openstack team mailing list archive

Thread
Date

Re: trusted computing and nova

To: Michael Pittaro <mikeyp@xxxxxxxxxxxxxxxxxxx>
From: Vishvananda Ishaya <vishvananda@xxxxxxxxx>
Date: Fri, 9 Dec 2011 11:33:20 -0800
Cc: OpenStack Mailing List <openstack@xxxxxxxxxxxxxxxxxxx>, Mark Washenberger <mark.washenberger@xxxxxxxxxxxxx>
In-reply-to: <CALZ813uC81koAtHiyLQe-04-j3Ch--3NLnbjCpUH8Sd1urUqSQ@mail.gmail.com>

I suggested a couple alternative solutions for implementations in one of the reviews.  Hoping to hear back from fred yang/intel on whether one of those solutions will work.  Copied suggestions here in case anyone else is following along.

Brian Waldon and I were discussing the possibility of a couple different approach for trusted computing which wouldn't require adding a separate component and scheduler.

1. add an admin api to add and remove hosts from an availabilty zone. Then the component that is verifying trust could periodically check the hosts and remove them from the trusted zone if they fail. The scheduler could just use regular availability-zone scheduling to send the hosts to the trusted zone.

2. rather than verify trust during schedule, provide an external service that is exposed to users where they could verify trust. They could basically request the trust state of an instance. The service would speak to nova through an admin api to discover which host the instance is running on and verify the trustedness of the host, and return "trusted" to the user if the node passes.
Do either of these approaches solve your use-case? They both require considerably less modifications to the nova source code, which is good for a number of reasons.

Vish

On Dec 9, 2011, at 9:46 AM, Michael Pittaro wrote:

> On Thu, Dec 8, 2011 at 2:27 PM, Mark Washenberger
> <mark.washenberger@xxxxxxxxxxxxx> wrote:
>> Does code specific to Trusted Computing belong in Nova? It seems like it should be supported through Scheduler plugins and API plugins (if necessary). It seems like the ideas of attestation and trusted computing are tangential to the core of Nova.
>> 
>> I can easily imagine a lot of scheduler variations that Nova should support. Adding custom code to nova for each variation would probably lead to a lot of extra complexity. However, the current trusted computing blueprint sets the precedent that each such variation deserves its own custom code (which nova developers are then presumably expected to support).
>> 
> 
> I think we need to make sure the appropriate hook's are in place so it
> can be added, but beyond that I see an explosion of variations and
> dependencies.
> 
> My initial impression, like yours, is that it can be accomplished in a
> custom scheduler.  But I'm not a trusted computing expert, so I'd be
> interested in hearing why that wouldn't work, and what additional
> hooks might be needed.
> 
>> Context:
>> https://blueprints.launchpad.net/nova/+spec/trusted-computing-pools
>> http://wiki.openstack.org/TrustedComputingPools
>> https://review.openstack.org/1899
>> 
>> 
> mike
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: trusted computing and nova
From: Yang, Fred, 2011-12-09
Re: trusted computing and nova
From: Chris Wright, 2011-12-09

References

trusted computing and nova
From: Mark Washenberger, 2011-12-08
Re: trusted computing and nova
From: Michael Pittaro, 2011-12-09