Merge "Deprecate scheduler trusted filter"
This commit is contained in:
commit
3806ead0e0
|
@ -154,8 +154,14 @@ There are many standard filter classes which may be used
|
|||
a set of instances.
|
||||
* |RetryFilter| - filters hosts that have been attempted for scheduling.
|
||||
Only passes hosts that have not been previously attempted.
|
||||
* |TrustedFilter| (EXPERIMENTAL) - filters hosts based on their trust. Only passes hosts
|
||||
that meet the trust requirements specified in the instance properties.
|
||||
* |TrustedFilter| (EXPERIMENTAL) - filters hosts based on their trust. Only
|
||||
passes hosts that meet the trust requirements specified in the instance
|
||||
properties.
|
||||
|
||||
.. warning:: TrustedFilter is deprecated for removal in the 17.0.0 Queens
|
||||
release. There is no replacement planned for this filter. It has been
|
||||
marked experimental since its inception. It is incomplete and not tested.
|
||||
|
||||
* |TypeAffinityFilter| - Only passes hosts that are not already running an
|
||||
instance of the requested type.
|
||||
* |AggregateTypeAffinityFilter| - limits instance_type by aggregate.
|
||||
|
|
|
@ -589,6 +589,9 @@ Configuration options for enabling Trusted Platform Module.
|
|||
|
||||
trusted_opts = [
|
||||
cfg.HostAddressOpt("attestation_server",
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The host to use as the attestation server.
|
||||
|
||||
|
@ -617,6 +620,9 @@ Related options:
|
|||
* attestation_insecure_ssl
|
||||
"""),
|
||||
cfg.StrOpt("attestation_server_ca_file",
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The absolute path to the certificate to use for authentication when connecting
|
||||
to the attestation server. See the `attestation_server` help text for more
|
||||
|
@ -642,6 +648,9 @@ Related options:
|
|||
"""),
|
||||
cfg.PortOpt("attestation_port",
|
||||
default=8443,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The port to use when connecting to the attestation server. See the
|
||||
`attestation_server` help text for more information about host verification.
|
||||
|
@ -661,6 +670,9 @@ Related options:
|
|||
"""),
|
||||
cfg.StrOpt("attestation_api_url",
|
||||
default="/OpenAttestationWebServices/V1.0",
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The URL on the attestation server to use. See the `attestation_server` help
|
||||
text for more information about host verification.
|
||||
|
@ -687,6 +699,9 @@ Related options:
|
|||
"""),
|
||||
cfg.StrOpt("attestation_auth_blob",
|
||||
secret=True,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
Attestation servers require a specific blob that is used to authenticate. The
|
||||
content and format of the blob are determined by the particular attestation
|
||||
|
@ -714,6 +729,9 @@ Related options:
|
|||
"""),
|
||||
cfg.IntOpt("attestation_auth_timeout",
|
||||
default=60,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
min=0,
|
||||
help="""
|
||||
This value controls how long a successful attestation is cached. Once this
|
||||
|
@ -741,6 +759,9 @@ Related options:
|
|||
"""),
|
||||
cfg.BoolOpt("attestation_insecure_ssl",
|
||||
default=False,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
When set to True, the SSL certificate verification is skipped for the
|
||||
attestation service. See the `attestation_server` help text for more
|
||||
|
|
|
@ -44,6 +44,7 @@ the Open Attestation project at:
|
|||
"""
|
||||
|
||||
from oslo_log import log as logging
|
||||
from oslo_log import versionutils
|
||||
from oslo_serialization import jsonutils
|
||||
from oslo_utils import timeutils
|
||||
import requests
|
||||
|
@ -231,12 +232,10 @@ class TrustedFilter(filters.BaseHostFilter):
|
|||
|
||||
def __init__(self):
|
||||
self.compute_attestation = ComputeAttestation()
|
||||
LOG.warning(_LW('The TrustedFilter is considered experimental '
|
||||
'by the OpenStack project because it receives much '
|
||||
'less testing than the rest of Nova. This may change '
|
||||
'in the future, but current deployers should be aware '
|
||||
'that the use of it in production right now may be '
|
||||
'risky.'))
|
||||
msg = _LW('The TrustedFilter is deprecated as it has been marked '
|
||||
'experimental for some time with no tests. It will be '
|
||||
'removed in the 17.0.0 Queens release.')
|
||||
versionutils.report_deprecated_feature(LOG, msg)
|
||||
|
||||
# The hosts the instances are running on doesn't change within a request
|
||||
run_filter_once_per_request = True
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
The ``TrustedFilter`` scheduler filter has been experimental since its existence on
|
||||
May 18, 2012. Due to the lack of tests and activity with it, it's now
|
||||
deprecated and set for removal in the 17.0.0 Queens release.
|
Loading…
Reference in New Issue