← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1369581] Re: compute-trust.json provides invalid data for trust filter

 

** Changed in: glance
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1369581

Title:
  compute-trust.json provides invalid data for trust filter

Status in OpenStack Image Registry and Delivery Service (Glance):
  Fix Released

Bug description:
  compute-trust.json provides such properties for trust filter:

  "properties": {
  	"trust:trusted_host": {
  		"title": "Intel® TXT attestation",
  		"description": "Select to ensure that node has been attested by Intel® Trusted Execution Technology (Intel® TXT).",
  		"type": "boolean"
  	}
  }

  This means that actually we require True/False values for trust
  levels. This does not match with how Trust Filter works (comment from
  trust filter):

  Filter that only schedules tasks on a host if the integrity (trust)
  of that host matches the trust requested in the ``extra_specs`` for the
  flavor.  The ``extra_specs`` will contain a key/value pair where the
  key is ``trust``.  The value of this pair (``trusted``/``untrusted``) must
  match the integrity of that host (obtained from the Attestation
  service) before the task can be scheduled on that host.

  There is also level 'unknown' available:

      def _init_cache_entry(self, host):
          self.compute_nodes[host] = {
              'trust_lvl': 'unknown',
              'vtime': timeutils.normalize_time(
                          timeutils.parse_isotime("1970-01-01T00:00:00Z"))}

  This means that compute-trust.json should be changed to match trust
  levels that are expected by Trust Filter.

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1369581/+subscriptions


References