search

CCI-MOC / ops-issues

2 stars 0 forks source link

Wipe or destroy drives and generate a report of what drives were wiped #933

Closed joachimweyl closed 1 year ago

joachimweyl commented 1 year ago

OR pay someone else to do this.

joachimweyl commented 1 year ago

an alternative option was to get a hardware-based hard drive wiping tool so we don't have to have all of these servers on to do the wipe. This does require pulling the hard drives out of the servers though. Another possible alternative to writing code to erase them is to see if maas has something already written for this purpose.

msdisme commented 1 year ago

@hakasapl which device of the 4 on this page: https://www.amazon.com/StarTech-com-Hard-Drive-Eraser-SDOCK1EU3P2/dp/B073X3YZNL/ref=sr_1_1?crid=2914JNHE78F15&keywords=hdd%2Bwiper&sprefix=hdd%2Bwiper%2Caps%2C92&sr=8-1&ufe=app_do%3Aamzn1.fos.ac2169a1-b668-44b9-8bd0-5ec63b24bcb5&th=1

msdisme commented 1 year ago

@naved001 to explore MAAS options when time permits - may end up bumping to another person due to billing prioritization

larsks commented 1 year ago

While the redfish firmware on the openstack hosts advertises a "SecureErase" action:


{
  "@odata.context": "/redfish/v1/$metadata#Drive.Drive",
  "@odata.id": "/redfish/v1/Systems/System.Embedded.1/Storage/Drives/Disk.Bay.0:Enclosure.Internal.0-1:RAID.Integrated.1-1/",
  "@odata.type": "#Drive.v1_3_0.Drive",
  "Actions": {
    "#Drive.SecureErase": {
      "target": "/redfish/v1/Systems/System.Embedded.1/Storage/Drives/Disk.Bay.0:Enclosure.Internal.0-1:RAID.Integrated.1-1//Actions/Drive.SecureErase"
    }
  },
.
.
.

It doesn't look like this action is actually supported on our hardware. Attempting to use it results in:

{
  "error": {
    "@Message.ExtendedInfo": [
      {
        "Message": "Unable to complete the operation.",
        "MessageArgs": [],
        "MessageArgs@odata.count": 0,
        "MessageId": "IDRAC.1.6.STOR006",
        "RelatedProperties": [],
        "RelatedProperties@odata.count": 0,
        "Resolution": "Retry the operation. If the issue persists, contact your service provider.",
        "Severity": "Critical"
      }
    ],
    "code": "Base.1.2.GeneralError",
    "message": "A general error has occurred. See ExtendedInfo for more information"
  }
}

The documentation says "This action is used to perform instant Secure Erase on ISE-compliant HDDs, SEDs, SSDs, and NVME SSDs. It does not require any input parameters.", and I'm not sure what counts as an "ISE-compliant" drive.

joachimweyl commented 1 year ago

Decision made to pay for these to be wiped. Awaiting destruction report

joachimweyl commented 1 year ago

@msdisme please add the contact information and name of the company that will be doing the destruction of these drives.

msdisme commented 1 year ago

query out with data center, else will be Flax vendor. Will add names here.

joachimweyl commented 1 year ago

Flax will be destroying the drives.

joachimweyl commented 1 year ago

I will reach out to Erik to get the contact at IT Renew for the destruction report

joachimweyl commented 1 year ago

IT Renew will be destroying the drives. They will send us a bill and the destroy list.

msdisme commented 1 year ago

@er1p do you have an eta on wipe reports/invoice?

joachimweyl commented 1 year ago

reached out to @er1p on Slack to try to get focus on this issue

joachimweyl commented 1 year ago

report