Public bug reported:
compute-trust.json provides such properties for trust filter:
"properties": {
"trust:trusted_host": {
"title": "Intel® TXT attestation",
"description": "Select to ensure that node has been attested by
Intel® Trusted Execution Technology (Intel® TXT).",
"type": "boolean"
}
}
This means that actually we require True/False values for trust levels.
This does not match with how Trust Filter works (comment from trust
filter):
Filter that only schedules tasks on a host if the integrity (trust)
of that host matches the trust requested in the ``extra_specs`` for the
flavor. The ``extra_specs`` will contain a key/value pair where the
key is ``trust``. The value of this pair (``trusted``/``untrusted``) must
match the integrity of that host (obtained from the Attestation
service) before the task can be scheduled on that host.
There is also level 'unknown' available:
def _init_cache_entry(self, host):
self.compute_nodes[host] = {
'trust_lvl': 'unknown',
'vtime': timeutils.normalize_time(
timeutils.parse_isotime("1970-01-01T00:00:00Z"))}
This means that compute-trust.json should be changed to match trust
levels that are expected by Trust Filter.
** Affects: glance
Importance: Undecided
Assignee: Pawel Koniszewski (pawel-koniszewski)
Status: New
** Changed in: glance
Assignee: (unassigned) => Pawel Koniszewski (pawel-koniszewski)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1369581
Title:
compute-trust.json provides invalid data for trust filter
Status in OpenStack Image Registry and Delivery Service (Glance):
New
Bug description:
compute-trust.json provides such properties for trust filter:
"properties": {
"trust:trusted_host": {
"title": "Intel® TXT attestation",
"description": "Select to ensure that node has been attested by
Intel® Trusted Execution Technology (Intel® TXT).",
"type": "boolean"
}
}
This means that actually we require True/False values for trust
levels. This does not match with how Trust Filter works (comment from
trust filter):
Filter that only schedules tasks on a host if the integrity (trust)
of that host matches the trust requested in the ``extra_specs`` for the
flavor. The ``extra_specs`` will contain a key/value pair where the
key is ``trust``. The value of this pair (``trusted``/``untrusted``) must
match the integrity of that host (obtained from the Attestation
service) before the task can be scheduled on that host.
There is also level 'unknown' available:
def _init_cache_entry(self, host):
self.compute_nodes[host] = {
'trust_lvl': 'unknown',
'vtime': timeutils.normalize_time(
timeutils.parse_isotime("1970-01-01T00:00:00Z"))}
This means that compute-trust.json should be changed to match trust
levels that are expected by Trust Filter.
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1369581/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
