Merge "Disable live migration over TLS"
This commit is contained in:
commit
210aeaaab1
docker/services
puppet/services
releasenotes/notes
@ -46,7 +46,8 @@ parameters:
|
||||
default: true
|
||||
description: If set to true and if EnableInternalTLS is enabled, it will
|
||||
set the libvirt URI's transport to tls and configure the
|
||||
relevant keys for libvirt.
|
||||
relevant keys for libvirt. NOTE. this is currently being
|
||||
ignored and TLS for libvirtd is always disabled for now.
|
||||
DockerNovaMigrationSshdPort:
|
||||
default: 2022
|
||||
description: Port that dockerized nova migration target sshd service
|
||||
@ -70,14 +71,14 @@ parameters:
|
||||
|
||||
conditions:
|
||||
|
||||
use_tls_for_live_migration:
|
||||
and:
|
||||
- equals:
|
||||
- {get_param: EnableInternalTLS}
|
||||
- true
|
||||
- equals:
|
||||
- {get_param: UseTLSTransportForLiveMigration}
|
||||
- true
|
||||
use_tls_for_live_migration: false
|
||||
# and:
|
||||
# - equals:
|
||||
# - {get_param: EnableInternalTLS}
|
||||
# - true
|
||||
# - equals:
|
||||
# - {get_param: UseTLSTransportForLiveMigration}
|
||||
# - true
|
||||
|
||||
need_libvirt_secret:
|
||||
or:
|
||||
|
@ -66,7 +66,8 @@ parameters:
|
||||
default: true
|
||||
description: If set to true and if EnableInternalTLS is enabled, it will
|
||||
set the libvirt URI's transport to tls and configure the
|
||||
relevant keys for libvirt.
|
||||
relevant keys for libvirt. NOTE. this is currently being
|
||||
ignored and TLS for libvirtd is always disabled for now.
|
||||
InternalTLSCAFile:
|
||||
default: '/etc/ipa/ca.crt'
|
||||
type: string
|
||||
@ -100,14 +101,14 @@ parameters:
|
||||
|
||||
conditions:
|
||||
|
||||
use_tls_for_live_migration:
|
||||
and:
|
||||
- equals:
|
||||
- {get_param: EnableInternalTLS}
|
||||
- true
|
||||
- equals:
|
||||
- {get_param: UseTLSTransportForLiveMigration}
|
||||
- true
|
||||
use_tls_for_live_migration: false
|
||||
# and:
|
||||
# - equals:
|
||||
# - {get_param: EnableInternalTLS}
|
||||
# - true
|
||||
# - equals:
|
||||
# - {get_param: UseTLSTransportForLiveMigration}
|
||||
# - true
|
||||
|
||||
libvirt_specific_ca_unset:
|
||||
equals:
|
||||
|
6
releasenotes/notes/libvirtd-tls-6de6fb35e0ac0ab1.yaml
Normal file
6
releasenotes/notes/libvirtd-tls-6de6fb35e0ac0ab1.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
security:
|
||||
- |
|
||||
Live migration over TLS has been disabled since the settings it was using
|
||||
don't meet the required security standards. It is currently not possible to
|
||||
enable it via t-h-t.
|
Loading…
x
Reference in New Issue
Block a user