kolla-ansible

Support TLS encryption for libvirt

Registered by Mark Goddard on 2019-04-12

Currently communication with the libvirt daemon is via TCP, meaning that it is in plain text. It is possible to encrypt this traffic via TLS, we should support it in kolla-ansible. In order to do that it is necessary to distribute client and server x509 certificates and keys to each host. Generation of these certificates will be seen as out of scope for this feature, instead relying on existing certificates on the hosts, or certificates copied from localhost.

Blueprint information

Status:: Complete

Approver:: Mark Goddard

Priority:: Medium

Drafter:: Mark Goddard

Direction:: Approved

Assignee:: Kris Lindgren

Definition:: Approved

Series goal:: Accepted for train

Implementation:: Implemented

Milestone target:: 9.0.0

Started by: Mark Goddard on 2019-04-12

Completed by: Mark Goddard on 2019-10-16

Related branches

Related bugs

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#/q/topic:bp/libvirt-tls

Addressed by: https://review.openstack.org/650448
Add support for libvirt+tls

Gerrit topic: https://review.opendev.org/#/q/topic:bp/libvirt-tls

Addressed by: https://review.opendev.org/650448
Add support for libvirt+tls

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.