I noticed that Trusted Compute Pools weren't documented and took a shot at it here, based on the wiki and these emails: https://review.openstack.org/16783
I believe that adding these lines to nova.conf in Folsom will enable the trust filter: scheduler_available_filters=nova.scheduler.filters.standard_filters scheduler_available_filters=nova.scheduler.filters.trusted_filter scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter However, if this isn't right, somebody let me know and I'll fix it in the docs. Take care, Lorin -- Lorin Hochstein Lead Architect - Cloud Services Nimbis Services, Inc. www.nimbisservices.com On Nov 22, 2012, at 3:23 AM, "Jiang, Yunhong" <yunhong.ji...@intel.com> wrote: > I think trusted_filter is not in the scheduler_default_filters, so you have > to make sure it’s used by the filter scheduler. > > Thanks > --jyh > > From: openstack-bounces+yunhong.jiang=intel....@lists.launchpad.net > [mailto:openstack-bounces+yunhong.jiang=intel....@lists.launchpad.net] On > Behalf Of Dale, StewartX T > Sent: Thursday, November 22, 2012 7:28 AM > To: openstack@lists.launchpad.net > Subject: [Openstack] Getting Trusted Compute Pools working in Open Stack > Folsom > > Hi All, > > I am trying to get trusted compute pools working in my installation of open > stack Folsom but so far am unable to get it to work. Currently when I spawn > a new instance I don't see any interaction with the attestation server and > the instance spawns just fine on a untrusted host. I have followed all the > documentation I could find on TCP > (http://wiki.openstack.org/TrustedComputingPools , > https://github.com/openstack/nova/blob/stable/folsom/nova/scheduler/filters/trusted_filter.py > ) but am still having no luck so I am hoping I missed something while > setting it up. Hopefully someone can point out what I am doing wrong. > > Steps to Setup TCP: > 1. Set the following value in nova.conf > scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler > 2. Add "trusted_computing" section to nova.conf > [trusted_computing] > server=10.x.x.x > port=8181 > server_ca_file=/etc/nova/ssl.10.1.71.206.crt > api_url=/AttestationService/resources/PollHosts > auth_blob=i-am-openstack > 3. Add the "trusted" requirement to an existing flavor by running > nova-manage instance_type set_key m1.tiny trust:trusted_host trusted > 4. Restart nova-compute and nova-scheduler service > > At this point I test it by going to openstack page -> projects -> instances > and launching a new instance of m1.tiny. At this point I should see a > connection attempt on the attestion server (which I don't) and then the > instance fail to launch (which it doesn't) since the host is untrusted. My > version of open stack is Folsom and nova is 2012.2. > Hopefully someone can point out my mistake or what I am missing. > > -Stewart > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
