8b27aa09ee
The guide to enable secure live migration with QEMU-native tls on nova compute nodes missed an important config option. Without this option a default connection is uses which is TCP instead of TLS. This leads to an unecrypted migration of the ram. Closes-Bug: #1919357 Change-Id: I5cbc4ec8f15ca7c66ca9562b536299524ab5999c
OpenStack Security Notes (OSSN)
The OpenStack Security Group (OSSG) publishes Security Notes to advise users of security related issues. Security notes are similar to advisories; they address vulnerabilities in 3rd party tools typically used within OpenStack deployments and provide guidance on common configuration mistakes that can result in an insecure operating environment.
Repository Layout
This repository contains published Security Notes and templates that should be used when creating new Security Notes.
notes - contains Security Notes in e-mail format (see the templates)
templates - contains e-mail and wiki format templates
Useful Links
A list of published Security Notes is available here:
https://wiki.openstack.org/wiki/Security_Notes
The process used to create new Security Notes is available here:
https://wiki.openstack.org/wiki/Security/Security_Note_Process