diff --git a/cinder/tests/unit/test_volume_utils.py b/cinder/tests/unit/test_volume_utils.py index 30e9a7df694..56f9a65146e 100644 --- a/cinder/tests/unit/test_volume_utils.py +++ b/cinder/tests/unit/test_volume_utils.py @@ -437,24 +437,33 @@ class ClearVolumeTestCase(test.TestCase): @mock.patch('cinder.utils.execute') @mock.patch('cinder.volume.utils.CONF') def test_clear_volume_shred(self, mock_conf, mock_exec): + # 'shred' now uses 'dd'. Remove this test when + # support for 'volume_clear=shred' is removed. mock_conf.volume_clear = 'shred' mock_conf.volume_clear_size = 1 mock_conf.volume_clear_ionice = None + mock_conf.volume_dd_blocksize = '1M' output = volume_utils.clear_volume(1024, 'volume_path') self.assertIsNone(output) - mock_exec.assert_called_once_with( - 'shred', '-n3', '-s1MiB', "volume_path", run_as_root=True) + mock_exec.assert_called_with( + 'dd', 'if=/dev/zero', 'of=volume_path', 'count=1', 'bs=1M', + 'oflag=direct', run_as_root=True) @mock.patch('cinder.utils.execute') @mock.patch('cinder.volume.utils.CONF') def test_clear_volume_shred_not_clear_size(self, mock_conf, mock_exec): + # 'shred' now uses 'dd'. Remove this test when + # support for 'volume_clear=shred' is removed. mock_conf.volume_clear = 'shred' mock_conf.volume_clear_size = None mock_conf.volume_clear_ionice = None + mock_conf.volume_dd_blocksize = '1M' + mock_conf.volume_clear_size = 1 output = volume_utils.clear_volume(1024, 'volume_path') self.assertIsNone(output) - mock_exec.assert_called_once_with( - 'shred', '-n3', "volume_path", run_as_root=True) + mock_exec.assert_called_with( + 'dd', 'if=/dev/zero', 'of=volume_path', 'count=1', 'bs=1M', + 'oflag=direct', run_as_root=True) @mock.patch('cinder.volume.utils.CONF') def test_clear_volume_invalid_opt(self, mock_conf): diff --git a/cinder/volume/utils.py b/cinder/volume/utils.py index 53fd2bdb7cb..641134b3dbf 100644 --- a/cinder/volume/utils.py +++ b/cinder/volume/utils.py @@ -488,6 +488,11 @@ def clear_volume(volume_size, volume_path, volume_clear=None, LOG.info(_LI("Performing secure delete on volume: %s"), volume_path) + if volume_clear == 'shred': + LOG.warning(_LW("volume_clear=shred has been deprecated and will " + "be removed in the next release. Clearing with dd.")) + volume_clear = 'zero' + # We pass sparse=False explicitly here so that zero blocks are not # skipped in order to clear the volume. if volume_clear == 'zero': @@ -496,26 +501,11 @@ def clear_volume(volume_size, volume_path, volume_clear=None, sync=True, execute=utils.execute, ionice=volume_clear_ionice, throttle=throttle, sparse=False) - elif volume_clear == 'shred': - clear_cmd = ['shred', '-n3'] - if volume_clear_size: - clear_cmd.append('-s%dMiB' % volume_clear_size) else: raise exception.InvalidConfigurationValue( option='volume_clear', value=volume_clear) - clear_cmd.append(volume_path) - start_time = timeutils.utcnow() - utils.execute(*clear_cmd, run_as_root=True) - duration = timeutils.delta_seconds(start_time, timeutils.utcnow()) - - # NOTE(jdg): use a default of 1, mostly for unit test, but in - # some incredible event this is 0 (cirros image?) don't barf - if duration < 1: - duration = 1 - LOG.info(_LI('Elapsed time for clear volume: %.2f sec'), duration) - def supports_thin_provisioning(): return brick_lvm.LVM.supports_thin_provisioning( diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters index 925df2d4482..db642f3a00e 100644 --- a/etc/cinder/rootwrap.d/volume.filters +++ b/etc/cinder/rootwrap.d/volume.filters @@ -65,10 +65,6 @@ lvconvert: CommandFilter, lvconvert, root # cinder/volume/driver.py: 'iscsiadm', '-m', 'node', '-T', ... iscsiadm: CommandFilter, iscsiadm, root -# cinder/volume/drivers/lvm.py: 'shred', '-n3' -# cinder/volume/drivers/lvm.py: 'shred', '-n0', '-z', '-s%dMiB' -shred: CommandFilter, shred, root - # cinder/volume/utils.py: utils.temporary_chown(path, 0) chown: CommandFilter, chown, root