openstack-manuals

nova.conf signature verification

Bug #1550476 reported by Bruce Benjamin on 2016-02-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openstack-manuals	Opinion	Low	Unassigned	openstack-manuals ocata

Bug Description

The nova.conf config reference needs to include a category supporting signature verification, and it should include an initial entry called verify_glance_signatures. This is to support the new signature verification feature in Nova that was added in Mitaka
-----------------------------------
Release: 0.9 on 2016-02-26 13:44
SHA: 260ca41883156e3c327cd1423941d46be723d9f4
Source: http://git.openstack.org/cgit/openstack/openstack-manuals/tree/doc/config-reference/source/compute/config-options.rst
URL: http://docs.openstack.org/draft/config-reference/compute/config-options.html

Tags:

Revision history for this message

venkatamahesh (venkatamaheshkotha) wrote on 2016-02-27:

Hi,

If you are specifying to add in table, it is added in this table : https://github.com/openstack/openstack-manuals/blob/master/doc/config-reference/source/tables/nova-glance.rst. And will be published after mitaka release.

If it is not, please explain a little bit more.

Thanks

Revision history for this message

Bruce Benjamin (bruce-benjamin) wrote on 2016-02-29:

The new entry you added is fine. I was originally recommending a new section for signature verification since there may be a follow-on feature supporting image verification of the nova cache, but perhaps that can be proposed later. Thanks for adding this.

Revision history for this message

Joseph Robinson (joseph-r-email) wrote on 2016-03-04:

Bruce, Mahesh, I've set this one as opinion for now, since it seems to be under discussion at this time, but is a potential change in the docs.

Changed in openstack-manuals:
status:	New → Opinion
importance:	Undecided → Low

Revision history for this message

Bruce Benjamin (bruce-benjamin) wrote on 2016-05-02:

Mahesh, is the table you mentioned above an approved patch to be published? Is there a Gerrit ID number for this update? I'm just wanting to verify that your inclusion of the following will be published soon: verify_glance_signatures = False and the description "(Boolean) Require Nova to perform signature verification on each image downloaded from Glance." Thanks.

KATO Tomoyuki (kato-tomoyuki) on 2016-06-04

tags:

added: config-reference

KATO Tomoyuki (kato-tomoyuki) on 2016-06-13

Changed in openstack-manuals:
milestone:	none → newton

KATO Tomoyuki (kato-tomoyuki) on 2016-10-23

Changed in openstack-manuals:
milestone:	newton → ocata

Revision history for this message

Bruce Benjamin (bruce-benjamin) wrote on 2017-01-27:

I think this bug should be closed. The verify_glance_signatures = False flag can be found easily in the glance configuration options section, especially if you just search for 'signatures'. There's no need for yet another section

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.