Atom feed of this document
 
 Configure Compute to use trusted compute pools
  1. Configure the Compute service with the connection information for the attestation service.

    Specify these connection options in the trusted_computing section in the nova.conf configuration file:

    server

    Host name or IP address of the host that runs the attestation service

    port

    HTTPS port for the attestation service

    server_ca_file

    Certificate file used to verify the attestation server's identity.

    api_url

    The attestation service URL path.

    auth_blob

    An authentication blob, which is required by the attestation service.

  2. To enable scheduling support for trusted compute pools, add the following lines to the DEFAULT and trusted_computing sections in the /etc/nova/nova.conf file. Edit the details in the trusted_computing section based on the details of your attestation service:

    [DEFAULT]
    compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
    scheduler_available_filters=nova.scheduler.filters.all_filters
    scheduler_default_filters=AvailabilityZoneFilter,RamFilter,ComputeFilter,TrustedFilter
    
    [trusted_computing]
    server=10.1.71.206
    port=8443
    server_ca_file=/etc/nova/ssl.10.1.71.206.crt
    # If using OAT v1.5, use this api_url:
    api_url=/AttestationService/resources
    # If using OAT pre-v1.5, use this api_url:
    #api_url=/OpenAttestationWebServices/V1.0
    auth_blob=i-am-openstack
  3. Restart the nova-compute and nova-scheduler services.

Log a bug against this page

loading table of contents...