Bug 1303484 - [Docs] [VMM] [RFE] Document how to confirm a virtual disk has been deleted correctly when 'wipe after delete' is selected
Summary: [Docs] [VMM] [RFE] Document how to confirm a virtual disk has been deleted co...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ovirt-3.6.4
: ---
Assignee: Byron Gravenorst
QA Contact: Megan Lewis
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-02-01 01:09 UTC by Andrew Dahms
Modified: 2019-10-10 11:06 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-20 01:29:45 UTC
oVirt Team: Docs
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Andrew Dahms 2016-02-01 01:09:58 UTC
When users delete a virtual disk, they have the option to select 'wipe after delete', which ensures the contents of the disk are deleted. Simple instructions on how users can confirm that this operation has taken place must be added to the Virtual Machine Management guide.

Comment 1 Lucy Bopf 2016-02-08 00:11:00 UTC
Assigning to Byron for review.

Byron, we will need to reach out to engineering to find out how users can confirm that a disk's contents have been wiped.

Comment 6 Nir Soffer 2016-03-02 23:10:47 UTC
Note that the method described above is not practical if another vm is using a disk on the same vg, or new disk is created while you check the data on the pv.

If another vm is running, and its disk becomes too full, we extend the vm disk, using free extents on the vg. The new space used for the extension may use the old disk extents. Same for new disk, it may use the old disk extents. When we check the data in the pv, we may see data from the other vm data copied into the new disk.

In normal production environment, it is not possible to verify that disk were wiped by checking actual data on a pv. Checking the logs as explained in comment 3 is the best way.

Comment 12 Idan Shaby 2016-03-14 12:57:20 UTC
Hi Yoshinori,

Wipe after delete is a property of the disk, not a property of the deletion operation.

When you set this property to true for a disk, as Nir said, we guarantee that:
*** New disks that will be created on the same storage will not expose data from old ones. ***

That's the bottom line, but in case that you want to understand why and when we wipe, these are the implementation details:
On block storage, we implement it by writing zeros on the lv (the disk) before we remove it. That is why the engine sends postZero='true' to vdsm.
On file storage, as Nir said, the file system already guarantees not to expose data from old files when creating new files. So writing zeros is not needed and thus the engine sends postZero='false' to vdsm.

When I wrote comment 3, I thought that we were talking about block storage (because only then writing zeros is relevant), my apologies.

So why do we let the user set this property on File based disks at all?
Because as I said earlier, in case that a disk's wipe after delete is set to true, we know that whenever we delete this disk, new disks that will be created on the same storage will not expose data from old ones. So as long as this disk relies on a file storage, we will send postZero='false', but if this disk is moved to a block storage, we will send postZero='true'.

If you need any further information, don't hesitate to ask.

Comment 13 Byron Gravenorst 2016-03-23 01:19:48 UTC
*** Documentation link:

http://file.bne.redhat.com/~bgraveno/1303484/doc-Administration_Guide/#Settings_to_Wipe_Virtual_Disks_After_Deletion

http://file.bne.redhat.com/~bgraveno/1303484/doc-Virtual_Machine_Management_Guide/#Removing_Virtual_Disks_From_Virtual_Machines


**** Git link:

https://gitlab.cee.redhat.com/rhci-documentation/docs-Red_Hat_Enterprise_Virtualization/merge_requests/95


*** What's changed:

Administration Guide:

- Added new information to check file logs to confirm that data has been wiped.

- Also mentioned wipe_after_delete only works on block storage.

Virtual Machine Management Guide:

- Added paragraph refering to the Admin Guide for information about checking the logs


*** Notes:

Due to comment 6 I have decided that writing an article to use those instructions to check a PV has no value, due to not being able to work in a normal production environment. If anyone feels strongly that this should be added then I'll gladly do so.

Moving to ON_QA


Note You need to log in before you can comment on or make changes to this bug.