I'm not able to post comments on the wiki even when logged in so I post to the mailing list. I guess I'm not in any special wiki group to edit CS pages.
Good news you made the live migration working (right?) on master. Is it really something we want to control under CS on the agent installation all this libvirt TLS setup? Maybe the installation could write libvirtd configuration file for TLS and non-TLS setup in CS and/or libvirt /etc directory but without overriding the normal one. I have to admit I'm not familiar with how things are usually done in CS for external components. You can also add to cloudstack configuration the libvirt flags used for the live migration, which should be customizable in some way. On my PR it's in agent.properties, but it could be sent along with the migration command. I would welcome if you could setup a wiki page that I could edit on the KVM live migration so I could add my remark on my experience and things to config/consider. On your question: +1 on having the configuration value for TLS or plain tcp. Marc-Aurèle On Thu, 2017-11-16 at 10:32 +0000, Rohit Yadav wrote: > All, > > > Kindly review and share your thoughts and comments for a new feature > - Secure VM live migration for KVM, this feature builds on top of the > previous feature that brought in a new CA framework [1] for > CloudStack. > > > Here is a rough first draft for your review: > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+KVM+VM+ > Live+Migration > > > [1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Age > nt+Communications > > > Regards. > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > >
