977165 – [Docs] [Tracker] Trusted Compute Pools feature based on OpenAttestation

Bug 977165 - [Docs] [Tracker] Trusted Compute Pools feature based on OpenAttestation

Summary: [Docs] [Tracker] Trusted Compute Pools feature based on OpenAttestation

Keywords:
Status:	CLOSED DUPLICATE of bug 978631
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.3.0
Assignee:	Zac Dover
QA Contact:	ecs-bugs
Docs Contact:
URL:
Whiteboard:	sla
Depends On:	929057
Blocks:	978623 978629 978630 978631 978632
TreeView+	depends on / blocked

Reported:	2013-06-24 00:51 UTC by Zac Dover
Modified:	2016-02-10 20:14 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:	929057
Clones:	978623 978629 978630 978631 978632 (view as bug list)
Environment:
Last Closed:	2014-04-04 17:21:10 UTC
oVirt Team:	SLA
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Zac Dover 2013-06-24 00:51:39 UTC

+++ This bug was initially created as a clone of Bug #929057 +++

Information about "Trusted Compute Pools" should be included in the RHEV Docs Suite.

Eval Guide
8.7. Use Virtual Desktop Pools



Please include the Trusted Compute Pools feature once it get upstreamed into oVirt.

- the link to the patch(es) in gerrit
http://gerrit.ovirt.org/#/c/11237/

- the oVirt wiki page link
http://wiki.ovirt.org/Trusted_compute_pools

- QA issue
Intel will QA this feature, once it is available in downstream RHEV.

Comment 1 Tim Hildred 2013-07-25 01:51:15 UTC

 Itamar Heim 2013-06-24 04:30:43 EDT

This will work for RHEL only, not RHEV-H
Customer will need to deploy open attestation service on their own, as well as deploy open attestation agent on the RHEL hosts

Comment 2 Tim Hildred 2013-07-25 02:16:43 UTC

Hey Gang,

I'm trying to figure out what is required to document this feature. Here are some questions I have.

- from RHEVM side, is there anything to do to make a host "trusted"?

- does the RHEVM just ask all hosts if they are "trusted", and then decide based on their response where to run VM?

Thank you for your help!

Comment 3 Tim Hildred 2013-10-09 03:59:50 UTC

From email conversations about this bug with Doron:

"The integration with OAT requires using the config utility in order
to update the relevant information, the same way we do with the
manage-domains. So the user should be using engine-config instead
of manually updating the DB. What we need to document is the relevant
~3-4 keys and what they mean, as well as the meaning of the checkbox
we have in the UI. What we can do, is possibly add a tooltip with
a question mark in the UI which will indicate that this requires
OAT setup."

Here are the values that have to be added to the table of rhevm-config values:

SecureConnectionWithOATServers default value: true
PollUri default value: "AttestationService/resources/PollHosts" Comment: this is determined by the OAT installation.
AttestationTruststore default value: TrustStore.jks.
AttestationPort default value: 8443
AttestationServer default value: "".

Adding missing entries;

AttestationTruststorePass: "The password used to access trust store" (Value Type: String) default value: "password".

AttestationFirstStageSize: "Attestation size for first stage"  (Value Type: Integer) default value: 10. Comment: used for quick initialization. Do not change unless you know why.

Comment 4 Tim Hildred 2013-10-09 05:12:41 UTC

I've done the Administration Guide part of this. 

The other two clones belong to zdover, so I'll re-assign the tracker to him.

Comment 5 Zac Dover 2014-04-04 17:21:10 UTC


*** This bug has been marked as a duplicate of bug 978631 ***

Comment 6 Gang Wei 2014-06-24 08:42:00 UTC

clear the needinfo flag.

Note You need to log in before you can comment on or make changes to this bug.