openstack team mailing list archive
Mailing list archive
nova and trusted computing
I have some concerns about the approach adopted in the trusted computing blueprint
Basically, the assumption of this blueprint is that Nova has to be responsible for caching the "trust" status of hosts. In order to do this without allowing hosts to lie to the scheduler, a long lived component must be created. My sense is that this approach is too invasive and inappropriately pushes responsibilities from the "trust" infrastructure into Nova.
I have been working with Fred Yang to try to address these concerns--and I'm confident that Nova can adjust in a reasonable way to accommodate trusted computing. However, the blueprint appears to have been approved with the approach I don't like baked in, and I don't want to overstep.
So I ask: Is there a consensus among nova-core that the approach given in the blueprint needs to be changed? Or the other way around, is there a consensus approving of this approach?