Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume
Oh, I missed that configuration. Thanks very much! On Wed, Nov 18, 2015 at 9:21 PM, Duncan Thomas wrote: > For the LVM and raw block device drivers, there is already an option to do > that - set volume_clear to 'zero' in cinder.conf > > If you want this for other drivers, then the code could easily be adopted, > however I would question whether it is a good idea - the I/O load of > zeroing out volumes is very large, and can easily overshadow the other I/O > on the system significantly. > > If you are using the LVM driver, I'd suggest investigating the thin > provisioning options, since they provide similar levels of tenant security > (though not disk disposal security) with far better performance. > > On 18 November 2015 at 10:03, Young Yang wrote: > >> >> There are some sensitive data in my volume. >> I hope openstack can completely erase all the data (e.g. overwrite the >> whole volume will 0 bits) when deleting a cinder volume. >> >> I plan to write some code to make Openstack to mount that volume and >> rewrite the whole volume with 0 bits. >> >> But I'm wondering if there is any better way to accomplish that. >> >> Thanks in advance! :) >> >> >> >> >> __ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > -- > Duncan Thomas > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume
For the LVM and raw block device drivers, there is already an option to do that - set volume_clear to 'zero' in cinder.conf If you want this for other drivers, then the code could easily be adopted, however I would question whether it is a good idea - the I/O load of zeroing out volumes is very large, and can easily overshadow the other I/O on the system significantly. If you are using the LVM driver, I'd suggest investigating the thin provisioning options, since they provide similar levels of tenant security (though not disk disposal security) with far better performance. On 18 November 2015 at 10:03, Young Yang wrote: > > There are some sensitive data in my volume. > I hope openstack can completely erase all the data (e.g. overwrite the > whole volume will 0 bits) when deleting a cinder volume. > > I plan to write some code to make Openstack to mount that volume and > rewrite the whole volume with 0 bits. > > But I'm wondering if there is any better way to accomplish that. > > Thanks in advance! :) > > > > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- -- Duncan Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume
On 18/11, Young Yang wrote: > There are some sensitive data in my volume. > I hope openstack can completely erase all the data (e.g. overwrite the > whole volume will 0 bits) when deleting a cinder volume. > > I plan to write some code to make Openstack to mount that volume and > rewrite the whole volume with 0 bits. > > But I'm wondering if there is any better way to accomplish that. > > Thanks in advance! :) > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Hi, Cinder already does that by default. Clearing of deleted volumes is controlled by "volume_clear" configuration option which has a default of "zero". Available values are "none", "zero" and "shred". Cheers, Gorka. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume
There are some sensitive data in my volume. I hope openstack can completely erase all the data (e.g. overwrite the whole volume will 0 bits) when deleting a cinder volume. I plan to write some code to make Openstack to mount that volume and rewrite the whole volume with 0 bits. But I'm wondering if there is any better way to accomplish that. Thanks in advance! :) __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev