564f5330c3
This significant rework occurs due to recent changes in the openstack-doc-tools project. There are some manual fixes to the following options, where invalid rST was included. These have been fixed on nova master but still need to be backported to stable/ocata. This will be done separately. - block_device_allocate_retries_interval (DEFAULT) - torrent_images (xenserver) Change-Id: Ia6ecbf025f1a2de19db896d3d72412461603093b Depends-On: I4ef80825598cc7d98a4046afd5b131484e5a3469
183 lines
6.6 KiB
ReStructuredText
183 lines
6.6 KiB
ReStructuredText
..
|
|
Warning: Do not edit this file. It is automatically generated from the
|
|
software project's code and your changes will be overwritten.
|
|
|
|
The tool to generate this file lives in openstack-doc-tools repository.
|
|
|
|
Please make any changes needed in the code, then run the
|
|
autogenerate-config-doc tool from the openstack-doc-tools repository, or
|
|
ask for help on the documentation mailing list, IRC channel or meeting.
|
|
|
|
.. _nova-trusted_computing:
|
|
|
|
.. list-table:: Description of trusted_computing configuration options
|
|
:header-rows: 1
|
|
:class: config-ref-table
|
|
|
|
* - Configuration option = Default value
|
|
- Description
|
|
|
|
* - ``attestation_auth_timeout`` = ``60``
|
|
|
|
- (Integer) This value controls how long a successful attestation is cached. Once this period has elapsed, a new attestation request will be made. See the `attestation_server` help text for more information about host verification.
|
|
|
|
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.
|
|
|
|
Possible values:
|
|
|
|
* A integer value, corresponding to the timeout interval for attestations in seconds. Any integer is valid, although setting this to zero or negative values can greatly impact performance when using an attestation service.
|
|
|
|
Related options:
|
|
|
|
* attestation_server
|
|
|
|
* attestation_server_ca_file
|
|
|
|
* attestation_port
|
|
|
|
* attestation_api_url
|
|
|
|
* attestation_auth_blob
|
|
|
|
* attestation_insecure_ssl
|
|
|
|
* - ``attestation_port`` = ``8443``
|
|
|
|
- (Port number) The port to use when connecting to the attestation server. See the `attestation_server` help text for more information about host verification.
|
|
|
|
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.
|
|
|
|
Related options:
|
|
|
|
* attestation_server
|
|
|
|
* attestation_server_ca_file
|
|
|
|
* attestation_api_url
|
|
|
|
* attestation_auth_blob
|
|
|
|
* attestation_auth_timeout
|
|
|
|
* attestation_insecure_ssl
|
|
|
|
* - ``attestation_api_url`` = ``/OpenAttestationWebServices/V1.0``
|
|
|
|
- (String) The URL on the attestation server to use. See the `attestation_server` help text for more information about host verification.
|
|
|
|
This value must be just that path portion of the full URL, as it will be joined to the host specified in the attestation_server option.
|
|
|
|
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.
|
|
|
|
Possible values:
|
|
|
|
* A valid URL string of the attestation server, or an empty string.
|
|
|
|
Related options:
|
|
|
|
* attestation_server
|
|
|
|
* attestation_server_ca_file
|
|
|
|
* attestation_port
|
|
|
|
* attestation_auth_blob
|
|
|
|
* attestation_auth_timeout
|
|
|
|
* attestation_insecure_ssl
|
|
|
|
* - ``attestation_server`` = ``None``
|
|
|
|
- (String) The host to use as the attestation server.
|
|
|
|
Cloud computing pools can involve thousands of compute nodes located at different geographical locations, making it difficult for cloud providers to identify a node's trustworthiness. When using the Trusted filter, users can request that their VMs only be placed on nodes that have been verified by the attestation server specified in this option.
|
|
|
|
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.
|
|
|
|
Possible values:
|
|
|
|
* A string representing the host name or IP address of the attestation server, or an empty string.
|
|
|
|
Related options:
|
|
|
|
* attestation_server_ca_file
|
|
|
|
* attestation_port
|
|
|
|
* attestation_api_url
|
|
|
|
* attestation_auth_blob
|
|
|
|
* attestation_auth_timeout
|
|
|
|
* attestation_insecure_ssl
|
|
|
|
* - ``attestation_insecure_ssl`` = ``False``
|
|
|
|
- (Boolean) When set to True, the SSL certificate verification is skipped for the attestation service. See the `attestation_server` help text for more information about host verification.
|
|
|
|
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.
|
|
|
|
Related options:
|
|
|
|
* attestation_server
|
|
|
|
* attestation_server_ca_file
|
|
|
|
* attestation_port
|
|
|
|
* attestation_api_url
|
|
|
|
* attestation_auth_blob
|
|
|
|
* attestation_auth_timeout
|
|
|
|
* - ``attestation_auth_blob`` = ``None``
|
|
|
|
- (String) Attestation servers require a specific blob that is used to authenticate. The content and format of the blob are determined by the particular attestation server being used. There is no default value; you must supply the value as specified by your attestation service. See the `attestation_server` help text for more information about host verification.
|
|
|
|
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.
|
|
|
|
Possible values:
|
|
|
|
* A string containing the specific blob required by the attestation server, or an empty string.
|
|
|
|
Related options:
|
|
|
|
* attestation_server
|
|
|
|
* attestation_server_ca_file
|
|
|
|
* attestation_port
|
|
|
|
* attestation_api_url
|
|
|
|
* attestation_auth_timeout
|
|
|
|
* attestation_insecure_ssl
|
|
|
|
* - ``attestation_server_ca_file`` = ``None``
|
|
|
|
- (String) The absolute path to the certificate to use for authentication when connecting to the attestation server. See the `attestation_server` help text for more information about host verification.
|
|
|
|
This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled.
|
|
|
|
Possible values:
|
|
|
|
* A string representing the path to the authentication certificate for the attestation server, or an empty string.
|
|
|
|
Related options:
|
|
|
|
* attestation_server
|
|
|
|
* attestation_port
|
|
|
|
* attestation_api_url
|
|
|
|
* attestation_auth_blob
|
|
|
|
* attestation_auth_timeout
|
|
|
|
* attestation_insecure_ssl
|