* Vishvananda Ishaya ([email protected]) wrote: > 1. add an admin api to add and remove hosts from an availabilty zone. Then > the component that is verifying trust could periodically check the hosts and > remove them from the trusted zone if they fail. The scheduler could just use > regular availability-zone scheduling to send the hosts to the trusted zone.
This makes sense to me. The trust state of a compute node is typically only measured at boot (although there are efforts to extend measurements beyond boot). Part of the attestation step could be gating whether a compute node can effectively join an availablity zone. > 2. rather than verify trust during schedule, provide an external service that > is exposed to users where they could verify trust. They could basically > request the trust state of an instance. The service would speak to nova > through an admin api to discover which host the instance is running on and > verify the trustedness of the host, and return "trusted" to the user if the > node passes. Seems this would allow a "Trust_lvl=Trusted" instance to run on an untrusted compute node until later polled? Probably not sufficient. thanks, -chris _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
