Configure the Compute service with the connection information for the attestation service.
Specify these connection options in the
trusted_computing
section in thenova.conf
configuration file:- server
Host name or IP address of the host that runs the attestation service
- port
HTTPS port for the attestation service
- server_ca_file
Certificate file used to verify the attestation server's identity.
- api_url
The attestation service URL path.
- auth_blob
An authentication blob, which is required by the attestation service.
To enable scheduling support for trusted compute pools, add the following lines to the
DEFAULT
andtrusted_computing
sections in the/etc/nova/nova.conf
file. Edit the details in thetrusted_computing
section based on the details of your attestation service:[DEFAULT] compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler scheduler_available_filters=nova.scheduler.filters.all_filters scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter [trusted_computing] server=10.1.71.206 port=8443 server_ca_file=/etc/nova/ssl.10.1.71.206.crt # If using OAT v1.5, use this api_url: api_url=/AttestationService/resources # If using OAT pre-v1.5, use this api_url: #api_url=/OpenAttestationWebServices/V1.0 auth_blob=i-am-openstack
Restart the
nova-compute
andnova-scheduler
services.