[openstack-dev] [nova] Concern about trusted certificates API change
Matt Riedemann
mriedemos at gmail.com
Wed Apr 18 17:14:56 UTC 2018
On 4/18/2018 12:09 PM, Chris Friesen wrote:
> If this happens, is it clear to the end-user that the reason the boot
> failed is that the cloud doesn't support trusted cert IDs for
> boot-from-vol? If so, then I think that's totally fine.
If you're creating an image-backed server and requesting specific
trusted certs, you'll get by the API but could land on a compute host
that doesn't support image validation, like any non-libvirt driver, and
at that point the trusted certs request is ignored.
We could fix that the same way I've proposed we fix it for boot from
volume with multiattach volumes in that the compute node resource
provider would have a trait on it for the capability, and we'd add a
placement request filter that detects, from the RequestSpec, that you're
trying to do this specific thing that requires a compute that supports
that capability, otherwise you get NoValidHost.
--
Thanks,
Matt
More information about the OpenStack-dev
mailing list