Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1374375 - [RFE][nova]: Nova Support for Glance Image Signing
[RFE][nova]: Nova Support for Glance Image Signing
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
12.0 (Pike)
Unspecified Unspecified
medium Severity medium
: Upstream M2
: 13.0 (Queens)
Assigned To: Lee Yarwood
Joe H. Rahme
https://blueprints.launchpad.net/nova...
upstream_milestone_none upstream_defi...
: FutureFeature, Triaged
Depends On: 1558058
Blocks: 1523263 1365571
  Show dependency treegraph
 
Reported: 2016-09-08 10:03 EDT by Stephen Gordon
Modified: 2018-09-20 06:51 EDT (History)
20 users (show)

See Also:
Fixed In Version: openstack-nova-17.0.0-0.20180123163703.27eadbc.el7ost
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1631290 (view as bug list)
Environment:
Last Closed: 2018-06-27 09:26:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
OpenStack gerrit 177948 None master: MERGED glance-specs: Image Signing and Verification Support (I305b2ae86415c8d256c641abb2795af663bee56a) 2018-02-07 09:29 EST
OpenStack gerrit 188874 None master: MERGED nova-specs: Nova Support of Glance Image Signing (Ia8e7fcc21d7c15e480facbe30af88cdce2d73159) 2018-02-07 09:29 EST
OpenStack gerrit 189843 None master: MERGED nova: Add image signature verification (Iec8561136af7053e9b88eb258d94d1b440c0688a) 2018-02-07 09:29 EST
OpenStack gerrit 256069 None master: MERGED nova: Add signature_utils module (I904a7489c8759951daa6c9ffb1cf444822132258) 2018-02-07 09:29 EST
Red Hat Product Errata RHEA-2018:2086 None None None 2018-06-27 09:28 EDT

  None (edit)
Description Stephen Gordon 2016-09-08 10:03:57 EDT 
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/nova-support-image-signing.

Description:

In order to support Glance's image signing feature, we need to add accompanying functionality to Nova. This will allow Nova to verify signed images before booting and create signed images.

This accompanies the functionality described in the spec here:  https://review.openstack.org/#/c/177948/

Specification URL (additional information):

http://specs.openstack.org/openstack/nova-specs/specs/mitaka/approved/image-verification.html
Comment 2 Stephen Gordon 2016-11-25 09:42:49 EST 
Specification as not approved for Ocata, moving to Pike.
Comment 5 Stephen Gordon 2017-04-20 09:41:57 EDT 
Specification moved to Pike based on Barbican dependency for end to end delivery of feature.
Comment 12 Lee Yarwood 2018-03-29 05:22:58 EDT 
As discussed, we should also validate the deployment aspect of this RFE by ensuring we use the VerifyGlanceSignatures [1] parameter to enable this on the compute nodes.

[1] https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/nova-compute.yaml#L127
Comment 19 errata-xmlrpc 2018-06-27 09:26:39 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2018:2086
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.