[Engine-patches] Change in ovirt-engine[master]: enigne:Trusted Compute Pools - Open Attestation integration ...

Thu, 23 May 2013 05:05:24 -0700 

Emily Zhang has posted comments on this change.

Change subject: enigne:Trusted Compute Pools - Open Attestation integration 
with oVirt engine proposal
......................................................................


Patch Set 3: (14 inline comments)

....................................................
File 
backend/manager/dbscripts/upgrade/03_02_0340_add_trusted_service_to_vds_groups.sql
Line 1: select fn_db_add_column('vds_groups', 'trusted_service', 'boolean not 
null default false');
Done


....................................................
File backend/manager/dbscripts/vds_groups_sp.sql
Line 24:        v_migrate_on_error INTEGER,
Line 25:        v_virt_service BOOLEAN,
Line 26:        v_gluster_service BOOLEAN,
Line 27:        v_tunnel_migration BOOLEAN,
Line 28:         v _trusted_service BOOLEAN)
Done
Line 29: RETURNS VOID
Line 30:    AS $procedure$
Line 31: BEGIN
Line 32:       INSERT INTO vds_groups(vds_group_id,description, name, cpu_name, 
selection_algorithm, high_utilization, low_utilization,


Line 24:        v_migrate_on_error INTEGER,
Line 25:        v_virt_service BOOLEAN,
Line 26:        v_gluster_service BOOLEAN,
Line 27:        v_tunnel_migration BOOLEAN,
Line 28:         v _trusted_service BOOLEAN)
sure.
Line 29: RETURNS VOID
Line 30:    AS $procedure$
Line 31: BEGIN
Line 32:       INSERT INTO vds_groups(vds_group_id,description, name, cpu_name, 
selection_algorithm, high_utilization, low_utilization,


Line 202:    AS $procedure$
Line 203: BEGIN
Line 204:       RETURN QUERY SELECT vds_groups.*
Line 205:       FROM vds_groups
Line 206:       WHERE trusted_service=true;
Done
Line 207: END; $procedure$


....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/attestationbroker/AttestationService.java
Line 11: import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
Line 12: import org.codehaus.jackson.JsonFactory;
Line 13: import org.codehaus.jackson.JsonParseException;
Line 14: import org.codehaus.jackson.JsonParser;
Line 15: import org.codehaus.jackson.JsonToken;
Done
Line 16: import 
org.ovirt.engine.core.common.businessentities.AttestationResultEnum;
Line 17: import org.ovirt.engine.core.common.businessentities.VDS;
Line 18: import org.ovirt.engine.core.common.config.Config;
Line 19: import org.ovirt.engine.core.common.config.ConfigValues;


Line 69:     }
Line 70: 
Line 71:     public boolean validateHostIsTrusted(VDS vds) {
Line 72:         List<String> hosts = new ArrayList<String>();
Line 73:         hosts.add(vds.gethost_name());
Done
Line 74:         List<AttestationValue> valueList = attestHosts(hosts);
Line 75:         return valueList.get(0).getTrustLevel() == 
AttestationResultEnum.TRUSTED;
Line 76:     }
Line 77: 


....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/attestationbroker/AttestThread.java
Line 12: 
Line 13: public class AttestThread extends Thread{
Line 14: 
Line 15:     private int attestationFirstStageSize = Config.<Integer> 
GetValue(ConfigValues.AttestationFirstStageSize);
Line 16:     private List<VDS> vdss = new ArrayList<VDS>();
Done
Line 17: 
Line 18:     public AttestThread(){
Line 19: 
Line 20:     }


Line 36:             if (vdss == null || vdss.size() == 0){
Line 37:                 break;
Line 38:             }
Line 39:             for (VDS vds: vdss){
Line 40:                 curVdsNames.add(vds.gethost_name());
Done
Line 41:             }
Line 42:         }
Line 43:         if (curVdsNames.size()> attestationFirstStageSize) {
Line 44:             curVdsNames1 = 
curVdsNames.subList(0,attestationFirstStageSize-1);


Line 48:         updateCache(valueList1);
Line 49:         if (curVdsNames2.size() > 0) {
Line 50:             valueList2 = 
AttestationService.getInstance().attestHosts(curVdsNames2);
Line 51:             updateCache(valueList2);
Line 52:         }
It's really a good suggestion. I also think code is redundancy and I will 
change as a 'while' loop. But we just need  two-round at most. As we discussed 
before, it just a 2-phase aggregated attestation. In order to get a fast answer 
from attestation server, we divide the attestation query into a shorter query 
and a longer one.
Line 53:     }
Line 54: 
Line 55:     private void updateCache(List<AttestationValue> valueList){
Line 56:         for (AttestationValue value: valueList){


Line 51:             updateCache(valueList2);
Line 52:         }
Line 53:     }
Line 54: 
Line 55:     private void updateCache(List<AttestationValue> valueList){
Done
Line 56:         for (AttestationValue value: valueList){
Line 57:            if 
(AttestationCacheManager.getInstance().exists(value.getHostName())){
Line 58:                
AttestationCacheManager.getInstance().updateCache(value);
Line 59:            }else{


....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/InitVdsOnUpCommand.java
Line 70:         super(parameters);
Line 71:         setVds(parameters.getVds());
Line 72:     }
Line 73: 
Line 74:     private boolean validateHost() {
rename as initTrustedService is ok?
Line 75:         if 
(AttestationService.getInstance().validateHostIsTrusted(getVds())) {
Line 76:             return true;
Line 77:         } else {
Line 78:             setNonOperational(NonOperationalReason.GENERAL, null);


Line 74:     private boolean validateHost() {
Line 75:         if 
(AttestationService.getInstance().validateHostIsTrusted(getVds())) {
Line 76:             return true;
Line 77:         } else {
Line 78:             setNonOperational(NonOperationalReason.GENERAL, null);
good suggestion, I'll fix in the next patchset.
Line 79:             return false;
Line 80:         }
Line 81:     }
Line 82: 


....................................................
File 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/attestation/AttestationCacheManager.java
Line 43:     public void updateCache(AttestationValue value) {
Line 44:         AttestationValue cacheValue = 
attestationValues.get(value.getHostName());
Line 45:         if (cacheValue != null) {
Line 46:             cacheValue.setTrustLevel(value.getTrustLevel());
Line 47:         }
option a is better, and we'll fix it.
Line 48:     }


....................................................
File 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/attestation/AttestationValue.java
Line 5: 
Line 6: public class AttestationValue {
Line 7: 
Line 8:     private String hostName;
Line 9:     private AttestationResultEnum trustLevel;
A host have four status, and that is trusted, untrusted, unknown, timeout. We 
have not considered at present.
Line 10: 
Line 11:     public AttestationValue() {
Line 12:         trustLevel = AttestationResultEnum.UNKNOWN;
Line 13:     }


--
To view, visit http://gerrit.ovirt.org/14605
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I8ce3448a821c74521d277f92f2c8d63ba0accfed
Gerrit-PatchSet: 3
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Dave Chen <wei.d.c...@intel.com>
Gerrit-Reviewer: Dave Chen <wei.d.c...@intel.com>
Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com>
Gerrit-Reviewer: Eli Mesika <emes...@redhat.com>
Gerrit-Reviewer: Emily Zhang <lijuan.zh...@intel.com>
Gerrit-Reviewer: Gang Wei <gang....@intel.com>
Gerrit-Reviewer: Omer Frenkel <ofren...@redhat.com>
Gerrit-Reviewer: Tal Nisan <tni...@redhat.com>
Gerrit-Reviewer: ofri masad <oma...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to