subject:"\[openstack\-dev\] Is there any way I can completely erase all the data when deleting a cinder volume"

Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

2015-11-19 Thread Young Yang

Oh, I missed that configuration.
Thanks very much!

On Wed, Nov 18, 2015 at 9:21 PM, Duncan Thomas 
wrote:

> For the LVM and raw block device drivers, there is already an option to do
> that - set volume_clear to 'zero' in cinder.conf
>
> If you want this for other drivers, then the code could easily be adopted,
> however I would question whether it is a good idea - the I/O load of
> zeroing out volumes is very large, and can easily overshadow the other I/O
> on the system significantly.
>
> If you are using the LVM driver, I'd suggest investigating the thin
> provisioning options, since they provide similar levels of tenant security
> (though not disk disposal security) with far better performance.
>
> On 18 November 2015 at 10:03, Young Yang  wrote:
>
>>
>> There are some sensitive data in my volume.
>> I hope openstack can completely erase all the data (e.g. overwrite the
>> whole volume will 0 bits) when deleting a cinder volume.
>>
>> I plan to write some code to make Openstack to mount that volume and
>> rewrite the whole volume with 0 bits.
>>
>> But I'm wondering if there is any better way to accomplish that.
>>
>> Thanks in advance! :)
>>
>>
>>
>>
>> __
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> --
> Duncan Thomas
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

2015-11-18 Thread Gorka Eguileor

On 18/11, Young Yang wrote:
> There are some sensitive data in my volume.
> I hope openstack can completely erase all the data (e.g. overwrite the
> whole volume will 0 bits) when deleting a cinder volume.
> 
> I plan to write some code to make Openstack to mount that volume and
> rewrite the whole volume with 0 bits.
> 
> But I'm wondering if there is any better way to accomplish that.
> 
> Thanks in advance! :)

> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Hi,

Cinder already does that by default.

Clearing of deleted volumes is controlled by "volume_clear"
configuration option which has a default of "zero".

Available values are "none", "zero" and "shred".

Cheers,
Gorka.

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

2015-11-18 Thread Young Yang

There are some sensitive data in my volume.
I hope openstack can completely erase all the data (e.g. overwrite the
whole volume will 0 bits) when deleting a cinder volume.

I plan to write some code to make Openstack to mount that volume and
rewrite the whole volume with 0 bits.

But I'm wondering if there is any better way to accomplish that.

Thanks in advance! :)
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

2015-11-18 Thread Duncan Thomas

For the LVM and raw block device drivers, there is already an option to do
that - set volume_clear to 'zero' in cinder.conf

If you want this for other drivers, then the code could easily be adopted,
however I would question whether it is a good idea - the I/O load of
zeroing out volumes is very large, and can easily overshadow the other I/O
on the system significantly.

If you are using the LVM driver, I'd suggest investigating the thin
provisioning options, since they provide similar levels of tenant security
(though not disk disposal security) with far better performance.

On 18 November 2015 at 10:03, Young Yang  wrote:

>
> There are some sensitive data in my volume.
> I hope openstack can completely erase all the data (e.g. overwrite the
> whole volume will 0 bits) when deleting a cinder volume.
>
> I plan to write some code to make Openstack to mount that volume and
> rewrite the whole volume with 0 bits.
>
> But I'm wondering if there is any better way to accomplish that.
>
> Thanks in advance! :)
>
>
>
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>

-- 
-- 
Duncan Thomas
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

[openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

Re: [openstack-dev] Is there any way I can completely erase all the data when deleting a cinder volume

4 matches

Site Navigation

Mail list logo

Footer information