_internal_info[
|
||||||
'agent_enable_ata_secure_erase'])
|
'agent_enable_ata_secure_erase'])
|
||||||
self.assertEqual(8, task.node.driver_internal_info[
|
self.assertEqual(8, task.node.driver_internal_info[
|
||||||
'disk_erasure_concurrency'])
|
'disk_erasure_concurrency'])
|
||||||
|
self.assertIs(False, task.node.driver_internal_info[
|
||||||
|
'agent_enable_nvme_secure_erase'])
|
||||||
|
|
||||||
@mock.patch('ironic.conductor.utils.is_fast_track', autospec=True)
|
@mock.patch('ironic.conductor.utils.is_fast_track', autospec=True)
|
||||||
@mock.patch.object(pxe.PXEBoot, 'prepare_ramdisk', autospec=True)
|
@mock.patch.object(pxe.PXEBoot, 'prepare_ramdisk', autospec=True)
|
||||||
|
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds the ``[deploy]enable_nvme_secure_erase`` option which allows the
|
||||||
|
operator to enable NVMe format option for all nodes being managed by
|
||||||
|
the conductor.
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Deprecates ATA specific ``agent_continue_if_ata_erase_failed`` agent's
|
||||||
|
option which is replaced with ``agent_continue_if_secure_erase_failed``.
|
||||||
|
The new option supports both ATA and NVMe secure erase. In order to ensure
|
||||||
|
a smooth migration to the new configuration option, the operators need to
|
||||||
|
upgrade Ironic Python Agent image to Wallaby release prior to upgrading
|
||||||
|
Ironic Conductor to Xena.
|
Loading…
Reference in New Issue
Block a user