Emily Zhang has posted comments on this change.
Change subject: enigne:Trusted Compute Pools - Open Attestation integration
with oVirt engine proposal
......................................................................
Patch Set 3: (14 inline comments)
....................................................
File
backend/manager/dbscripts/upgrade/03_02_0340_add_trusted_service_to_vds_groups.sql
Line 1: select fn_db_add_column('vds_groups', 'trusted_service', 'boolean not
null default false');
Done
....................................................
File backend/manager/dbscripts/vds_groups_sp.sql
Line 24: v_migrate_on_error INTEGER,
Line 25: v_virt_service BOOLEAN,
Line 26: v_gluster_service BOOLEAN,
Line 27: v_tunnel_migration BOOLEAN,
Line 28: v _trusted_service BOOLEAN)
Done
Line 29: RETURNS VOID
Line 30: AS $procedure$
Line 31: BEGIN
Line 32: INSERT INTO vds_groups(vds_group_id,description, name, cpu_name,
selection_algorithm, high_utilization, low_utilization,
Line 24: v_migrate_on_error INTEGER,
Line 25: v_virt_service BOOLEAN,
Line 26: v_gluster_service BOOLEAN,
Line 27: v_tunnel_migration BOOLEAN,
Line 28: v _trusted_service BOOLEAN)
sure.
Line 29: RETURNS VOID
Line 30: AS $procedure$
Line 31: BEGIN
Line 32: INSERT INTO vds_groups(vds_group_id,description, name, cpu_name,
selection_algorithm, high_utilization, low_utilization,
Line 202: AS $procedure$
Line 203: BEGIN
Line 204: RETURN QUERY SELECT vds_groups.*
Line 205: FROM vds_groups
Line 206: WHERE trusted_service=true;
Done
Line 207: END; $procedure$
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/attestationbroker/AttestationService.java
Line 11: import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
Line 12: import org.codehaus.jackson.JsonFactory;
Line 13: import org.codehaus.jackson.JsonParseException;
Line 14: import org.codehaus.jackson.JsonParser;
Line 15: import org.codehaus.jackson.JsonToken;
Done
Line 16: import
org.ovirt.engine.core.common.businessentities.AttestationResultEnum;
Line 17: import org.ovirt.engine.core.common.businessentities.VDS;
Line 18: import org.ovirt.engine.core.common.config.Config;
Line 19: import org.ovirt.engine.core.common.config.ConfigValues;
Line 69: }
Line 70:
Line 71: public boolean validateHostIsTrusted(VDS vds) {
Line 72: List<String> hosts = new ArrayList<String>();
Line 73: hosts.add(vds.gethost_name());
Done
Line 74: List<AttestationValue> valueList = attestHosts(hosts);
Line 75: return valueList.get(0).getTrustLevel() ==
AttestationResultEnum.TRUSTED;
Line 76: }
Line 77:
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/attestationbroker/AttestThread.java
Line 12:
Line 13: public class AttestThread extends Thread{
Line 14:
Line 15: private int attestationFirstStageSize = Config.<Integer>
GetValue(ConfigValues.AttestationFirstStageSize);
Line 16: private List<VDS> vdss = new ArrayList<VDS>();
Done
Line 17:
Line 18: public AttestThread(){
Line 19:
Line 20: }
Line 36: if (vdss == null || vdss.size() == 0){
Line 37: break;
Line 38: }
Line 39: for (VDS vds: vdss){
Line 40: curVdsNames.add(vds.gethost_name());
Done
Line 41: }
Line 42: }
Line 43: if (curVdsNames.size()> attestationFirstStageSize) {
Line 44: curVdsNames1 =
curVdsNames.subList(0,attestationFirstStageSize-1);
Line 48: updateCache(valueList1);
Line 49: if (curVdsNames2.size() > 0) {
Line 50: valueList2 =
AttestationService.getInstance().attestHosts(curVdsNames2);
Line 51: updateCache(valueList2);
Line 52: }
It's really a good suggestion. I also think code is redundancy and I will
change as a 'while' loop. But we just need two-round at most. As we discussed
before, it just a 2-phase aggregated attestation. In order to get a fast answer
from attestation server, we divide the attestation query into a shorter query
and a longer one.
Line 53: }
Line 54:
Line 55: private void updateCache(List<AttestationValue> valueList){
Line 56: for (AttestationValue value: valueList){
Line 51: updateCache(valueList2);
Line 52: }
Line 53: }
Line 54:
Line 55: private void updateCache(List<AttestationValue> valueList){
Done
Line 56: for (AttestationValue value: valueList){
Line 57: if
(AttestationCacheManager.getInstance().exists(value.getHostName())){
Line 58:
AttestationCacheManager.getInstance().updateCache(value);
Line 59: }else{
....................................................
File
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java
Line 70: super(parameters);
Line 71: setVds(parameters.getVds());
Line 72: }
Line 73:
Line 74: private boolean validateHost() {
rename as initTrustedService is ok?
Line 75: if
(AttestationService.getInstance().validateHostIsTrusted(getVds())) {
Line 76: return true;
Line 77: } else {
Line 78: setNonOperational(NonOperationalReason.GENERAL, null);
Line 74: private boolean validateHost() {
Line 75: if
(AttestationService.getInstance().validateHostIsTrusted(getVds())) {
Line 76: return true;
Line 77: } else {
Line 78: setNonOperational(NonOperationalReason.GENERAL, null);
good suggestion, I'll fix in the next patchset.
Line 79: return false;
Line 80: }
Line 81: }
Line 82:
....................................................
File
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/attestation/AttestationCacheManager.java
Line 43: public void updateCache(AttestationValue value) {
Line 44: AttestationValue cacheValue =
attestationValues.get(value.getHostName());
Line 45: if (cacheValue != null) {
Line 46: cacheValue.setTrustLevel(value.getTrustLevel());
Line 47: }
option a is better, and we'll fix it.
Line 48: }
....................................................
File
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/attestation/AttestationValue.java
Line 5:
Line 6: public class AttestationValue {
Line 7:
Line 8: private String hostName;
Line 9: private AttestationResultEnum trustLevel;
A host have four status, and that is trusted, untrusted, unknown, timeout. We
have not considered at present.
Line 10:
Line 11: public AttestationValue() {
Line 12: trustLevel = AttestationResultEnum.UNKNOWN;
Line 13: }
--
To view, visit http://gerrit.ovirt.org/14605
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I8ce3448a821c74521d277f92f2c8d63ba0accfed
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Dave Chen <[email protected]>
Gerrit-Reviewer: Dave Chen <[email protected]>
Gerrit-Reviewer: Doron Fediuck <[email protected]>
Gerrit-Reviewer: Eli Mesika <[email protected]>
Gerrit-Reviewer: Emily Zhang <[email protected]>
Gerrit-Reviewer: Gang Wei <[email protected]>
Gerrit-Reviewer: Omer Frenkel <[email protected]>
Gerrit-Reviewer: Tal Nisan <[email protected]>
Gerrit-Reviewer: ofri masad <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
