Bug 1486926
Summary: | application traffic is unencrypted for the hypervisor hosts | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Christine Lee <chrlee> |
Component: | rhv-security | Assignee: | Kurt Seifried <kseifried> |
Status: | CLOSED NOTABUG | QA Contact: | Pavel Stehlik <pstehlik> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.1.5 | CC: | chrlee, fdelorey, mavital, michal.skrivanek, tjelinek |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-03 09:21:16 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Virt | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christine Lee
2017-08-30 19:27:45 UTC
The output looks like from unconfigured host. Please clarify if the host has been added to a RHV environment Hi Michal, Yes, the host has been added to the RHV environment, per customer. Customer states that his security team's concern is that libvirt daemon is not using encryption. Thanks, Christine well, not sure what the customer is doing, but the output is clearly from an unconfigured host. That host is apparently not added into a RHV system yet. Please provide further clarification ping any news? Hi Tomas, Customer has uploaded the sosreport (case log #24). What exactly do you need to see? Christine Hi Michal, I was just looking at the case for Christine. What leads you to believe that the host is unconfigured? Is it the entries from libvirtd.conf? Regards,, Frank Yes. How does it look then? (In reply to Michal Skrivanek from comment #8) > Yes. How does it look then? Could you be specific and let me know what you're looking for? Thanks! I have just reviewed the libvirtd.conf from the attached sos report and the tls is enabled there (e.g. all the options mentioned in comment 1 are commented out meaning it falls back to the default libvirt configuration which has the tls enabled) It contains, for example, this: # This is enabled by default, uncomment this to disable it #listen_tls = 0 so, not sure, what are you missing? Christine? |