Bug 1310144 - RFE: Allow ability to secure libvirt for live migration
RFE: Allow ability to secure libvirt for live migration
Status: CLOSED DUPLICATE of bug 1271058
Product: Red Hat OpenStack
Classification: Red Hat
Component: rhosp-director (Show other bugs)
8.0 (Liberty)
All All
unspecified Severity medium
: ---
: ---
Assigned To: Angus Thomas
Arik Chernetsky
: FutureFeature
Depends On:
Blocks: 1414999
  Show dependency treegraph
 
Reported: 2016-02-19 10:07 EST by Jon Jozwiak
Modified: 2017-01-19 18:05 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-01-19 18:05:30 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jon Jozwiak 2016-02-19 10:07:08 EST
Description of problem:

Today RHEL OSP Director and the openstack-puppet-modules configure Libvirt for live migration in an insecure way.  There are 3 approaches to securing libvirt as described in:

https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/migrating-instances/

For a production deployment one of the above configurations should be used rather than the insecure configuration.  Please extend director and the puppet modules to enable configuration of the options in the above document.  




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Mike Burns 2016-04-07 17:11:06 EDT
This bug did not make the OSP 8.0 release.  It is being deferred to OSP 10.
Comment 3 Eoghan Glynn 2016-10-12 08:18:58 EDT
Deferring to OSP11.
Comment 5 Stephen Gordon 2017-01-19 18:05:30 EST
I'm going to close this one in favor of Bug # 1271058 and Bug # 1392369 for shared filesystem and block-based live migration specifically. We are working on having this deployed out of the box and having it done securely needs to be an implicit part of those configurations rather than a separate concern.

*** This bug has been marked as a duplicate of bug 1271058 ***

Note You need to log in before you can comment on or make changes to this bug.