Deprecate scheduler trusted filter
Due to being marked experimental since it has existed on May 28, 2012 with no real activity of development since, this filter is being deprecated. mailing list discussion: http://lists.openstack.org/pipermail/openstack-operators/2017-May/013371.html Change-Id: If6e53feeb97e6050c1eb7962110ed89504c952fc
This commit is contained in:
parent
5097b3f9ee
commit
82f16b88f3
|
@ -154,8 +154,14 @@ There are many standard filter classes which may be used
|
|||
a set of instances.
|
||||
* |RetryFilter| - filters hosts that have been attempted for scheduling.
|
||||
Only passes hosts that have not been previously attempted.
|
||||
* |TrustedFilter| (EXPERIMENTAL) - filters hosts based on their trust. Only passes hosts
|
||||
that meet the trust requirements specified in the instance properties.
|
||||
* |TrustedFilter| (EXPERIMENTAL) - filters hosts based on their trust. Only
|
||||
passes hosts that meet the trust requirements specified in the instance
|
||||
properties.
|
||||
|
||||
.. warning:: TrustedFilter is deprecated for removal in the 17.0.0 Queens
|
||||
release. There is no replacement planned for this filter. It has been
|
||||
marked experimental since its inception. It is incomplete and not tested.
|
||||
|
||||
* |TypeAffinityFilter| - Only passes hosts that are not already running an
|
||||
instance of the requested type.
|
||||
* |AggregateTypeAffinityFilter| - limits instance_type by aggregate.
|
||||
|
|
|
@ -590,6 +590,9 @@ Configuration options for enabling Trusted Platform Module.
|
|||
|
||||
trusted_opts = [
|
||||
cfg.HostAddressOpt("attestation_server",
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The host to use as the attestation server.
|
||||
|
||||
|
@ -618,6 +621,9 @@ Related options:
|
|||
* attestation_insecure_ssl
|
||||
"""),
|
||||
cfg.StrOpt("attestation_server_ca_file",
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The absolute path to the certificate to use for authentication when connecting
|
||||
to the attestation server. See the `attestation_server` help text for more
|
||||
|
@ -643,6 +649,9 @@ Related options:
|
|||
"""),
|
||||
cfg.PortOpt("attestation_port",
|
||||
default=8443,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The port to use when connecting to the attestation server. See the
|
||||
`attestation_server` help text for more information about host verification.
|
||||
|
@ -662,6 +671,9 @@ Related options:
|
|||
"""),
|
||||
cfg.StrOpt("attestation_api_url",
|
||||
default="/OpenAttestationWebServices/V1.0",
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
The URL on the attestation server to use. See the `attestation_server` help
|
||||
text for more information about host verification.
|
||||
|
@ -688,6 +700,9 @@ Related options:
|
|||
"""),
|
||||
cfg.StrOpt("attestation_auth_blob",
|
||||
secret=True,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
Attestation servers require a specific blob that is used to authenticate. The
|
||||
content and format of the blob are determined by the particular attestation
|
||||
|
@ -715,6 +730,9 @@ Related options:
|
|||
"""),
|
||||
cfg.IntOpt("attestation_auth_timeout",
|
||||
default=60,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
min=0,
|
||||
help="""
|
||||
This value controls how long a successful attestation is cached. Once this
|
||||
|
@ -742,6 +760,9 @@ Related options:
|
|||
"""),
|
||||
cfg.BoolOpt("attestation_insecure_ssl",
|
||||
default=False,
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Incomplete filter",
|
||||
deprecated_since="Pike",
|
||||
help="""
|
||||
When set to True, the SSL certificate verification is skipped for the
|
||||
attestation service. See the `attestation_server` help text for more
|
||||
|
|
|
@ -44,6 +44,7 @@ the Open Attestation project at:
|
|||
"""
|
||||
|
||||
from oslo_log import log as logging
|
||||
from oslo_log import versionutils
|
||||
from oslo_serialization import jsonutils
|
||||
from oslo_utils import timeutils
|
||||
import requests
|
||||
|
@ -231,12 +232,10 @@ class TrustedFilter(filters.BaseHostFilter):
|
|||
|
||||
def __init__(self):
|
||||
self.compute_attestation = ComputeAttestation()
|
||||
LOG.warning(_LW('The TrustedFilter is considered experimental '
|
||||
'by the OpenStack project because it receives much '
|
||||
'less testing than the rest of Nova. This may change '
|
||||
'in the future, but current deployers should be aware '
|
||||
'that the use of it in production right now may be '
|
||||
'risky.'))
|
||||
msg = _LW('The TrustedFilter is deprecated as it has been marked '
|
||||
'experimental for some time with no tests. It will be '
|
||||
'removed in the 17.0.0 Queens release.')
|
||||
versionutils.report_deprecated_feature(LOG, msg)
|
||||
|
||||
# The hosts the instances are running on doesn't change within a request
|
||||
run_filter_once_per_request = True
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
The ``TrustedFilter`` scheduler filter has been experimental since its existence on
|
||||
May 18, 2012. Due to the lack of tests and activity with it, it's now
|
||||
deprecated and set for removal in the 17.0.0 Queens release.
|
Loading…
Reference in New Issue