[openstack-dev] [nova] Concern about trusted certificates API change
Jay Pipes
jaypipes at gmail.com
Wed Apr 18 17:16:44 UTC 2018
On 04/18/2018 01:14 PM, Matt Riedemann wrote:
> On 4/18/2018 12:09 PM, Chris Friesen wrote:
>> If this happens, is it clear to the end-user that the reason the boot
>> failed is that the cloud doesn't support trusted cert IDs for
>> boot-from-vol? If so, then I think that's totally fine.
>
> If you're creating an image-backed server and requesting specific
> trusted certs, you'll get by the API but could land on a compute host
> that doesn't support image validation, like any non-libvirt driver, and
> at that point the trusted certs request is ignored.
>
> We could fix that the same way I've proposed we fix it for boot from
> volume with multiattach volumes in that the compute node resource
> provider would have a trait on it for the capability, and we'd add a
> placement request filter that detects, from the RequestSpec, that you're
> trying to do this specific thing that requires a compute that supports
> that capability, otherwise you get NoValidHost.
+1
Still looking for reviews on https://review.openstack.org/#/c/546713/.
Thanks,
-jay
More information about the OpenStack-dev
mailing list