Atom feed of this document
  
 
 Configure Compute to use trusted compute pools
  1. Enable scheduling support for trusted compute pools by adding the following lines in the DEFAULT section in the /etc/nova/nova.conf file:

    [DEFAULT]
    compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
    scheduler_available_filters=nova.scheduler.filters.all_filters
    scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter
  2. Specify the connection information for your attestation service by adding the following lines to the trusted_computing section in the /etc/nova/nova.conf file:

    [trusted_computing]
    server=10.1.71.206
    port=8443
    server_ca_file=/etc/nova/ssl.10.1.71.206.crt
    # If using OAT v1.5, use this api_url:
    api_url=/AttestationService/resources
    # If using OAT pre-v1.5, use this api_url:
    #api_url=/OpenAttestationWebServices/V1.0
    auth_blob=i-am-openstack

    Where:

    server

    Host name or IP address of the host that runs the attestation service.

    port

    HTTPS port for the attestation service.

    server_ca_file

    Certificate file used to verify the attestation server's identity.

    api_url

    The attestation service's URL path.

    auth_blob

    An authentication blob, which is required by the attestation service.

  3. Restart the nova-compute and nova-scheduler services.

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...