Bug 1513440
Summary: | Re-enable libvirt TLS with SASL authentication | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Ollie Walsh <owalsh> | ||||
Component: | openstack-tripleo-heat-templates | Assignee: | Ollie Walsh <owalsh> | ||||
Status: | CLOSED ERRATA | QA Contact: | Joe H. Rahme <jhakimra> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | urgent | ||||||
Version: | 12.0 (Pike) | CC: | jschluet, kchamart, lyarwood, mburns, owalsh, sgordon | ||||
Target Milestone: | rc | Keywords: | Triaged | ||||
Target Release: | 12.0 (Pike) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | openstack-tripleo-heat-templates-7.0.3-14.el7ost, puppet-tripleo-7.4.3-10.el7ost, openstack-tripleo-common-7.6.3-5.el7ost, openstack-tripleo-puppet-elements-7.0.1-2.el7ost | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-12-13 22:20:31 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1336504, 1484481 | ||||||
Attachments: |
|
Description
Ollie Walsh
2017-11-15 12:15:52 UTC
This will require a kolla patch upstream for master and stable/pike for the nova_libvirt docker file and likely a dib element for overcloud-full in upstream if they care about the issue. Created attachment 1352946 [details]
rhosp-director-images patch for cyrus-sasl-scram
openstack-nova-libvirt-docker > 12.0-20171127.1 should have this fix Libvirt configured with TLS: [root@overcloud-compute-0 ~]# docker exec nova_libvirt grep listen_tls /etc/libvirt/libvirtd.conf #listen_tls = 0 listen_tls=1 Nova configured to use TLS migrations: [root@overcloud-compute-0 ~]# docker exec nova_libvirt grep live_migration_scheme /etc/nova/nova.conf # * ``live_migration_scheme``: If ``live_migration_uri`` is not set, the scheme # used for live migration is taken from ``live_migration_scheme`` instead. # ``live_migration_scheme`` #live_migration_scheme=<None> live_migration_scheme=tls Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:3462 |