← Back to team overview

openstack team mailing list archive

Getting Trusted Compute Pools working in Open Stack Folsom

 

Hi All,

 I am trying to get trusted compute pools working in my installation of open stack Folsom but so far am unable to get it to work.  Currently when I spawn a new instance I don't see any interaction with the attestation server and the instance spawns just fine on a untrusted host.  I have followed all the documentation I could find on TCP (http://wiki.openstack.org/TrustedComputingPools , https://github.com/openstack/nova/blob/stable/folsom/nova/scheduler/filters/trusted_filter.py ) but am still having no luck so I am hoping I missed something while setting it up.  Hopefully someone can point out what I am doing wrong.

Steps to Setup TCP:
1.  Set the following value in nova.conf
      scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
 2. Add "trusted_computing" section to nova.conf
      [trusted_computing]
      server=10.x.x.x
      port=8181
      server_ca_file=/etc/nova/ssl.10.1.71.206.crt
      api_url=/AttestationService/resources/PollHosts
      auth_blob=i-am-openstack
3.  Add the "trusted" requirement to an existing flavor by running
     nova-manage instance_type set_key m1.tiny trust:trusted_host trusted
4.  Restart nova-compute and nova-scheduler service

At this point I test it by going to openstack page -> projects -> instances and launching a new instance of m1.tiny.   At this point I should see a connection attempt on the attestion server (which I don't) and then the instance fail to launch (which it doesn't) since the host is untrusted.  My version of open stack is Folsom and nova is 2012.2.
 Hopefully someone can point out my mistake or what I am missing.

-Stewart


Follow ups