Open Stack

>> Why does the scheduling of the checks even have to be part of OpenStack? Why
can't the operating system that OpenStack is running on provide that?

Because "trusted pool" concept is a part of OpenStack, not operating
system. Users with sensitive workloads may choose to use the "trusted pool"
concept to have more control over where their data is run. Similarly, these
security checks are deeply intertwined with OpenStack/Nova functionality.
What is the good of having a security check in the operating system level
if Nova just blindly runs on any physical machine anyway?

>> Any reason this is limited to "security" rather than being a generic
mechanism?

So, right now you should read "periodic security check" as "periodic update
of trusted pool". But that is only for now. The reason this is limited to
security is because APL's goal for working with OpenStack is to improve its
security. Due to scoping concerns the first version will only target
security checks; however, developers are welcome to extend it in the future
to include other aspects of computing pools. (Translation: "pull requests
accepted")


2014-06-24 6:46 GMT-04:00 Darren J Moffat <Darren.Moffat at oracle.com>:

> Is this intended only for checking the OpenStack infrastructure or for
> checking the hosted guest VMs as well ?
>
> Why does the scheduling of the checks even have to be part of OpenStack ?
>  Why can't the operating system that OpenStack is running on provide that ?
>
> Any reason this is limited to "security" rather than being a generic
> mechanism ?  Eg one that can stop scheduling to given nodes based on
> reported hardware faults.
>
> --
> Darren J Moffat
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140625/36d39c2b/attachment.html>