Skip to content

Decommissioning

Decommissioning is the process of retiring a machine from active service in DRP. This may involve wiping the machine's disks to remove sensitive data, returning the machine to a resource pool for reuse, or removing it from the DRP inventory entirely. Decommissioning is the final phase of the machine lifecycle and is symmetric with provisioning: the same workflow and task system that provisions a machine also drives decommissioning.

Decommission Workflow Steps

A typical decommission workflow proceeds in stages:

  1. Pre-decommission notification — Optionally run tasks to notify upstream systems (CMDBs, asset management, monitoring) that the machine is leaving service. This is often done via webhook tasks or Ansible playbooks.
  2. Data wipe — Run a destructive storage task to overwrite disks, preventing data recovery. DRP includes the sledgehammer-destructive-storage task for this purpose. The Blancco integration provides certified erasure with audit reporting where compliance is required.
  3. Hardware reset — Reset BIOS/UEFI settings, IPMI credentials, and RAID configuration to factory defaults so the machine is ready for its next use.
  4. Return to pool or remove from inventory — Either return the machine to a resource broker pool (so it can be reallocated to a new workload) or remove it from DRP entirely.

Returning a Machine to a Resource Pool

When using the Universal Resource Broker (see Universal Resource Broker Operations), a decommissioned machine can be returned to a pool rather than removed from DRP. The pool broker workflow handles cleanup and places the machine back in the available pool. The broker/pool-return-workflow parameter controls which workflow is run when a machine is returned.

Bash
# Return a machine to its pool using drpcli
drpcli machines workflow <machine-uuid> pool-return

Removing a Machine from DRP Inventory

When a machine is to be permanently retired, delete it from DRP after the wipe workflow completes:

Bash
# List machines and find the one to remove
drpcli machines list | jq '.[] | {Name, Uuid, Address}'

# Delete the machine record
drpcli machines destroy <machine-uuid>

# Remove any static reservations associated with the machine
drpcli reservations destroy <mac-address>

If the machine has a static DHCP reservation, remove it as well so the IP address is returned to the pool. Profiles and parameters specific to the machine are automatically removed when the machine object is deleted.

Disk Wiping

For environments that require secure data erasure before hardware retirement or reuse, DRP provides the sledgehammer-destructive-storage task in the task-library content pack. This task boots the machine into the Sledgehammer discovery environment and overwrites all detected disks. For certified erasure with compliance audit trails, the Blancco content pack integrates the Blancco LUN Eraser into a DRP workflow.

Monitoring and Auditing Decommissions

DRP records all machine state transitions and workflow completions in its event stream. The auditor plugin (see Audit Framework) or the event-router plugin can capture decommission events for compliance reporting. Use drpcli events to stream events or query completed jobs:

Bash
# Show the last 20 jobs for a machine (including decommission tasks)
drpcli jobs list | jq '[.[] | select(.Machine == "<machine-uuid>")] | sort_by(.StartTime) | reverse | .[0:20]'