Enable tls mode for console access in openstack
Both spice and vnc have tls mode configuration available in qemu.conf.
If it is turned on, additional tls port is opened up for spice/vnc which accepts SSL connection.
Currently openstack provides a way to connect to the spice/vnc console of vm
using nova-spicehtml5
These proxies connect to the console using non-SSL socket.
There should be a configuration option provided in nova.conf called tls_mode.
If tls_mode is turned on, then the proxy will attempt to connect to the spice/vnc tls port using SSL connection.
This will help encrypt all connections from proxy to the console.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Meghal Gosalia
- Direction:
- Needs approval
- Assignee:
- Meghal Gosalia
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
- John Garbutt
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
In this blueprint, we aim to connect to spice/vnc console of the vm using SSL wrapped socket, if enabled in the configuration.
Gerrit topic: https:/
Please see:
https:/