> Maybe it wasn't clear but I'm not advocating that we block the change
> until volume-backed instances are supported with trusted certs. I'm
> suggesting we add a policy rule which allows deployers to at least
> disable it via policy if it's not supported for their cloud.
That's fine with me,
On 04/18/2018 01:14 PM, Matt Riedemann wrote:
On 4/18/2018 12:09 PM, Chris Friesen wrote:
If this happens, is it clear to the end-user that the reason the boot
failed is that the cloud doesn't support trusted cert IDs for
boot-from-vol? If so, then I think that's totally fine.
If you're
On 4/18/2018 12:09 PM, Chris Friesen wrote:
If this happens, is it clear to the end-user that the reason the boot
failed is that the cloud doesn't support trusted cert IDs for
boot-from-vol? If so, then I think that's totally fine.
If you're creating an image-backed server and requesting
On 4/18/2018 11:57 AM, Jay Pipes wrote:
There is a compute REST API change proposed [1] which will allow users
to pass trusted certificate IDs to be used with validation of images
when creating or rebuilding a server. The trusted cert IDs are based
on certificates stored in some key manager,
On 04/18/2018 10:57 AM, Jay Pipes wrote:
On 04/18/2018 12:41 PM, Matt Riedemann wrote:
There is a compute REST API change proposed [1] which will allow users to pass
trusted certificate IDs to be used with validation of images when creating or
rebuilding a server. The trusted cert IDs are based
On 04/18/2018 12:41 PM, Matt Riedemann wrote:
There is a compute REST API change proposed [1] which will allow users
to pass trusted certificate IDs to be used with validation of images
when creating or rebuilding a server. The trusted cert IDs are based on
certificates stored in some key
There is a compute REST API change proposed [1] which will allow users
to pass trusted certificate IDs to be used with validation of images
when creating or rebuilding a server. The trusted cert IDs are based on
certificates stored in some key manager, e.g. Barbican.
The full nova spec is