Hi All,
I am trying to get trusted compute pools working in my installation of open
stack Folsom but so far am unable to get it to work. Currently when I spawn a
new instance I don't see any interaction with the attestation server and the
instance spawns just fine on a untrusted host. I have followed all the
documentation I could find on TCP
(http://wiki.openstack.org/TrustedComputingPools ,
https://github.com/openstack/nova/blob/stable/folsom/nova/scheduler/filters/trusted_filter.py
) but am still having no luck so I am hoping I missed something while setting
it up. Hopefully someone can point out what I am doing wrong.
Steps to Setup TCP:
1. Set the following value in nova.conf
scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
2. Add "trusted_computing" section to nova.conf
[trusted_computing]
server=10.x.x.x
port=8181
server_ca_file=/etc/nova/ssl.10.1.71.206.crt
api_url=/AttestationService/resources/PollHosts
auth_blob=i-am-openstack
3. Add the "trusted" requirement to an existing flavor by running
nova-manage instance_type set_key m1.tiny trust:trusted_host trusted
4. Restart nova-compute and nova-scheduler service
At this point I test it by going to openstack page -> projects -> instances and
launching a new instance of m1.tiny. At this point I should see a connection
attempt on the attestion server (which I don't) and then the instance fail to
launch (which it doesn't) since the host is untrusted. My version of open
stack is Folsom and nova is 2012.2.
Hopefully someone can point out my mistake or what I am missing.
-Stewart
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
