openstack/openstack-manuals
Code Issues Proposed changes
openstack-manuals/doc/config-reference/source/tables/nova-trusted_computing.rst
Stephen Finucane 564f5330c3 [config-ref]: update nova config options for stable/ocata 
This significant rework occurs due to recent changes in the
openstack-doc-tools project.

There are some manual fixes to the following options, where invalid rST
was included. These have been fixed on nova master but still need to be
backported to stable/ocata. This will be done separately.

- block_device_allocate_retries_interval (DEFAULT)
- torrent_images (xenserver)

Change-Id: Ia6ecbf025f1a2de19db896d3d72412461603093b
Depends-On: I4ef80825598cc7d98a4046afd5b131484e5a3469
2017-03-20 16:57:29 +00:00

6.6 KiB
Raw Blame History

Description of trusted_computing configuration options
Configuration option = Default value Description

attestation_auth_timeout = 60

(Integer) This value controls how long a successful attestation is cached. Once this period has elapsed, a new attestation request will be made. See the attestation_server help text for more information about host verification.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.

Possible values:

  • A integer value, corresponding to the timeout interval for attestations in seconds. Any integer is valid, although setting this to zero or negative values can greatly impact performance when using an attestation service.

Related options:

  • attestation_server
  • attestation_server_ca_file
  • attestation_port
  • attestation_api_url
  • attestation_auth_blob
  • attestation_insecure_ssl

attestation_port = 8443

(Port number) The port to use when connecting to the attestation server. See the attestation_server help text for more information about host verification.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.

Related options:

  • attestation_server
  • attestation_server_ca_file
  • attestation_api_url
  • attestation_auth_blob
  • attestation_auth_timeout
  • attestation_insecure_ssl

attestation_api_url = /OpenAttestationWebServices/V1.0

(String) The URL on the attestation server to use. See the attestation_server help text for more information about host verification.

This value must be just that path portion of the full URL, as it will be joined to the host specified in the attestation_server option.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.

Possible values:

  • A valid URL string of the attestation server, or an empty string.

Related options:

  • attestation_server
  • attestation_server_ca_file
  • attestation_port
  • attestation_auth_blob
  • attestation_auth_timeout
  • attestation_insecure_ssl

attestation_server = None

(String) The host to use as the attestation server.

Cloud computing pools can involve thousands of compute nodes located at different geographical locations, making it difficult for cloud providers to identify a node's trustworthiness. When using the Trusted filter, users can request that their VMs only be placed on nodes that have been verified by the attestation server specified in this option.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.

Possible values:

  • A string representing the host name or IP address of the attestation server, or an empty string.

Related options:

  • attestation_server_ca_file
  • attestation_port
  • attestation_api_url
  • attestation_auth_blob
  • attestation_auth_timeout
  • attestation_insecure_ssl

attestation_insecure_ssl = False

(Boolean) When set to True, the SSL certificate verification is skipped for the attestation service. See the attestation_server help text for more information about host verification.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.

Related options:

  • attestation_server
  • attestation_server_ca_file
  • attestation_port
  • attestation_api_url
  • attestation_auth_blob
  • attestation_auth_timeout

attestation_auth_blob = None

(String) Attestation servers require a specific blob that is used to authenticate. The content and format of the blob are determined by the particular attestation server being used. There is no default value; you must supply the value as specified by your attestation service. See the attestation_server help text for more information about host verification.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.

Possible values:

  • A string containing the specific blob required by the attestation server, or an empty string.

Related options:

  • attestation_server
  • attestation_server_ca_file
  • attestation_port
  • attestation_api_url
  • attestation_auth_timeout
  • attestation_insecure_ssl

attestation_server_ca_file = None

(String) The absolute path to the certificate to use for authentication when connecting to the attestation server. See the attestation_server help text for more information about host verification.

This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.

Possible values:

  • A string representing the path to the authentication certificate for the attestation server, or an empty string.

Related options:

  • attestation_server
  • attestation_port
  • attestation_api_url
  • attestation_auth_blob
  • attestation_auth_timeout
  • attestation_insecure_ssl