Provide knob to disable ata secure erase

We need to allow the operator to able to
explicitly disable secure erase, in case
it is problematic in their environment
or hardware.

Change-Id: I4c68efa65cdd7f88f54f8dd9a8bcbeee9e8124a8
Story: #2002546
Task: #22108
This commit is contained in:
Julia Kreger 2018-06-13 12:20:22 -07:00
parent 5c94cc434c
commit d9f59d94f2
3 changed files with 26 additions and 3 deletions

View File

@ -771,14 +771,15 @@ class GenericHardwareManager(HardwareManager):
LOG.info("Skipping the erase of virtual media device %s",
block_device.name)
return
info = node.get('driver_internal_info', {})
# Note(TheJulia) Use try/except to capture and log the failure
# and then revert to attempting to shred the volume if enabled.
try:
if self._ata_erase(block_device):
execute_secure_erase = info.get(
'agent_enable_ata_secure_erase', True)
if execute_secure_erase and self._ata_erase(block_device):
return
except errors.BlockDeviceEraseError as e:
info = node.get('driver_internal_info', {})
execute_shred = info.get(
'agent_continue_if_ata_erase_failed', False)
if execute_shred:

View File

@ -1673,6 +1673,22 @@ class TestGenericHardwareManager(base.IronicAgentTest):
self.hardware.erase_block_device(self.node, block_device)
self.assertTrue(mock_shred.called)
@mock.patch.object(hardware.GenericHardwareManager, '_shred_block_device',
autospec=True)
@mock.patch.object(utils, 'execute', autospec=True)
def test_erase_block_device_ata_erase_disabled(
self, mocked_execute, mock_shred):
info = self.node['driver_internal_info']
info['agent_enable_ata_secure_erase'] = False
block_device = hardware.BlockDevice('/dev/sda', 'big', 1073741824,
True)
self.hardware.erase_block_device(self.node, block_device)
self.assertTrue(mock_shred.called)
self.assertFalse(mocked_execute.called)
def test_normal_vs_enhanced_security_erase(self):
@mock.patch.object(utils, 'execute', autospec=True)
def test_security_erase_option(test_case,

View File

@ -0,0 +1,6 @@
---
features:
- |
Adds the ability for the Bare Metal service conductor
service to explicitly choose to disable ATA Secure Erase
from being executed.