Den fre 27 juli 2018 kl 21:20 skrev Patrick Donnelly <pdonn...@redhat.com>:
> > > as part of deprovisioning customers, we regularly have the task of > > wiping their Ceph clusters. Is there a certifiable, GDPR compliant way > > to do so without physically shredding the disks? > > This should work and should be as fast as it can be: > wipefs -a /dev/sdX > shred /dev/sdX > > Whether or not that's "GDPR compliant" will depend on external > certification, I guess. > > (The issues might be that you can't guarantee all blocks in an SSD/HDD > are actually erased because the device firmware may retire bad blocks > and make them inaccessible. It may not be possible for the device to > physically destroy those blocks either even with SMART directives. You > may be stuck with an industrial shredder to be compliant if the rules > are stringent.) > > This is an issue that annoys me really much. If you run dban ISO wipe, or the above commands, or dd /dev/random to each and every usable sector of the drive, it will be super-cleaned. I would dare say that none on this maillist could get useful data out of it to save their lives, and the lives of their family members. Still people (and/or auditors who make a living out of this) will invent ways for hard drive heads to be slightly out of alignment or remapped sectors that would show up magically at auditing time but not in any other case. So if you wipe,overwrite,rewrite and do all the magic tricks to make each read byte on the drive give you new data and none of the old I (personally) think it should be compliantly wiped and anyone that "knows" a way to get the drive to magically start serving old stale ceph data via the OSDs are quite welcome to provide me with such a program. I will make a killing on backup / restore that utilizes this kind of magic to get wiped data back. Not that I am any kind of laywer or anything, but if a customer needs to run a ton of data over ceph (or any other storage) and demands wiping on the way out, it would either be for them to pay enough so you can destruct the drives and replace them, or they should only write down encrypted data (should be easy for VMs with ceph backend storage) and then throw away the key to the data which you never saw. Not doing their part to prevent reading of said data, and not paying you for costs which compliance says is unavoidable if no wiping is ever good enough seems like a poor relationship and only drives such customers to some provider that will be prone to lie to them in order to not push the real costs over to customers. -- May the most significant bit of your life be positive.
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
