diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-05-19 21:56:56 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-05-19 21:56:56 +0000 |
commit | 3806ead0e09f76b8b984054875682fbc68edffc7 (patch) | |
tree | ecbeee955d90224296faf4702cb5cb69973efde3 | |
parent | b3b530a7bfb6cdb17a659a11c90f3da7e8c9ab13 (diff) | |
parent | 82f16b88f33316bd5912081c4a6b2524e13437ac (diff) | |
download | nova-3806ead0e09f76b8b984054875682fbc68edffc7.tar.gz |
Merge "Deprecate scheduler trusted filter"
-rw-r--r-- | doc/source/filter_scheduler.rst | 10 | ||||
-rw-r--r-- | nova/conf/scheduler.py | 21 | ||||
-rw-r--r-- | nova/scheduler/filters/trusted_filter.py | 11 | ||||
-rw-r--r-- | releasenotes/notes/deprecate_trustedfilter-d733a4b482967b00.yaml | 6 |
4 files changed, 40 insertions, 8 deletions
diff --git a/doc/source/filter_scheduler.rst b/doc/source/filter_scheduler.rst index 48a505cf5f..ab45341ad9 100644 --- a/doc/source/filter_scheduler.rst +++ b/doc/source/filter_scheduler.rst @@ -154,8 +154,14 @@ There are many standard filter classes which may be used a set of instances. * |RetryFilter| - filters hosts that have been attempted for scheduling. Only passes hosts that have not been previously attempted. -* |TrustedFilter| (EXPERIMENTAL) - filters hosts based on their trust. Only passes hosts - that meet the trust requirements specified in the instance properties. +* |TrustedFilter| (EXPERIMENTAL) - filters hosts based on their trust. Only + passes hosts that meet the trust requirements specified in the instance + properties. + + .. warning:: TrustedFilter is deprecated for removal in the 17.0.0 Queens + release. There is no replacement planned for this filter. It has been + marked experimental since its inception. It is incomplete and not tested. + * |TypeAffinityFilter| - Only passes hosts that are not already running an instance of the requested type. * |AggregateTypeAffinityFilter| - limits instance_type by aggregate. diff --git a/nova/conf/scheduler.py b/nova/conf/scheduler.py index 7aa2cf0d28..1bce7b6e76 100644 --- a/nova/conf/scheduler.py +++ b/nova/conf/scheduler.py @@ -589,6 +589,9 @@ Configuration options for enabling Trusted Platform Module. trusted_opts = [ cfg.HostAddressOpt("attestation_server", + deprecated_for_removal=True, + deprecated_reason="Incomplete filter", + deprecated_since="Pike", help=""" The host to use as the attestation server. @@ -617,6 +620,9 @@ Related options: * attestation_insecure_ssl """), cfg.StrOpt("attestation_server_ca_file", + deprecated_for_removal=True, + deprecated_reason="Incomplete filter", + deprecated_since="Pike", help=""" The absolute path to the certificate to use for authentication when connecting to the attestation server. See the `attestation_server` help text for more @@ -642,6 +648,9 @@ Related options: """), cfg.PortOpt("attestation_port", default=8443, + deprecated_for_removal=True, + deprecated_reason="Incomplete filter", + deprecated_since="Pike", help=""" The port to use when connecting to the attestation server. See the `attestation_server` help text for more information about host verification. @@ -661,6 +670,9 @@ Related options: """), cfg.StrOpt("attestation_api_url", default="/OpenAttestationWebServices/V1.0", + deprecated_for_removal=True, + deprecated_reason="Incomplete filter", + deprecated_since="Pike", help=""" The URL on the attestation server to use. See the `attestation_server` help text for more information about host verification. @@ -687,6 +699,9 @@ Related options: """), cfg.StrOpt("attestation_auth_blob", secret=True, + deprecated_for_removal=True, + deprecated_reason="Incomplete filter", + deprecated_since="Pike", help=""" Attestation servers require a specific blob that is used to authenticate. The content and format of the blob are determined by the particular attestation @@ -714,6 +729,9 @@ Related options: """), cfg.IntOpt("attestation_auth_timeout", default=60, + deprecated_for_removal=True, + deprecated_reason="Incomplete filter", + deprecated_since="Pike", min=0, help=""" This value controls how long a successful attestation is cached. Once this @@ -741,6 +759,9 @@ Related options: """), cfg.BoolOpt("attestation_insecure_ssl", default=False, + deprecated_for_removal=True, + deprecated_reason="Incomplete filter", + deprecated_since="Pike", help=""" When set to True, the SSL certificate verification is skipped for the attestation service. See the `attestation_server` help text for more diff --git a/nova/scheduler/filters/trusted_filter.py b/nova/scheduler/filters/trusted_filter.py index c54487ad4e..059b6d8030 100644 --- a/nova/scheduler/filters/trusted_filter.py +++ b/nova/scheduler/filters/trusted_filter.py @@ -44,6 +44,7 @@ the Open Attestation project at: """ from oslo_log import log as logging +from oslo_log import versionutils from oslo_serialization import jsonutils from oslo_utils import timeutils import requests @@ -231,12 +232,10 @@ class TrustedFilter(filters.BaseHostFilter): def __init__(self): self.compute_attestation = ComputeAttestation() - LOG.warning(_LW('The TrustedFilter is considered experimental ' - 'by the OpenStack project because it receives much ' - 'less testing than the rest of Nova. This may change ' - 'in the future, but current deployers should be aware ' - 'that the use of it in production right now may be ' - 'risky.')) + msg = _LW('The TrustedFilter is deprecated as it has been marked ' + 'experimental for some time with no tests. It will be ' + 'removed in the 17.0.0 Queens release.') + versionutils.report_deprecated_feature(LOG, msg) # The hosts the instances are running on doesn't change within a request run_filter_once_per_request = True diff --git a/releasenotes/notes/deprecate_trustedfilter-d733a4b482967b00.yaml b/releasenotes/notes/deprecate_trustedfilter-d733a4b482967b00.yaml new file mode 100644 index 0000000000..91455cd81e --- /dev/null +++ b/releasenotes/notes/deprecate_trustedfilter-d733a4b482967b00.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + The ``TrustedFilter`` scheduler filter has been experimental since its existence on + May 18, 2012. Due to the lack of tests and activity with it, it's now + deprecated and set for removal in the 17.0.0 Queens release. |