7f10707e5d
This change adds a `--trusted-image-certificate-id` option to the `nova boot` and `nova rebuild` commands. This option takes in a a single trusted certificate ID. The option may be used multiple times to specify multiple trusted certificate IDs, which will be used to validate certificates in the image signature verification process. If ID values are not specified using this option, the value of the newly added OS_TRUSTED_IMAGE_CERTIFICATE_IDS environment variable will be used instead. This value will be converted into a list before being passed on. The ``nova rebuild`` command also gets a new ``--trusted-image-certificates-unset`` option to unset/reset the trusted image certificates in a server during rebuild. This is similar to unsetting key_name and user_data during rebuild. Corresponding `trusted_image_certificates` kwarg has been added to the server create and rebuild Python API bindings. Co-Authored-By: Brianna Poulos <Brianna.Poulos@jhuapl.edu> Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com> Change-Id: I235541a689732826950c7b2a510d5835211120c3 Implements: blueprint nova-validate-certificates
18 lines
693 B
YAML
18 lines
693 B
YAML
---
|
|
features:
|
|
- |
|
|
Added support for `microversion 2.63`_, which includes the following
|
|
changes:
|
|
|
|
- New environment variable called ``OS_TRUSTED_IMAGE_CERTIFICATE_IDS``
|
|
- New ``nova boot`` option called ``--trusted-image-certificate-id``
|
|
- New ``nova rebuild`` options called ``--trusted-image-certificate-id``
|
|
and ``--trusted-image-certificates-unset``
|
|
- New kwarg called ``trusted_image_certificates`` added to python API
|
|
bindings:
|
|
|
|
- ``novaclient.v2.servers.ServerManager.create()``
|
|
- ``novaclient.v2.servers.ServerManager.rebuild()``
|
|
|
|
.. _microversion 2.63: https://docs.openstack.org/nova/latest/api_microversion_history.html#id57
|