Enable scheduling support for trusted compute pools by adding the following lines in the
DEFAULT
section in the/etc/nova/nova.conf
file:[DEFAULT] compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler scheduler_available_filters=nova.scheduler.filters.all_filters scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter
Specify the connection information for your attestation service by adding the following lines to the
trusted_computing
section in the/etc/nova/nova.conf
file:[trusted_computing] server=10.1.71.206 port=8443 server_ca_file=/etc/nova/ssl.10.1.71.206.crt # If using OAT v1.5, use this api_url: api_url=/AttestationService/resources # If using OAT pre-v1.5, use this api_url: #api_url=/OpenAttestationWebServices/V1.0 auth_blob=i-am-openstack
Where:
- server
Host name or IP address of the host that runs the attestation service.
- port
HTTPS port for the attestation service.
- server_ca_file
Certificate file used to verify the attestation server's identity.
- api_url
The attestation service's URL path.
- auth_blob
An authentication blob, which is required by the attestation service.
Restart the
nova-compute
andnova-scheduler
services.