Hi all, We have a few nodes with Dell ExpressFlash PCIe SSDs with which we are using Nova pci passthrough associated with special flavors to handle device assignment, but we need a way to clean up the device contents for privacy/security. Wondering if anyone can provide pointers/comments/experience on such things.
I see libvirt has the ability to add hooks, the closest of which seems to be the qemu release hook (though not sure if this is right to match instance terminate). I guess if that is appropriate we could hack something together which: 1) parsed the domain xml to find the appropriate pci BDF of the device/s in question 2) then we'd have to unbind them from the pci-stub module so the host could access them 3) then I suppose dd zero the /dev/rssd* nodes 4) rebind the device with pci-stub 5) exit 0 Before we try that path, have others have been-there done-that? -- Cheers, ~Blairo _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
