Force encrypted Live Migration thru Nova API

Registered by Cristian Fiorentino on 2014-03-25

The main goal of this Blueprint is to allow users to force *encrypted* Live Migration (using libvirt tunneling) thru Nova API.

Currently, such functionality can only be accessed through manual configuration of libvirtd, as described in OpenStack Security Guide:
http://docs.openstack.org/security-guide/content/ch055_security-services-for-instances.html#ch055_security-services-for-instances-idp191072
with additional comments in the following OSSN:
https://wiki.openstack.org/wiki/OSSN/OSSN-0007
(This tunneling of migration traffic does not apply to live block migration.)

For doing this it is required to add the ability to force encrypted live-migration thru Nova API. Changes in Nova API are required and to modify libvirt driver manager as follows.

See nova-spec review for details:
https://review.openstack.org/86146

Note 1: I will be opening two other related blueprints, one for Horizon and another for python-novaclient for exposing this functionality in such user interfaces. - BP's Opened,
Note 2: I will be filling the new nova template and process for blueprints being reviewed thru Gerrit - Review on-going.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Cristian Fiorentino
Direction:
Needs approval
Assignee:
Cristian Fiorentino
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/is,n,z

Addressed by: https://review.openstack.org/86146
    Propose Encrypted LiveMigration thru Nova API

Spec not approved yet, un-targeting blueprint from juno-1 --johnthetubaguy (28th May 2014)

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.