Ironic

erase_devices_iterations controls the number of random passes, not total passes

Bug #1568811 reported by Mathieu Mitchell
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ironic
Fix Released
Low
Mathieu Mitchell

Bug Description

Currently, the [deploy] erase_devices_iterations configuration setting controls the number of random passes shred runs on the device.

Ironic reads the setting from the config, and pushes it to IPA:
https://github.com/openstack/ironic/blob/4482eaa59b3ad4f92d7097231100260a487215f4/ironic/drivers/modules/deploy_utils.py#L638
Ironic defaults to one unless provided in the configuration file:
https://github.com/openstack/ironic/blob/4482eaa59b3ad4f92d7097231100260a487215f4/ironic/drivers/modules/deploy_utils.py#L69

IPA reads it and defaults to "1":
https://github.com/openstack/ironic-python-agent/blob/a630a921d3ec3ec8af84a756247d92b6910c2110/ironic_python_agent/hardware.py#L621

However, invoking shred on the command line reveals the following:
ubuntu@ubuntu:~$ shred --force --zero --verbose --iterations 1 my_block_device
shred: my_block_device: pass 1/2 (random)...
shred: my_block_device: pass 2/2 (000000)...

Running shred with --iterations 0 is probably was was intended, aka only one pass and only zeroes:
ubuntu@ubuntu:~$ shred --force --zero --verbose --iterations 0 my_block_device
shred: my_block_device: pass 1/1 (000000)...

OpenStack Infra (hudson-openstack)
Changed in ironic:
assignee: nobody → Mathieu Mitchell (mat128)
status: New → In Progress
Dmitry Tantsur (divius)
Changed in ironic:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to ironic (master)

Reviewed: https://review.openstack.org/304101
Committed: https://git.openstack.org/cgit/openstack/ironic/commit/?id=c47c6d2ab54f88a054c9e1566c02c219bd1a79c0
Submitter: Jenkins
Branch: master

commit c47c6d2ab54f88a054c9e1566c02c219bd1a79c0
Author: Mathieu Mitchell <email address hidden>
Date: Mon Apr 11 08:27:08 2016 -0400

    Allow configuring shred's final overwrite with zeros

    Introduce shred_final_overwrite_with_zeros, a new configuration option
    to control whether devices will receive a final overwrite with zeros
    during cleaning. Additionally, rename erase_devices_iterations to
    shred_random_overwrite_iterations to clarify the true meaning of this
    configuration option.

    Also, ensure a warning is raised in the logs to raise awareness around
    the potential security risk of running cleaning with iterations=0 and
    overwrite_with_zeros=False.

    Change-Id: I0dd3f488ab2cd0df778f34a5a23948fa0c6c4334
    Closes-Bug: #1568811
    Depends-On: I7053034f5b5bc6737b535ee601e6fb71284d4a83

Changed in ironic:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/ironic 6.0.0

This issue was fixed in the openstack/ironic 6.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.