Bug 1301025 - RFE: secure data transport between QEMU servers for migration
RFE: secure data transport between QEMU servers for migration
Status: NEW
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Eoghan Glynn
Joe H. Rahme
: FutureFeature
Depends On: 1300772 1544869 1300769
Blocks: 1414999
  Show dependency treegraph
Reported: 2016-01-22 06:12 EST by Daniel Berrange
Modified: 2018-02-23 10:18 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Berrange 2016-01-22 06:12:25 EST
Description of problem:
The default QEMU migration transport runs a clear text TCP connection between the two QEMU servers. It is possible to tunnel the migration connection over libvirtd's secure connection but this imposes a significant performance penalty. It is also not possible to tunnel the NBD connection use for block migration at all.

As a step towards securing the management network we need to have Nova configure QEMU to use native TLS support on its migration and NBD data transports, without any tunnelling.

Note You need to log in before you can comment on or make changes to this bug.