Nova Support for Glance Image Signing
In order to support Glance's image signing feature, we need to add accompanying functionality to Nova. This will allow Nova to verify signed images before booting and create signed images.
This accompanies the functionality described in the spec here: https:/
Blueprint information
- Status:
- Started
- Approver:
- John Garbutt
- Priority:
- Low
- Drafter:
- Dane Fichter
- Direction:
- Needs approval
- Assignee:
- Dane Fichter
- Definition:
- Pending Approval
- Series goal:
- None
- Implementation:
-
Good progress
- Milestone target:
- None
- Started by
- John Garbutt
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Nova Support of Glance Image Signing & Encryption
Addressed by: https:/
Nova support for image-signing
Addressed by: https:/
Add Castellan to requirements
Addressed by: https:/
Add signature_utils module
Addressed by: https:/
Add unit tests for signature_utils module
Addressed by: https:/
Signature verification for cached images
Addressed by: https:/
Trusted flavors
Addressed by: https:/
Add image verification spec for Ocata
Note: This work is mainly being addressed by these two new blueprints:
Trusted Flavors - https:/
Certificate Validation - https:/
Work Items
Work items:
Spec for Ocata cycle detailing the certificate validation process and integration plan for Nova: TODO
Merge certificate validation functionality into openstack/cursive. Integrate this functionality into Nova's image signature verification: TODO
