subject:"Re\: \[openstack\-dev\] \[nova\] How to properly detect and fence a compromised host \(and why I dislike TrustedFilter\)"

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-09-23 Thread Matt Riedemann

On 6/25/2015 3:59 AM, Sylvain Bauza wrote: Le 24/06/2015 19:56, Joe Gordon a écrit : On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza > wrote: Hi team, Some discussion occurred over IRC about a bug which was publicly open related to

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-09-23 Thread Sylvain Bauza

Le 23/09/2015 15:31, Matt Riedemann a écrit : On 6/25/2015 3:59 AM, Sylvain Bauza wrote: Le 24/06/2015 19:56, Joe Gordon a écrit : On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza > wrote: Hi team, Some discussion occurred over IRC

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-09-23 Thread Matt Riedemann

On 9/23/2015 10:00 AM, Sylvain Bauza wrote: Le 23/09/2015 15:31, Matt Riedemann a écrit : On 6/25/2015 3:59 AM, Sylvain Bauza wrote: Le 24/06/2015 19:56, Joe Gordon a écrit : On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza > wrote: Hi

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-25 Thread Dulko, Michal

-Original Message- From: John Garbutt [mailto:j...@johngarbutt.com] Sent: Thursday, June 25, 2015 2:22 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-25 Thread John Garbutt

On 24 June 2015 at 09:35, Dulko, Michal michal.du...@intel.com wrote: -Original Message- From: Sylvain Bauza [mailto:sba...@redhat.com] Sent: Wednesday, June 24, 2015 9:39 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [nova] How to

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-25 Thread John Garbutt

On 25 June 2015 at 14:09, Dulko, Michal michal.du...@intel.com wrote: -Original Message- From: John Garbutt [mailto:j...@johngarbutt.com] Sent: Thursday, June 25, 2015 2:22 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [nova] How to

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-25 Thread Juvonen, Tomi (Nokia - FI/Espoo)

-Original Message- From: ext John Garbutt [mailto:j...@johngarbutt.com] Sent: Thursday, June 25, 2015 4:39 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-25 Thread Sylvain Bauza

Le 24/06/2015 19:56, Joe Gordon a écrit : On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza sba...@redhat.com mailto:sba...@redhat.com wrote: Hi team, Some discussion occurred over IRC about a bug which was publicly open related to TrustedFilter [1] I want to take the

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-24 Thread Wei, Gang

Only if all the hosts managed by OpenStack are capable for measured boot process, then let 3rd-party tool call nova fencing API might be better than using TrustedFilter. But if not all the hosts support measured boot, then with TrustedFilter we can schedule VM to only measured and trusted

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-24 Thread Sylvain Bauza

(general point, could we please try not top-posting ? It makes a little harder to follow the conversation) Replies inline. Le 24/06/2015 08:15, Wei, Gang a écrit : Only if all the hosts managed by OpenStack are capable for measured boot process, then let 3rd-party tool call nova fencing API

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-24 Thread Dulko, Michal

-Original Message- From: Sylvain Bauza [mailto:sba...@redhat.com] Sent: Wednesday, June 24, 2015 9:39 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-24 Thread Sylvain Bauza

Le 24/06/2015 10:35, Dulko, Michal a écrit : -Original Message- From: Sylvain Bauza [mailto:sba...@redhat.com] Sent: Wednesday, June 24, 2015 9:39 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [nova] How to properly detect and fence a

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-24 Thread Joe Gordon

On Tue, Jun 23, 2015 at 3:41 AM, Sylvain Bauza sba...@redhat.com wrote: Hi team, Some discussion occurred over IRC about a bug which was publicly open related to TrustedFilter [1] I want to take the opportunity for raising my concerns about that specific filter, why I dislike it and how I

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-23 Thread Bhandaru, Malini K

Would like to add to Shane's points below. 1) The Trust filter can be treated as an API, with different underlying implementations. Its default could even be Not Implemented and always return false. And Nova.conf could specify use the OAT trust implementation. This would not break present

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-23 Thread Wang, Shane

AFAIK, TrustedFilter is using a sort of cache to cache the trusted state, which is designed to solve the performance issue mentioned here. My thoughts for deprecating it are: #1. We already have customers here in China who are using that filter. How are they going to do upgrade in the future?

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

2015-06-23 Thread Michael Still

I agree. I feel like this is another example of functionality which is trivially implemented outside nova, and where it works much better if we don't do it. Couldn't an admin just have a cron job which verifies hosts, and then adds them to a compromised-hosts host aggregate if they're owned? I

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

Re: [openstack-dev] [nova] How to properly detect and fence a compromised host (and why I dislike TrustedFilter)

16 matches

Site Navigation

Mail list logo

Footer information