[Openstack] trusted computing and nova

Yang, Fred fred.yang at intel.com
Fri Dec 9 22:11:24 UTC 2011


> Behalf Of Mark Washenberger
> Do we need anything more than a way to inject a third-party filter into
> schedulers?
> 
> I'm assuming that we need to schedule based on whether or not the
> attestation server verifies the host. And I understand that this
> situation introduces some peculiar and novel requirements on the
> scheduler. But I don't think it makes sense to deduce from that that we
> should write an attestation client into nova and create a new scheduler
> and manager service. Instead, we should robustify (is that even a
> word? :-) the plug-ability of the scheduler with these requirements in
> mind.
> 
> I really appreciate the work that has gone into making this transparent
> and generic with the standalone http-based attestation server. I just
> don't think it goes quite as far as it needs to.
Not to be pressed! :-). not a good idea to plug client connection into scheduler.
The original idea was to only add new filters on base code per requirement, new capability handling is a little bit invasive.
Looking into Admin API approach per other thread 
thx
-Fred




More information about the Openstack mailing list