[Engine-devel] Design wiki page for trusted compute pools integration with oVirt has been updated

Chen, Wei D wei.d.chen at intel.com
Sun Apr 21 13:00:55 UTC 2013


Ofri, 

Absolutely right, aggregated query has a significantly time improve compared to separated queries. I agree a aggregated query on engine's starting. Is it possible to invoke attestation service in engine's initialization code block instead of "quartz job"? Is there any class similar with " InitVdsOnUpCommand " for engine's initialization? 

Best Regards,
Dave Chen

-----Original Message-----
From: Ofri Masad [mailto:omasad at redhat.com] 
Sent: Sunday, April 21, 2013 3:29 PM
To: Chen, Wei D
Cc: Oved Ourfalli; engine-devel at ovirt.org; Itamar Heim
Subject: Re: [Engine-devel] Design wiki page for trusted compute pools integration with oVirt has been updated

Dave,

If I'm not mistaking, there is a big difference between separated queries to the attestation server and aggregated one?
Is it true?

Thanks,
Ofri 

----- Original Message -----
> From: "Itamar Heim" <iheim at redhat.com>
> To: "Ofri Masad" <omasad at redhat.com>
> Cc: "Oved Ourfalli" <ovedo at redhat.com>, "Wei D Chen" 
> <wei.d.chen at intel.com>, engine-devel at ovirt.org
> Sent: Sunday, April 21, 2013 10:20:17 AM
> Subject: Re: [Engine-devel] Design wiki page for trusted compute pools 
> integration with oVirt has been updated
> 
> On 04/21/2013 10:13 AM, Ofri Masad wrote:
> > Hi,
> > One more thing we need to think about for the second approach - 
> > aggregated query. On engine start we need to determine the trust 
> > state of all the hosts. sending a separate query for each host will 
> > overload the attestation host and the network. an initial aggregated 
> > query needs to be send when the engine starts.
> > Same thing can happen after management network fail and so on.
> > Maybe we can run a quartz job every x minutes, checking if a large 
> > part of the hosts in the cluster (like 30%) are untrusted - in that 
> > case run the aggregated query.
> 
> are we sure this optimization is needed?
> how heavy/latent is the call to the attestation service?
> 


More information about the Engine-devel mailing list