TrustedFilter checks compute trust level, not hypervisors
Bug #1223452 reported by
Bob Ball
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
jiang, yunhong | ||
Icehouse |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The TrustedFilter uses host_state.host as the name that will be checked against the remote attestation service.
This works for the KVM case because the compute node and the hypervisor are the same; however we must be checking host_state.nodename which is the hostname for the hypervisor which will be registered with the attestation server.
tags: | added: scheduler |
Changed in nova: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in nova: | |
assignee: | nobody → jiang, yunhong (yunhong-jiang) |
Changed in nova: | |
status: | Confirmed → In Progress |
Changed in nova: | |
milestone: | none → juno-3 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | juno-3 → 2014.2 |
To post a comment you must log in.
The same issue applies to pre-populating the cache which uses compute[ 'service' ]['host' ] which is the compute's host name not the hypervisor's host name