From e2d5bbc41e3e7ab4952dab55094c88933d4b7143 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Thu, 1 Sep 2016 15:17:33 +0200 Subject: Ironic: configure disk erasing during cleaning Cleaning is run before the first and between every deployments to ensure that the node is in a clean state (hence its name). The most important part of it is wiping the hard drive. This change allows tuning this action. A new option IronicCleaningDiskErase accepts the following options: * full - for full cleaning with removing the data via ATA secure erase or shred * metadata - for cleaning only partitioning table. The third option "none" is suppored by Puppet but is not advertised here as disabling disk wiping completely is known to cause bugs. Note that the upstream Ironic default is a bit unfortunate: it enabled both processes. We set the default to "full" which has the same effect, but is faster. Change-Id: I46632f71f7ab63daac243acefa5166c58ca05da0 Partially-Implements: blueprint ironic-integration --- puppet/services/ironic-conductor.yaml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'puppet/services') diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index e9b4da6f..4b71ead0 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -18,6 +18,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + IronicCleaningDiskErase: + default: 'full' + description: Type of disk cleaning before and between deployments, + "full" for full cleaning, "metadata" to clean only disk + metadata (partition table). + type: string IronicEnabledDrivers: default: ['pxe_ipmitool', 'agent_ipmitool'] description: Enabled Ironic drivers @@ -54,6 +60,7 @@ outputs: # FIXME: I have no idea why neutron_url is in "api" manifest - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} # We need an endpoint containing a real IP, not a VIP here ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} -- cgit 1.2.3-korg