[ansible] Add more thorough disk metadata cleanup

If disks are not being shred completely, some partitioning metadata that was stored in the headers of partitions themselves can still survive partition table data cleanup, and later can interfere with new partitioning scheme on nodes when new partition sizes are the same but their metadata (for example boot flag) is changed. This patch adds a set of tasks that will wipe a small amount of blocks (1024 by default) before and after partition boundatries to make sure those will not be re-read. Change-Id: I251d77be24ab6052d3f1f8cb5af68d477cf1f270 Co-Authored-By: Ihor Pukha <ipukha@mirantis.com>
2017-01-23 16:58:08 +00:00 · 2017-01-23 16:58:08 +00:00 · 0800a24d5f
parent bfa752be23
commit 0800a24d5f
3 changed files with 32 additions and 3 deletions
--- a/ironic_staging_drivers/ansible/playbooks/roles/clean/defaults/main.yaml
+++ b/ironic_staging_drivers/ansible/playbooks/roles/clean/defaults/main.yaml
@ -0,0 +1 @@
+sectors_to_wipe: 1024
--- a/ironic_staging_drivers/ansible/playbooks/roles/clean/tasks/wipe.yaml
+++ b/ironic_staging_drivers/ansible/playbooks/roles/clean/tasks/wipe.yaml
@ -0,0 +1,18 @@
+- name: store start and end of disk
+  set_fact:
+    start_sectors:
+      - 0
+    end_sectors:
+      - "{{ (device.value.sectors | int) - sectors_to_wipe }}"
+
+- name: update start and end sectors with such for partitions
+  set_fact:
+    start_sectors: "{{ start_sectors + [item.value.start | int ] }}"
+    end_sectors: "{{ end_sectors  + [ (item.value.start | int) + ( item.value.sectors | int) - sectors_to_wipe ] }}"
+  with_dict: "{{ device.value.partitions }}"
+
+- name: wipe starts and ends of disks and partitions
+  command: dd if=/dev/zero of=/dev/{{ device.key }} ibs={{ device.value.sectorsize }} obs={{ device.value.sectorsize }} count={{ sectors_to_wipe }} seek={{ item }}
+  with_flattened:
+    - "{{ start_sectors | map('int') | list | sort (reverse=True) }}"
+    - "{{ end_sectors | map('int') | list | sort (reverse=True) }}"
--- a/ironic_staging_drivers/ansible/playbooks/roles/clean/tasks/zap.yaml
+++ b/ironic_staging_drivers/ansible/playbooks/roles/clean/tasks/zap.yaml
@ -1,4 +1,14 @@
- name: wipe partition metadata
+# NOTE(pas-ha) this is to ensure that partition metadata that might be stored
+# in the start or end of partiton itself also becomes unusable
+# and does not interfere with future partition scheme if new partitions
+# happen to fall on the same boundaries where old partitions were.
+# NOTE(pas-ha) loop_control works with Ansible >= 2.1
+- include: wipe.yaml
+  with_dict: "{{ ansible_devices }}"
+  loop_control:
+    loop_var: device
+
+- name: wipe general partition table metadata
  become: yes
-  command: sgdisk -Z /dev/{{ item }}
-  with_items: "{{ ansible_devices }}"
+  command: sgdisk -Z /dev/{{ item.key }}
+  with_dict: "{{ ansible_devices }}"