openstack/ironic
Code Issues Proposed changes

Improve efficiency of storage cleaning in mixed media envs -

Browse Source 
documentation

Change https://review.opendev.org/c/openstack/ironic-python-agent/+/818712
improved efficiency of storage cleaning in hybrid NVMe + HDD
environments by adding `erase_devices_express` clean step. This is a
follow up change adding the documentation for this feature.

Story: 2009264
Task: 43498
Change-Id: I33ba925460cc31cc69e58f3e3ff31a0731aee1dc
This commit is contained in:
Jacob Anders 2022-03-16 20:41:50 +10:00
parent 01dd06a176
commit 687694c83c
1 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
doc/source/admin/cleaning.rst
View File

@ -73,6 +73,60 @@ cleaning steps.
See `How do I change the priority of a cleaning step?`_ for more information. See `How do I change the priority of a cleaning step?`_ for more information.
Storage cleaning options
------------------------
Clean steps specific to storage are ``erase_devices``,
``erase_devices_metadata`` and (added in Yoga) ``erase_devices_express``.
``erase_devices`` aims to ensure that the data is removed in the most secure
way available. On devices that support hardware assisted secure erasure
(many NVMe and some ATA drives) this is the preferred option. If
hardware-assisted secure erasure is not available and if
``[deploy]/continue_if_disk_secure_erase_fails`` is set to ``True``, cleaning
will fall back to using ``shred`` to overwrite the contents of the device.
Otherwise cleaning will fail. It is important to note that ``erase_devices``
may take a very long time (hours or even days) to complete, unless fast,
hardware assisted data erasure is supported by all the devices in a system.
Generally, it is very difficult (if possible at all) to recover data after
performing cleaning with ``erase_devices``.
``erase_devices_metadata`` clean step doesn't provide as strong assurance
of irreversible destruction of data as ``erase_devices``. However, it has the
advantage of a reasonably quick runtime (seconds to minutes). It operates by
destroying metadata of the storage device without erasing every bit of the
data itself. Attempts of restoring data after running
``erase_devices_metadata`` may be successful but would certainly require
relevant expertise and specialized tools.
Lastly, ``erase_devices_express`` combines some of the perks of both
``erase_devices`` and ``erase_devices_metadata``. It attempts to utilize
hardware assisted data erasure features if available (currently only NVMe
devices are supported). In case hardware-asssisted data erasure is not
available, it falls back to metadata erasure for the device (which is
identical to ``erase_devices_metadata``). It can be considered a
time optimized mode of storage cleaning, aiming to perform as thorough
data erasure as it is possible within a short period of time.
This clean step is particularly well suited for environments with hybrid
NVMe-HDD storage configuration as it allows fast and secure erasure of data
stored on NVMes combined with equally fast but more basic metadata-based
erasure of data on HDDs.
``erase_devices_express`` is disabled by default. In order to use it, the
following configuration is recommended.
.. code-block:: ini
[deploy]/erase_devices_priority=0
[deploy]/erase_devices_metadata_priority=0
[conductor]/clean_step_priority_override=deploy.erase_devices_express:5
This ensures that ``erase_devices`` and ``erase_devices_metadata`` are
disabled so that storage is not cleaned twice and then assigns a non-zero
priority to ``erase_devices_express``, hence enabling it. Any non-zero
priority specified in the priority override will work.
Also `[deploy]/enable_nvme_secure_erase` should not be disabled (it is on by default).
.. show-steps:: .. show-steps::
:phase: cleaning :phase: cleaning