Allow for configurable policy for wiping data when deleting volumes
Bug #1022511 reported by
Daniel Berrange
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Fix Released
|
Wishlist
|
Pádraig Brady | ||
OpenStack Compute (nova) |
Won't Fix
|
Wishlist
|
Pádraig Brady |
Bug Description
When deleting volumes in Nova, it will fill the entire file with zeros. This can take a long time, and may be considered unnecessary in some deployment environments. On the other hand it may also be considered insufficiently paranoid. There ought to be a configurable policy for wiping data, allowing for no wiping, zeroing, or one of the scrub command algorithms. See also this thread.
affects: | nova → cinder |
Changed in cinder: | |
importance: | Undecided → Wishlist |
Changed in nova: | |
importance: | Undecided → Wishlist |
Changed in cinder: | |
milestone: | none → grizzly-3 |
status: | Fix Committed → Fix Released |
Changed in cinder: | |
milestone: | grizzly-3 → 2013.1 |
To post a comment you must log in.
I was intending to look at this at some stage.
Configuration is a good thing here to support various devices and security standards.
Some notes I have for various options:
none $dev/queue/ discard_ zeroes_ data sector- ranges. That's a bit awkward though...
Don't bother, or leave to lower layers (see discard)
zero
dd bs=1M if=/dev/zero
shred
# doesn't use /dev/urandom by default as very slow and overkill
# uses 3 passes by default
# does not yet support DoD 5220 rules
# does not yet support ATA secure erase
discard
# benefits on SSDs to return blocks to pool and efficiently erase
# some devices don's zero on discard. See /sys/block/
# lvm supports directly since 2.02.85 (04/2011) with issue_discards=1 in /etc/lvm/lvm.conf
# manual trim call with hdparm --trim-
# ... must look into adding simple support to some command (fstrim, truncate,shred?)
# Note mkfs.* generally do a trim of the device first anyway
I'd not considered a partial overwrite of the start of the device,
as discussed in the referenced email thread. Does that provide
any functional benefit?