Hello everyone,
I have a problem about booting signed images from cinder volumes. I am currently working on OpenStack Ussuri and I have Ceph storage as cinder backend. I have completed the necessary steps to enable glance image verification according to this document [1]. Now, I can create VMs from signed images -if I do not choose the create new volume option-.
If I try to boot from volume, it throws an error message: "Image certificate validation is not supported when booting from volume". According to [2], Cinder already has an option to use signed images and it is enabled by default, but it seems it does not work. As opposed to this, [3] explains that Cinder has no ability to verify trusted images: "As of the 18.0.0 Rocky release, trusted image certification validation is not supported with volume-backed (boot from volume) instances. The block storage service support may be available in a future release"
Is there any way to use trusted/signed images when booting from volume?
Thanks.