On 6/25/2015 3:59 AM, Sylvain Bauza wrote:
Le 24/06/2015 19:56, Joe Gordon a écrit :
On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza > wrote:
Hi team,
Some discussion occurred over IRC about a bug which was publicly
open related to
Le 23/09/2015 15:31, Matt Riedemann a écrit :
On 6/25/2015 3:59 AM, Sylvain Bauza wrote:
Le 24/06/2015 19:56, Joe Gordon a écrit :
On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza > wrote:
Hi team,
Some discussion occurred over IRC
On 9/23/2015 10:00 AM, Sylvain Bauza wrote:
Le 23/09/2015 15:31, Matt Riedemann a écrit :
On 6/25/2015 3:59 AM, Sylvain Bauza wrote:
Le 24/06/2015 19:56, Joe Gordon a écrit :
On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza > wrote:
Hi
-Original Message-
From: John Garbutt [mailto:j...@johngarbutt.com]
Sent: Thursday, June 25, 2015 2:22 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] How to properly detect and fence a
compromised host (and why I dislike
On 24 June 2015 at 09:35, Dulko, Michal michal.du...@intel.com wrote:
-Original Message-
From: Sylvain Bauza [mailto:sba...@redhat.com]
Sent: Wednesday, June 24, 2015 9:39 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] How to
On 25 June 2015 at 14:09, Dulko, Michal michal.du...@intel.com wrote:
-Original Message-
From: John Garbutt [mailto:j...@johngarbutt.com]
Sent: Thursday, June 25, 2015 2:22 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] How to
-Original Message-
From: ext John Garbutt [mailto:j...@johngarbutt.com]
Sent: Thursday, June 25, 2015 4:39 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] How to properly detect and fence a
compromised host (and why I dislike
Le 24/06/2015 19:56, Joe Gordon a écrit :
On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza sba...@redhat.com
mailto:sba...@redhat.com wrote:
Hi team,
Some discussion occurred over IRC about a bug which was publicly
open related to TrustedFilter [1]
I want to take the
Only if all the hosts managed by OpenStack are capable for measured boot
process, then let 3rd-party tool call nova fencing API might be better than
using TrustedFilter.
But if not all the hosts support measured boot, then with TrustedFilter we can
schedule VM to only measured and trusted
(general point, could we please try not top-posting ? It makes a little
harder to follow the conversation)
Replies inline.
Le 24/06/2015 08:15, Wei, Gang a écrit :
Only if all the hosts managed by OpenStack are capable for measured boot
process, then let 3rd-party tool call nova fencing API
-Original Message-
From: Sylvain Bauza [mailto:sba...@redhat.com]
Sent: Wednesday, June 24, 2015 9:39 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] How to properly detect and fence a
compromised host (and why I dislike
Le 24/06/2015 10:35, Dulko, Michal a écrit :
-Original Message-
From: Sylvain Bauza [mailto:sba...@redhat.com]
Sent: Wednesday, June 24, 2015 9:39 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [nova] How to properly detect and fence a
On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza sba...@redhat.com wrote:
Hi team,
Some discussion occurred over IRC about a bug which was publicly open
related to TrustedFilter [1]
I want to take the opportunity for raising my concerns about that specific
filter, why I dislike it and how I
Would like to add to Shane's points below.
1) The Trust filter can be treated as an API, with different underlying
implementations. Its default could even be Not Implemented and always return
false.
And Nova.conf could specify use the OAT trust implementation. This would
not break present
AFAIK, TrustedFilter is using a sort of cache to cache the trusted state, which
is designed to solve the performance issue mentioned here.
My thoughts for deprecating it are:
#1. We already have customers here in China who are using that filter. How are
they going to do upgrade in the future?
I agree. I feel like this is another example of functionality which is
trivially implemented outside nova, and where it works much better if
we don't do it. Couldn't an admin just have a cron job which verifies
hosts, and then adds them to a compromised-hosts host aggregate if
they're owned? I
16 matches
Mail list logo