Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1062377

Summary: RFE: configurable volume clearing options for nova
Product: Red Hat OpenStack Reporter: Daniel Berrangé <berrange>
Component: openstack-novaAssignee: Pádraig Brady <pbrady>
Status: CLOSED ERRATA QA Contact: Attila Darazs <adarazs>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.0CC: ajeain, breeler, dallan, dkwon, dmaley, ndipanov, pbrady, sgordon, sradvan, yeylon
Target Milestone: z2Keywords: FutureFeature, Triaged, ZStream
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-nova-2013.2.1-5.el6ost Doc Type: Enhancement
Doc Text:
In OpenStack Compute, new configurable methods to wipe volumes have been added. This allows more configurable tradeoffs between performance and security. The previous default of writing zeros over deleted volumes took a significant amount of time, and may not be needed. One can now set a global configuration setting to clear only part of a volume (to remove encryption keys for example), or to disable clearing completely. Additionally a new 'shred' capability is available to overwrite with random data instead of zeros.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-04 19:05:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daniel Berrangé 2014-02-06 18:22:23 UTC 
Description of problem:
Currently the LVM driver in libvirt will unconditionally call 'dd' upon volume delete. 

Cinder meanwhile has a variety of config options for this

  # Method used to wipe old voumes (valid options are: none,
  # zero, shred) (string value)
  #volume_clear=zero

  # Size in MiB to wipe at start of old volumes. 0 => all
  # (integer value)
  #volume_clear_size=0

Nova needs to support these exact same options to provide 100% parity of functionality between images and volumes.
Comment 4 Pádraig Brady 2014-02-12 18:12:09 UTC 
To test this, setup nova with

 [DEFAULT]
 libvirt_images_type=lvm
 libvirt_images_volume_group=as_setup_on_your_system

 [libvirt]
 # Select one of zero,none,shred
 volume_clear=zero

Then verify that when deleting images that:

1. Start and then delete an instance, then veryify that
dd if=/dev/zero ... writes to the volume being deleted.
You should have time to see the dd process writing zeros
as it's generally in the GB range (the size of the root disk).

2. Change the volume_clear setting above to 'none',
and restart nova, and a new instance and verify that
on deletion the dd process is not run
Comment 6 Xavier Queralt 2014-02-19 22:10:12 UTC 
*** Bug 1057371 has been marked as a duplicate of this bug. ***
Comment 7 Attila Darazs 2014-02-20 17:21:37 UTC 
When set to 'zero', the dd process was visible in the task list for several seconds, while on 'none' the lvm volume just quickly disappeared without triggering dd. Verified.
Comment 9 errata-xmlrpc 2014-03-04 19:05:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2014-0231.html