live-migration without root ssh access
Bug #1375109 reported by
Nobuto Murata
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Nova Compute Charm |
Triaged
|
Wishlist
|
Unassigned | ||
nova-compute (Juju Charms Collection) |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
At this moment, nova-compute charm seems to setup root user SSH access each other for live-migration.
http://
"SSH login as root" may violate internal security policy especially for enterprise usage. It would be nice if the charm supports other methods like "login as nova (+ rootwrap.d if required)" or options to be away from SSH using SASL or TLS.
tags: | added: openstack |
tags: | added: cts |
Changed in charm-nova-compute: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
Changed in nova-compute (Juju Charms Collection): | |
status: | Triaged → Invalid |
To post a comment you must log in.
This is why we don't enable live migration by default; right now this approach is imposed by upstream nova, so there is not a huge amount we can do about it in the charm as its completely libvirt driven (i.e. no knowledge of rootwrap).