Enabling the Ironic Automated cleaning in OpenStack-Ansible is recommended for every deployment. While this is an "optional" setting, it should be enabled for general stability and data security; if you're not familiar with the Ironic cleaning service please review the documentation found here. Sadly the automated cleaning service can not be enabled by default because it requires access to a Neutron tenant network, which is not created for you by OpenStack-Ansible. However, the cleaning service can easily be enabled after the completion of the initial deployment.
To enable the cleaning service edit the file
/etc/openstack_deploy/user_variables.yml adding the following:
# This is setup for the cleaning network. This must be configured as a post deployment step as # it requires the UUID of the cleaning netowrk. ironic_ironic_conf_overrides: neutron: cleaning_network_uuid: "UUID_OF_NEUTRON_TENANT_NETWORK" conductor: automated_clean: true deploy: shred_random_overwrite_iterations: 0 shred_final_overwrite_with_zeros: false continue_if_disk_secure_erase_fails: false power_off_after_deploy_failure: true default_boot_option: local
Now, if you've not done so already, create a tenant network for use with Ironic.
openstack-ansible os-ironic-install.yml --tags ironic-config. Once the command has finished, Ironic will automatically clean all nodes as they're enrolled or released back to the node pool.