berendt
commented
7 months ago This should already be doable. Have you tested the libvirt_tls parameter?
# Use TLS for libvirt connections and live migration
libvirt_tls: falseClosed fdobrovolny closed 7 months ago
berendt
commented
7 months ago This should already be doable. Have you tested the libvirt_tls parameter?
# Use TLS for libvirt connections and live migration
libvirt_tls: false
fdobrovolny
commented
7 months ago This should already be doable. Have you tested the libvirt_tls parameter?
# Use TLS for libvirt connections and live migration libvirt_tls: false
:thinking: huh I missed this, you are correct.
I was looking at the wrong config file:
instead of the
berendt
commented
7 months ago @fdobrovolny Is it tested?
If we want to have this by default, we would also have to consider whether something has to be taken into account for an upgrade.
fdobrovolny
commented
7 months ago @fdobrovolny Is it tested?
If we want to have this by default, we would also have to consider whether something has to be taken into account for an upgrade.
@berendt
I can test it. Should I make a new task, "Enable libvirt encryption by default in OSISM"?
Epic #462
As an SCS User, I want to be able to enable TLS on libvirt live migrations so that the migration between nova compute nodes is secure.
Libvirt already enables the ability to use SSL for live migrations; however, Ansible Kolla misses a way to enable this.
https://github.com/SovereignCloudStack/standards/pull/370#discussion_r1409047854
https://docs.openstack.org/kolla-ansible/latest/reference/compute/libvirt-guide.html. https://docs.openstack.org/nova/latest/admin/secure-live-migration-with-qemu-native-tls.html https://github.com/openstack/kolla-ansible/blob/a3f3dc7ab5e1bed82bee9a0a8563e0e812e90b6c/ansible/roles/nova-cell/templates/libvirtd.conf.j2#L4
Definition of Ready:
Definition of Done: