OpenStack Compute (nova)

Trusted Flavors

Registered by Dane Fichter

As of Mitaka, Nova is capable of verifying digital signatures for Glance images. Currently, this feature can only be enabled by setting the verify_glance_signatures configuration option in Nova. If this flag is enabled, Nova can only boot signed images. This inconveniences end users or deployers who are comfortable with using unverified images in most cases, but would still like the option of using signature verification. This change allows the admin to create “trusted” flavors, or flavors of VM for which security features like image signature verification are enabled. Then the end user could enable these features on a per instance basis by creating instances using these “trusted” flavors.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Dane Fichter
Direction:
Needs approval
Assignee:
Dane Fichter
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

This work previously fell under the following, more broadly scoped blueprint:
    https://blueprints.launchpad.net/nova/+spec/nova-support-image-signing

Gerrit topic: https://review.openstack.org/#q,topic:bp/nova-trusted-flavors,n,z

Addressed by: https://review.openstack.org/312225
    Trusted flavors

This work is being moved to the following blueprint:
    https://blueprints.launchpad.net/nova/+spec/nova-api-option-signatures

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.