Filter to add support for Trusted Computing Pools.
Filter that only schedules tasks on a host if the integrity (trust) of that host matches the trust requested in the `extra_specs’ for the flavor. The `extra_specs’ will contain a key/value pair where the key is `trust’. The value of this pair (`trusted’/`untrusted’) must match the integrity of that host (obtained from the Attestation service) before the task can be scheduled on that host.
Note that the parameters to control access to the Attestation Service are in the `nova.conf’ file in a separate `trust’ section. For example, the config file will look something like:
[DEFAULT] verbose=True ... [trust] server=attester.mynetwork.com
Details on the specific parameters can be found in the file `trust_attest.py’.
Details on setting up and using an Attestation Service can be found at the Open Attestation project at:
Bases: object
Attests compute nodes through OAT service.
| Parameters: | hosts – hosts list to be attested |
|---|---|
| Returns: | dictionary for trust level and validate time |
Bases: object
Cache for compute node attestation
Cache compute node’s trust level for sometime, if the cache is out of date, poll OAT service to flush the cache.
OAT service may have cache also. OAT service’s cache valid time should be set shorter than trusted filter’s cache valid time.
Check host’s trust level.
Bases: httplib.HTTPSConnection
Class to make a HTTPS connection, with support for full client-based SSL Authentication
Connect to a host on a given (SSL) port. If ca_file is pointing somewhere, use it to check Server Certificate.
Redefined/copied and extended from httplib.py:1105 (Python 2.6.x). This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to ssl.wrap_socket(), which forces SSL to check server certificate against our client certificate.