Add scheduler filter for trustedness of a host
Implements blueprint trusted-computing-pools Add a scheduling filter that filters based upon the trustedness of a node. A request is sent to the attestation service to disover the trustedness of the target node and, only if it matches the `trust_host' key/value pair in the `extra_specs' for the instance type, then the instance can be started on that node. More details can be found in the docspec for the filter in: nova/scheduler/filters/trusted_filter.py To setup an attestation server go to the Open Attestation Project at: https://github.com/OpenAttestation/OpenAttestation Also add 5 tests for the new filter that verifies: 1) Schedule works with no trust in the extra specs 2) Schedule works with trusted instance and trusted host 3) Schedule works with untrusted instance and untrusted host 4) Schedule fails with trusted instance and untrusted host 5) Scheduel fails with untrusted instance and trusted host Signed-off-by: Don Dugger <donald.d.dugger@intel.com> Signed-off-by: Fred Yang <fred.yang@intel.com> Change-Id: Iafa6aed8061f6cd4630367553aee14bd4b0263e2
This commit is contained in:
3 changed files with 289 additions and 0 deletions
1
Authors
1
Authors
@@ -55,6 +55,7 @@ Devdeep Singh <devdeep.singh@citrix.com>
Devendra Modium <dmodium@isi.edu>
Devin Carlen <devin.carlen@gmail.com>
Dina Belova <dbelova@mirantis.com>
Don Dugger <donald.d.dugger@intel.com>
Donal Lafferty <donal.lafferty@citrix.com>
Dong-In David Kang <dkang@isi.edu>
Doug Hellmann <doug.hellmann@dreamhost.com>
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.