Bug 1310144

Summary: RFE: Allow ability to secure libvirt for live migration
Product: Red Hat OpenStack Reporter: Jon Jozwiak <jjozwiak>
Component: rhosp-directorAssignee: Angus Thomas <athomas>
Status: CLOSED DUPLICATE QA Contact: Arik Chernetsky <achernet>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.0 (Liberty)CC: dbecker, eglynn, jcoufal, mburns, morazi, rhel-osp-director-maint, sgordon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-19 23:05:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1414999    

Description Jon Jozwiak 2016-02-19 15:07:08 UTC 
Description of problem:

Today RHEL OSP Director and the openstack-puppet-modules configure Libvirt for live migration in an insecure way.  There are 3 approaches to securing libvirt as described in:

https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/migrating-instances/

For a production deployment one of the above configurations should be used rather than the insecure configuration.  Please extend director and the puppet modules to enable configuration of the options in the above document.  




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Mike Burns 2016-04-07 21:11:06 UTC 
This bug did not make the OSP 8.0 release.  It is being deferred to OSP 10.
Comment 3 Eoghan Glynn 2016-10-12 12:18:58 UTC 
Deferring to OSP11.
Comment 5 Stephen Gordon 2017-01-19 23:05:30 UTC 
I'm going to close this one in favor of Bug # 1271058 and Bug # 1392369 for shared filesystem and block-based live migration specifically. We are working on having this deployed out of the box and having it done securely needs to be an implicit part of those configurations rather than a separate concern.

*** This bug has been marked as a duplicate of bug 1271058 ***