Support QEMU Native TLS for migration and disks over NBD
Why?
--------
The encryption offerred by Nova (via `live_migration
This change
------------------
To solve the existing limitation, this patch introduces a new config option `live_migration
Prerequisites
-------------------
(1) This needs at least: libvirt 4.4.0 and QEMU 2.11.
(2) A TLS environment—i.e. CA, server, and client certificates, their file permissions, et al—must be "correctly" configured (typically by an installer tool) on all relevant Compute nodes.
(3) Ensure the following TLS-related config attributes in /etc/libvirt/
default_
default_
Note that there are other TLS-related config attributes in `/etc/libvirt/
* * *
NB: In the long-term, we will depreprecate the existing `live_migration
Blueprint information
- Status:
- Complete
- Approver:
- Dan Smith
- Priority:
- Low
- Drafter:
- Kashyap Chamarthy
- Direction:
- Approved
- Assignee:
- Kashyap Chamarthy
- Definition:
- Approved
- Series goal:
- Accepted for stein
- Implementation:
- Implemented
- Milestone target:
- stein-3
- Started by
- melanie witt
- Completed by
- Matt Riedemann
Related branches
Related bugs
Bug #1798796: libvirt: Use VIR_MIGRATE_TLS to get QEMU's native TLS support for migration and NBD | Fix Released |
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
libvirt: Support native TLS for migration and disks over NBD
Gerrit topic: https:/
Addressed by: https:/
docs: Secure live migration with QEMU-native TLS
We were holding approval of this blueprint pending the preliminary review of a docs patch for the series. That has been done at this point, and so now we're approving the blueprint. -- melwitt 20190110
Gerrit topic: https:/
Addressed by: https:/
libvirt: A few miscellaneous items related to "native TLS"
Addressed by: https:/
docs: Update references to "QEMU-native TLS" document