diff options
author | Zuul <zuul@review.opendev.org> | 2020-09-06 11:21:35 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2020-09-06 11:21:35 +0000 |
commit | c2db0bbac30eb676a652abbb38fda72a6a43a71a (patch) | |
tree | 295d2835799546f5bcaba3eac47650395f83b7fb /doc | |
parent | edb1baa2dbc4a8e61cbb3c99b88bc98c3defa33c (diff) | |
parent | 9fb4074bfef7b6e4ead7d3cedf7120668966eaa1 (diff) | |
download | ironic-c2db0bbac30eb676a652abbb38fda72a6a43a71a.tar.gz |
Merge "OOB one button secure erase for iLO5 based HPE Proliant servers."
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/admin/drivers/ilo.rst | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/doc/source/admin/drivers/ilo.rst b/doc/source/admin/drivers/ilo.rst index 43026e8d9..9d98bdbeb 100644 --- a/doc/source/admin/drivers/ilo.rst +++ b/doc/source/admin/drivers/ilo.rst @@ -61,6 +61,7 @@ features: * `Out of Band RAID Support`_ * `Out of Band Sanitize Disk Erase Support`_ +* `Out of Band One Button Secure Erase Support`_ Hardware interfaces ^^^^^^^^^^^^^^^^^^^ @@ -2008,9 +2009,57 @@ The default erase pattern are, for HDD, 'overwrite' and for SSD, 'block'. 9 hours and 300GB SSD with default pattern "block" would take approx. 30 seconds to complete the erase. +Out of Band One Button Secure Erase Support +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +With Gen10 HPE Proliant servers which have been updated with SPP version 2019.03.0 +or later the ``ilo5`` hardware type supports firmware based one button secure erase +as a clean step. + +The One Button Secure Erase resets iLO and deletes all licenses stored there, resets +BIOS settings, and deletes all Active Health System (AHS) and warranty data stored on +the system. It also erases supported non-volatile storage data and deletes any +deployment settings profiles. See `HPE Gen10 Security Reference Guide`_ for more +information. + +Below are the steps to perform this clean step: + +* Perform the cleaning using 'one_button_secure_erase' clean step + +.. code-block:: console + + openstack baremetal node clean test_node --clean-steps\ + '[{"interface": "management", "step": "one_button_secure_erase"}]' + +* Once the clean step would triggered and node go to 'clean wait' state and + 'maintenance' flag on node would be set to 'True', then delete the node + +.. code-block:: console + + openstack baremetal node delete test_node + +.. note:: + * Even after deleting the node, One Button Secure Erase operation would continue + on the node. + + * This clean step should be kept last if the multiple clean steps are to be executed. + No clean step after this step would be executed. + + * One Button Secure Erase should be used with extreme caution, and only when a system + is being decommissioned. During the erase the iLO network would keep disconnecting + and after the erase user will completly lose iLO access along with the credentials + of the server, which needs to be regained by the administrator. The process can take + up to a day or two to fully erase and reset all user data. + + * When you activate One Button Secure Erase, iLO 5 does not allow firmware update + or reset operations. + +.. note:: + Do not perform any iLO 5 configuration changes until this process is completed. + .. _`ssacli documentation`: https://support.hpe.com/hpsc/doc/public/display?docId=c03909334 .. _`proliant-tools`: https://docs.openstack.org/diskimage-builder/latest/elements/proliant-tools/README.html .. _`HPE iLO4 User Guide`: https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=c03334051 +.. _`HPE Gen10 Security Reference Guide`: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00018320en_us .. _`iLO 4 management engine`: https://www.hpe.com/us/en/servers/integrated-lights-out-ilo.html .. _`iLO 5 management engine`: https://www.hpe.com/us/en/servers/integrated-lights-out-ilo.html#innovations .. _`Redfish`: https://www.dmtf.org/standards/redfish |