Merge "Add trusted certs to feature support matrix docs"
This commit is contained in:
commit
877a8bcb9f
|
@ -70,7 +70,7 @@ Limitations
|
|||
``os_compute_api:servers:create:trusted_certs`` and
|
||||
``os_compute_api:servers:rebuild:trusted_certs`` policy rules.
|
||||
|
||||
.. _feature support matrix: https://docs.openstack.org/nova/latest/user/support-matrix.html
|
||||
.. _feature support matrix: https://docs.openstack.org/nova/latest/user/support-matrix.html#operation_trusted_certs
|
||||
.. _policy configuration: https://docs.openstack.org/nova/latest/configuration/policy.html
|
||||
|
||||
Configuration
|
||||
|
@ -152,15 +152,17 @@ Certificate validation is triggered by one of two ways:
|
|||
|
||||
Command-Line Flag
|
||||
If booting or rebuilding an instance using the :command:`nova` commands,
|
||||
use the ``--trusted-image-certificate-ids`` flag to define a comma-delimited
|
||||
list of trusted certificate IDs. For example:
|
||||
use the ``--trusted-image-certificate-id`` flag to define a single trusted
|
||||
certificate ID. The flag may be used multiple times to specify multiple trusted
|
||||
certificate IDs. For example:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ nova boot myInstanceName \
|
||||
--flavor 1 \
|
||||
--image myImageId \
|
||||
--trusted-image-certificate-ids 79a6ad17-3298-4e55-8b3a-1672dd93c40f,b20f5600-3c9d-4af5-8f37-3110df3533a0
|
||||
--trusted-image-certificate-id 79a6ad17-3298-4e55-8b3a-1672dd93c40f \
|
||||
--trusted-image-certificate-id b20f5600-3c9d-4af5-8f37-3110df3533a0
|
||||
|
||||
If booting or rebuilding an instance using the :command:`openstack server` commands,
|
||||
use the ``--trusted-image-certificate-id`` flag to define a single trusted
|
||||
|
@ -651,7 +653,8 @@ Boot the signed image with trusted certificate IDs:
|
|||
$ nova boot myInstance \
|
||||
--flavor m1.tiny \
|
||||
--image cirros_client_signedImage \
|
||||
--trusted-image-certificate-ids "$cert_ca_uuid,$cert_intermediate_a_uuid,$cert_intermediate_b_uuid"
|
||||
--trusted-image-certificate-id $cert_ca_uuid,$cert_intermediate_a_uuid \
|
||||
--trusted-image-certificate-id $cert_intermediate_b_uuid
|
||||
|
||||
.. note:: The instance should successfully boot and certificate validation
|
||||
should succeed. The Nova log output should indicate that "Image
|
||||
|
|
|
@ -1452,3 +1452,27 @@ driver-impl-ironic=missing
|
|||
driver-impl-libvirt-vz-vm=complete
|
||||
driver-impl-libvirt-vz-ct=missing
|
||||
driver-impl-powervm=missing
|
||||
|
||||
[operation.trusted-certs]
|
||||
title=Validate image with trusted certificates
|
||||
status=optional
|
||||
notes=Since trusted image certification validation is configurable
|
||||
by the cloud deployer it is considered optional. However, it is
|
||||
a virt-agnostic feature so there is no good reason that all virt
|
||||
drivers cannot support the feature since it is mostly just plumbing
|
||||
user requests through the virt driver when downloading images.
|
||||
cli=nova boot --trusted-image-certificate-id ...
|
||||
driver-impl-xenserver=missing
|
||||
driver-impl-libvirt-kvm-x86=complete
|
||||
driver-impl-libvirt-kvm-aarch64=complete
|
||||
driver-impl-libvirt-kvm-ppc64=complete
|
||||
driver-impl-libvirt-kvm-s390x=complete
|
||||
driver-impl-libvirt-qemu-x86=complete
|
||||
driver-impl-libvirt-lxc=complete
|
||||
driver-impl-libvirt-xen=complete
|
||||
driver-impl-vmware=missing
|
||||
driver-impl-hyperv=missing
|
||||
driver-impl-ironic=missing
|
||||
driver-impl-libvirt-vz-vm=complete
|
||||
driver-impl-libvirt-vz-ct=complete
|
||||
driver-impl-powervm=missing
|
||||
|
|
Loading…
Reference in New Issue