Merge "Configure cleaning parameters"

manifests/conductor.pp

@@ -52,6 +52,19 @@
 #   to a ramdisk for cleaning using Neutron DHCP.
 #   Defaults to $::os_service_default
 #
+# [*cleaning_disk_erase*]
+#   (optional) Whether and how to erase hard drives during automated cleaning.
+#   Accepts the following values:
+#   * full - erase all data from all disks,
+#   * metadata - erase only metadata (partitioning table, etc),
+#   * none - do not erase anything (dangerous, use with caution).
+#   Defaults to undef, which leaves the configuration intact
+#
+# [*continue_if_disk_secure_erase_fails*]
+#   (optional) Whether to continue with shredding the hard drive if secure ATA
+#   erasure fails. Only makes sense if full hard disk erasing is enabled.
+#   Defaults to $::os_service_default
+#
 # [*api_url*]
 #   (optional) Ironic API URL.
 #   Defaults to $::os_service_default
@@ -69,6 +82,8 @@ class ironic::conductor (
   $automated_clean                      = $::os_service_default,
   $swift_account                        = $::os_service_default,
   $cleaning_network_uuid                = $::os_service_default,
+  $cleaning_disk_erase                  = undef,
+  $continue_if_disk_secure_erase_fails  = $::os_service_default,
   $api_url                              = $::os_service_default,
   $provisioning_network_uuid            = $::os_service_default,
 ) {
@@ -77,6 +92,29 @@ class ironic::conductor (
 
   Ironic_config<||> ~> Service['ironic-conductor']
 
+  if $cleaning_disk_erase {
+    validate_re($cleaning_disk_erase, ['^full$', '^metadata$', '^none$'])
+  }
+
+  case $cleaning_disk_erase {
+    'full': {
+      $erase_devices_priority = 10
+      $erase_devices_metadata_priority = 0
+    }
+    'metadata': {
+      $erase_devices_priority = 0
+      $erase_devices_metadata_priority = 10
+    }
+    'none': {
+      $erase_devices_priority = 0
+      $erase_devices_metadata_priority = 0
+    }
+    default: {
+      $erase_devices_priority = $::os_service_default
+      $erase_devices_metadata_priority = $::os_service_default
+    }
+  }
+
   # Configure ironic.conf
   ironic_config {
     'conductor/max_time_interval': value => $max_time_interval;
@@ -86,6 +124,9 @@ class ironic::conductor (
     'glance/swift_account': value => $swift_account;
     'neutron/cleaning_network_uuid': value => $cleaning_network_uuid;
     'neutron/provisioning_network_uuid': value => $provisioning_network_uuid;
+    'deploy/erase_devices_priority': value => $erase_devices_priority;
+    'deploy/erase_devices_metadata_priority': value => $erase_devices_metadata_priority;
+    'deploy/continue_if_disk_secure_erase_fails': value => $continue_if_disk_secure_erase_fails;
   }
 
   # Install package

releasenotes/notes/cleaning-erase-2f8b60ae729c86e4.yaml

@@ -0,0 +1,18 @@
+---
+features:
+    - |
+      Add new option ``ironic::conductor::cleaning_disk_erase`` for tweaking
+      how Ironic erases hard drive during cleaning. Possible values:
+
+      * *full* - erase all data on all hard drives using either ATA secure
+        erase or ``shred`` utility.
+
+      * *metadata* - erase only disk metadata on all hard drives, leaving
+        data intact.
+
+      * *none* - do not erase anything (only use it if you have other means
+        of erasing hard drives in place).
+
+    - Add new option ``ironic::conductor::continue_if_disk_secure_erase_fails``
+      which defines whether ironic should fall back to ``shred`` utility
+      if ATA secure erase is available, but fails in the process.

spec/classes/ironic_conductor_spec.rb

@@ -66,6 +66,7 @@ describe 'ironic::conductor' do
       is_expected.to contain_ironic_config('glance/swift_account').with(:value => '<SERVICE DEFAULT>')
       is_expected.to contain_ironic_config('neutron/cleaning_network_uuid').with(:value => '<SERVICE DEFAULT>')
       is_expected.to contain_ironic_config('neutron/provisioning_network_uuid').with(:value => '<SERVICE DEFAULT>')
+      is_expected.to contain_ironic_config('deploy/continue_if_disk_secure_erase_fails').with(:value => '<SERVICE DEFAULT>')
     end
 
     context 'when overriding parameters' do
@@ -77,7 +78,8 @@ describe 'ironic::conductor' do
           :swift_account                 => '00000000-0000-0000-0000-000000000000',
           :cleaning_network_uuid         => '00000000-0000-0000-0000-000000000000',
           :api_url                       => 'https://127.0.0.1:6385',
-          :provisioning_network_uuid     => '00000000-0000-0000-0000-000000000000'
+          :provisioning_network_uuid     => '00000000-0000-0000-0000-000000000000',
+          :cleaning_disk_erase           => 'metadata',
         )
       end
       it 'should replace default parameter with new value' do
@@ -88,6 +90,8 @@ describe 'ironic::conductor' do
         is_expected.to contain_ironic_config('glance/swift_account').with_value(p[:swift_account])
         is_expected.to contain_ironic_config('neutron/cleaning_network_uuid').with_value('00000000-0000-0000-0000-000000000000')
         is_expected.to contain_ironic_config('neutron/provisioning_network_uuid').with_value('00000000-0000-0000-0000-000000000000')
+        is_expected.to contain_ironic_config('deploy/erase_devices_priority').with_value(0)
+        is_expected.to contain_ironic_config('deploy/erase_devices_metadata_priority').with_value(10)
       end
     end