.. Warning: Do not edit this file. It is automatically generated from the software project's code and your changes will be overwritten. The tool to generate this file lives in openstack-doc-tools repository. Please make any changes needed in the code, then run the autogenerate-config-doc tool from the openstack-doc-tools repository, or ask for help on the documentation mailing list, IRC channel or meeting. .. _nova-trustedcomputing: .. list-table:: Description of trusted computing configuration options :header-rows: 1 :class: config-ref-table * - Configuration option = Default value - Description * - **[trusted_computing]** - * - ``attestation_api_url`` = ``/OpenAttestationWebServices/V1.0`` - (String) The URL on the attestation server to use. See the `attestation_server` help text for more information about host verification. This value must be just that path portion of the full URL, as it will be joined to the host specified in the attestation_server option. This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled. * Related options: attestation_server attestation_server_ca_file attestation_port attestation_auth_blob attestation_auth_timeout attestation_insecure_ssl * - ``attestation_auth_blob`` = ``None`` - (String) Attestation servers require a specific blob that is used to authenticate. The content and format of the blob are determined by the particular attestation server being used. There is no default value; you must supply the value as specified by your attestation service. See the `attestation_server` help text for more information about host verification. This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled. * Related options: attestation_server attestation_server_ca_file attestation_port attestation_api_url attestation_auth_timeout attestation_insecure_ssl * - ``attestation_auth_timeout`` = ``60`` - (Integer) This value controls how long a successful attestation is cached. Once this period has elapsed, a new attestation request will be made. See the `attestation_server` help text for more information about host verification. The value is in seconds. Valid values must be positive integers for any caching; setting this to zero or a negative value will result in calls to the attestation_server for every request, which may impact performance. This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled. * Related options: attestation_server attestation_server_ca_file attestation_port attestation_api_url attestation_auth_blob attestation_insecure_ssl * - ``attestation_insecure_ssl`` = ``False`` - (Boolean) When set to True, the SSL certificate verification is skipped for the attestation service. See the `attestation_server` help text for more information about host verification. Valid values are True or False. The default is False. This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled. * Related options: attestation_server attestation_server_ca_file attestation_port attestation_api_url attestation_auth_blob attestation_auth_timeout * - ``attestation_port`` = ``8443`` - (String) The port to use when connecting to the attestation server. See the `attestation_server` help text for more information about host verification. Valid values are strings, not integers, but must be digits only. This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled. * Related options: attestation_server attestation_server_ca_file attestation_api_url attestation_auth_blob attestation_auth_timeout attestation_insecure_ssl * - ``attestation_server`` = ``None`` - (String) The host to use as the attestation server. Cloud computing pools can involve thousands of compute nodes located at different geographical locations, making it difficult for cloud providers to identify a node's trustworthiness. When using the Trusted filter, users can request that their VMs only be placed on nodes that have been verified by the attestation server specified in this option. The value is a string, and can be either an IP address or FQDN. This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled. * Related options: attestation_server_ca_file attestation_port attestation_api_url attestation_auth_blob attestation_auth_timeout attestation_insecure_ssl * - ``attestation_server_ca_file`` = ``None`` - (String) The absolute path to the certificate to use for authentication when connecting to the attestation server. See the `attestation_server` help text for more information about host verification. The value is a string, and must point to a file that is readable by the scheduler. This option is only used by the FilterScheduler and its subclasses; if you use a different scheduler, this option has no effect. Also note that this setting only affects scheduling if the 'TrustedFilter' filter is enabled. * Related options: attestation_server attestation_port attestation_api_url attestation_auth_blob attestation_auth_timeout attestation_insecure_ssl