Description of problem: Today RHEL OSP Director and the openstack-puppet-modules configure Libvirt for live migration in an insecure way. There are 3 approaches to securing libvirt as described in: https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/version-7/migrating-instances/ For a production deployment one of the above configurations should be used rather than the insecure configuration. Please extend director and the puppet modules to enable configuration of the options in the above document. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This bug did not make the OSP 8.0 release. It is being deferred to OSP 10.
Deferring to OSP11.
I'm going to close this one in favor of Bug # 1271058 and Bug # 1392369 for shared filesystem and block-based live migration specifically. We are working on having this deployed out of the box and having it done securely needs to be an implicit part of those configurations rather than a separate concern. *** This bug has been marked as a duplicate of bug 1271058 ***