From d5b49bd498a2b1df683ec5b95d7747f7e7d37755 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Fri, 17 Jul 2020 15:41:30 +0200 Subject: [PATCH] Enable metadata cleaning by default We used to disable cleaning because only full disk cleaning was available. Enable metadata cleaning by default and add an option to enable full cleaning. Change-Id: Ie1198768889bd468176cd68c8ccb48791c724262 --- bifrost/cli.py | 5 +++++ doc/source/contributor/testenv.rst | 4 ---- doc/source/install/index.rst | 14 ++++++++------ playbooks/roles/bifrost-ironic-install/README.md | 8 ++++---- .../roles/bifrost-ironic-install/defaults/main.yml | 4 +++- .../templates/ironic.conf.j2 | 8 +++++++- playbooks/roles/bifrost-prep-for-install/README.md | 1 - .../defaults/main.yml | 1 + .../tasks/main.yml | 1 + playbooks/test-bifrost.yaml | 2 +- releasenotes/notes/cleaning-9b4241342320f315.yaml | 12 ++++++++++++ 11 files changed, 42 insertions(+), 18 deletions(-) create mode 100644 releasenotes/notes/cleaning-9b4241342320f315.yaml diff --git a/bifrost/cli.py b/bifrost/cli.py index ff6717dde..7816888cf 100644 --- a/bifrost/cli.py +++ b/bifrost/cli.py @@ -153,6 +153,7 @@ def cmd_install(args): use_public_urls=args.enable_keystone, noauth_mode=not args.enable_keystone, enabled_hardware_types=args.hardware_types, + cleaning_disk_erase=args.cleaning_disk_erase, testing=args.testenv, use_cirros=args.testenv, use_tinyipa=args.testenv, @@ -212,6 +213,10 @@ def parse_args(): default='ipmi,redfish,manual-management', help='a comma separated list of enabled bare metal ' 'hardware types') + install.add_argument('--cleaning-disk-erase', + action='store_true', default=False, + help='enable full disk cleaning between ' + 'deployments (can take a lot of time)') args = parser.parse_args() if getattr(args, 'func', None) is None: diff --git a/doc/source/contributor/testenv.rst b/doc/source/contributor/testenv.rst index d7afabc2c..efe117665 100644 --- a/doc/source/contributor/testenv.rst +++ b/doc/source/contributor/testenv.rst @@ -25,10 +25,6 @@ Command:: Note: -- Cleaning mode is explicitly disabled in the ``test-bifrost.yaml`` - playbook due to the fact that is an IO-intensive operation that can - take a great deal of time. - - In order to cap requirements for installation, an ``upper_constraints_file`` setting is defined. This is consuming the ``UPPER_CONSTRAINTS_FILE`` env var by default, to properly integrate with CI systems, and will default diff --git a/doc/source/install/index.rst b/doc/source/install/index.rst index 818408b1b..065916377 100644 --- a/doc/source/install/index.rst +++ b/doc/source/install/index.rst @@ -384,14 +384,16 @@ to prompt for the sudo password:: ansible-playbook -K -vvvv -i inventory/target install.yaml -With regard to testing, ironic's node cleaning capability is disabled by -default as it can be an unexpected surprise for a new user that their test -node is unusable for however long it takes for the disks to be wiped. +With regard to testing, ironic's node cleaning capability is enabled by +default, but only metadata cleaning is turned on, as it can be an unexpected +surprise for a new user that their test node is unusable for however long it +takes for the disks to be wiped. -If you wish to enable cleaning, you can achieve this by passing the option -``-e cleaning=true`` to the command line or executing the command below:: +If you wish to enable full cleaning, you can achieve this by passing the option +``-e cleaning_disk_erase=true`` to the command line or executing the command +below:: - ansible-playbook -K -vvvv -i inventory/target install.yaml -e cleaning=true + ansible-playbook -K -vvvv -i inventory/target install.yaml -e cleaning_disk_erase=true After you have performed an installation, you can edit ``/etc/ironic/ironic.conf`` to enable or disable cleaning as desired. diff --git a/playbooks/roles/bifrost-ironic-install/README.md b/playbooks/roles/bifrost-ironic-install/README.md index 22c15176e..d50bf8c2b 100644 --- a/playbooks/roles/bifrost-ironic-install/README.md +++ b/playbooks/roles/bifrost-ironic-install/README.md @@ -30,10 +30,11 @@ removes the previous contents of a node once it has been moved from an active to available state, such as setting the provision state to deleted. Bifrost disables this by default in order to allow initial users to not be impacted by node cleaning operations upfront when they are testing and -evaluating bifrost. In the event