Add knob for read-only and "erase_devices"

In https://review.opendev.org/#/c/704725 we merged a change to
allow the agent to navigate read-only block devices. By default
we always failed on the more secure "erase_devices" clean step as
meta-data only erasure still leaves any sensitive information on
the storage medium.

That being said, it may be operationally okay for read-only devices
to be ignored during the "erase_devices" clean step. Only the
operator can make that call, and we should enable them to be able
to assert that in the configuration to IPA.

Change-Id: I475f0215eb0bd149c2d21e6962429181b63e8bdb

1 files changed, 11 insertions, 0 deletions

diff --git a/ironic/conf/deploy.py b/ironic/conf/deploy.py
index 8be4758b0..cae1b123f 100644
--- a/ironic/conf/deploy.py
+++ b/ironic/conf/deploy.py
@@ -147,6 +147,17 @@ opts = [
                       'Test" and typical ramdisk start-up. This value should '
                       'not exceed the [api]ramdisk_heartbeat_timeout '
                       'setting.')),
+    cfg.BoolOpt('erase_skip_read_only',
+                default=False,
+                mutable=True,
+                help=_('If the ironic-python-agent should skip read-only '
+                       'devices when running the "erase_devices" clean step '
+                       'where block devices are zeroed out. This requires '
+                       'ironic-python-agent 6.0.0 or greater. By default '
+                       'a read-only device will cause non-metadata based '
+                       'cleaning operations to fail due to the possible '
+                       'operational security risk of data being retained '
+                       'between deployments of the bare metal node.')),
 ]