Security Guide - Chapter 43. Encrypted Live Migration Section Cleanup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Undecided
|
Dan Sneddon |
Bug Description
Avoiding 1st/2nd person, cleaning up grammar and wording. Would love to get more info around how to configure that in libvirtd, but I'll do research on it and come back to it.
Currently reads: "If your use case involves keeping live migration enabled, then libvirtd can provide tunneled, encrypted live migrations. That said, this feature is not currently exposed in OpenStack Dashboard, nor the nova-client commands and can only be accessed through manual configuration of libvirtd. Encrypted live migration modifies the live migration process by first copying the instance data from the running hypervisor to libvirtd. From there an encrypted tunnel is created between the libvirtd processes on both hosts. Finally, the destination libvirtd process copies the instance back to the underlying hypervisor."
Recommended Update: "If there is a sufficient business case for keeping live migration enabled, then libvirtd can provide and encrypted tunnel for the live migrations. However this feature is not currently exposed in either the OpenStack Dashboard or nova-client commands, and can only be accessed through manual configuration of libvirtd. The live migration process then changes to the following high-level steps.
1) Instance data is copied from the hypervisor to libvirtd
2) An encrypted tunnel is created between libvirtd processes on both source and destination hosts
3) Destination libvirtd host copies the instances back to an underlying hypervisor"
-------
Built: 2014-07-18T16:16:50 00:00
git SHA: d7b47995e6316a4
URL: http://
source File: file:/home/
xml:id: security-
Changed in openstack-manuals: | |
assignee: | nobody → Dan Sneddon (dsneddon) |
status: | New → In Progress |
Should probably double-check my grammar and spelling with the recommendation , "then libvirtd can provide and encrypted tunnel for the live migrations." should probably be AN encrypted tunnel