live-migration without root ssh access
Bug #1375109 reported by
Nobuto Murata
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Nova Compute Charm |
Triaged
|
Wishlist
|
Unassigned | ||
| nova-compute (Juju Charms Collection) |
Invalid
|
Wishlist
|
Unassigned | ||
Bug Description
At this moment, nova-compute charm seems to setup root user SSH access each other for live-migration.
http://
"SSH login as root" may violate internal security policy especially for enterprise usage. It would be nice if the charm supports other methods like "login as nova (+ rootwrap.d if required)" or options to be away from SSH using SASL or TLS.
| tags: | added: openstack |
| tags: | added: cts |
Revision history for this message
| James Page (james-page) wrote | #1 |
| Changed in nova-compute (Juju Charms Collection): | |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
| Changed in charm-nova-compute: | |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
| Changed in nova-compute (Juju Charms Collection): | |
| status: | Triaged → Invalid |
To post a comment you must log in.
This is why we don't enable live migration by default; right now this approach is imposed by upstream nova, so there is not a huge amount we can do about it in the charm as its completely libvirt driven (i.e. no knowledge of rootwrap).