of a production deployment, cleaning -should be enabled. +evaluating bifrost. Only metadata cleaning is enabled by default, but any +production environment should have full cleaning enabled. -cleaning: false +cleaning: true +cleaning_disk_erase: false The ironic python client and openstacksdk libraries can be installed directly from Git. The default is to utilize pip to install the current versions in pypi, @@ -319,7 +320,6 @@ Example Playbook gather_facts: yes roles: - role: bifrost-ironic-install - cleaning: false testing: true network_interface: "virbr0" diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml index 9fd83b09e..8b94d7dff 100644 --- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml +++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml @@ -1,7 +1,9 @@ --- # Cleaning turns on ironic conductor clean_nodes flag # which causes the nodes to be wiped after deletion. -cleaning: false +cleaning: true +# Wipe all data from the disks rather than only the metadata. +cleaning_disk_erase: false # Enable fast_track mode for ironic which allows skipping a power # cycle diff --git a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 index e93739eae..875f9223b 100644 --- a/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 +++ b/playbooks/roles/bifrost-ironic-install/templates/ironic.conf.j2 @@ -65,9 +65,15 @@ http_url = http://{{ internal_ip }}:{{ file_url_port }}/ http_root = {{ http_boot_folder }} default_boot_option = local fast_track = {{ fast_track }} +{% if cleaning_disk_erase | bool %} +erase_devices_priority = 10 +erase_devices_metadata_priority = 0 +{% else %} +erase_devices_priority = 0 +erase_devices_metadata_priority = 10 +{% endif %} [conductor] -clean_nodes = {{ cleaning | lower }} automated_clean = {{ cleaning | lower }} deploy_kernel = {{ ipa_kernel_url }} deploy_ramdisk = {{ ipa_ramdisk_url }} diff --git a/playbooks/roles/bifrost-prep-for-install/README.md b/playbooks/roles/bifrost-prep-for-install/README.md index bd1b7fdc0..34c084674 100644 --- a/playbooks/roles/bifrost-prep-for-install/README.md +++ b/playbooks/roles/bifrost-prep-for-install/README.md @@ -101,7 +101,6 @@ Example Playbook roles: - { role: bifrost-prep-for-install, when: skip_install is not defined } - role: bifrost-ironic-install - cleaning: false testing: true License diff --git a/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml b/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml index 55c8c7cc1..8949c3347 100644 --- a/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml +++ b/playbooks/roles/bifrost-unprovision-node-dynamic/defaults/main.yml @@ -1,3 +1,4 @@ --- ironic_url: "http://localhost:6385/" noauth_mode: true +wait_for_node_undeploy: false diff --git a/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml b/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml index e23ce7288..273bc46fb 100644 --- a/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml +++ b/playbooks/roles/bifrost-unprovision-node-dynamic/tasks/main.yml @@ -43,3 +43,4 @@ name: "{{ name | default() }}" state: absent instance_info: "{}" + wait: "{{ wait_for_node_undeploy }}" diff --git a/playbooks/test-bifrost.yaml b/playbooks/test-bifrost.yaml index bc08eb9ad..e54286975 100644 --- a/playbooks/test-bifrost.yaml +++ b/playbooks/test-bifrost.yaml @@ -57,7 +57,6 @@ roles: - role: bifrost-keystone-install - role: bifrost-ironic-install - cleaning: false testing: true # NOTE(TheJulia): While the next step creates a ramdisk, some elements # do not support ramdisk-image-create as they invoke steps to cleanup @@ -142,6 +141,7 @@ gather_facts: no roles: - role: bifrost-unprovision-node-dynamic + wait_for_node_undeploy: true - role: ironic-delete-dynamic # The following tasks are intended to test DHCP functionality diff --git a/releasenotes/notes/cleaning-9b4241342320f315.yaml b/releasenotes/notes/cleaning-9b4241342320f315.yaml new file mode 100644 index 000000000..05a3aa604 --- /dev/null +++ b/releasenotes/notes/cleaning-9b4241342320f315.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + Metadata cleaning is now enabled by default, set ``cleaning`` to ``false`` + to disable completely. + - | + To enable full disk cleaning, set ``cleaning_disk_erase`` to ``true``. +upgrade: + - | + If you use ``cleaning=true`` to enable full disk cleaning, you need to + also set ``cleaning_disk_erase=true`` now. Omitting it will result in + only metadata cleaning enabled.