Support TLS encryption for libvirt
Currently communication with the libvirt daemon is via TCP, meaning that it is in plain text. It is possible to encrypt this traffic via TLS, we should support it in kolla-ansible. In order to do that it is necessary to distribute client and server x509 certificates and keys to each host. Generation of these certificates will be seen as out of scope for this feature, instead relying on existing certificates on the hosts, or certificates copied from localhost.
Blueprint information
- Status:
- Complete
- Approver:
- Mark Goddard
- Priority:
- Medium
- Drafter:
- Mark Goddard
- Direction:
- Approved
- Assignee:
- Kris Lindgren
- Definition:
- Approved
- Series goal:
- Accepted for train
- Implementation:
- Implemented
- Milestone target:
- 9.0.0
- Started by
- Mark Goddard
- Completed by
- Mark Goddard
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Add support for libvirt+tls
Gerrit topic: https:/
Addressed by: https:/
Add support for libvirt+tls