You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Steve Roles <st...@shapeblue.com> on 2018/07/16 14:38:11 UTC
Secure Live KVM VM Migration with CloudStack 4.11.1
Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/
Best regards,
steve.roles@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
RE: Secure Live KVM VM Migration with CloudStack 4.11.1
Posted by Piotr Pisz <pp...@pulab.pl>.
Hi Rohit,
The operation you are writing about is beyond my capabilities, could you write how to perform such encryption and update such a table correctly? I will be very obliged :-)
Best regards,
Piotr
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Monday, July 23, 2018 10:03 AM
To: users@cloudstack.apache.org; ppisz@pulab.pl
Subject: Re: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi Piotr,
In the current implementation, the plugin cannot be used to act as a sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. However, for the default root-ca plugin you can set your own CA keypair and certificate in cloud.configuration table (this will require encrypting the value/string and updating in the table/db), the only requirement is that the CA certificate should have the same attributes/fields as generated by CloudStack for example the certificate can be used for signing other certificates (act as a CA) etc.
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Piotr Pisz <pp...@pulab.pl>
Sent: Tuesday, July 17, 2018 4:11:48 PM
To: users@cloudstack.apache.org
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi Steve,
Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?
Regards,
Piotr
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-----Original Message-----
From: Steve Roles <st...@shapeblue.com>
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/
Best regards,
steve.roles@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
Re: Secure Live KVM VM Migration with CloudStack 4.11.1
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Piotr,
In the current implementation, the plugin cannot be used to act as a sub-ordinate or intermediate CA out of the box. One can write a new CA plugin. However, for the default root-ca plugin you can set your own CA keypair and certificate in cloud.configuration table (this will require encrypting the value/string and updating in the table/db), the only requirement is that the CA certificate should have the same attributes/fields as generated by CloudStack for example the certificate can be used for signing other certificates (act as a CA) etc.
- Rohit
<https://cloudstack.apache.org>
________________________________
From: Piotr Pisz <pp...@pulab.pl>
Sent: Tuesday, July 17, 2018 4:11:48 PM
To: users@cloudstack.apache.org
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi Steve,
Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?
Regards,
Piotr
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Steve Roles <st...@shapeblue.com>
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/
Best regards,
steve.roles@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
RE: Secure Live KVM VM Migration with CloudStack 4.11.1
Posted by Steve Roles <st...@shapeblue.com>.
Hi Piotr. I didn't write the blog, but I have copied in the author and I'm sure he'll reply when he's back from his holiday.
Steve Roles
steve.roles@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Piotr Pisz <pp...@pulab.pl>
Sent: 17 July 2018 11:42
To: users@cloudstack.apache.org
Subject: RE: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi Steve,
Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?
Regards,
Piotr
-----Original Message-----
From: Steve Roles <st...@shapeblue.com>
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/
Best regards,
steve.roles@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
RE: Secure Live KVM VM Migration with CloudStack 4.11.1
Posted by Piotr Pisz <pp...@pulab.pl>.
Hi Steve,
Is there any chance that the inbuilt certicate authority would act as a subordinate ca (not root ca)?
Regards,
Piotr
-----Original Message-----
From: Steve Roles <st...@shapeblue.com>
Sent: Monday, July 16, 2018 4:38 PM
To: 'dev' <de...@cloudstack.apache.org>; users@cloudstack.apache.org
Subject: Secure Live KVM VM Migration with CloudStack 4.11.1
Hi all - if you're interested in the topic, Rohit has written a blog about it here: https://www.shapeblue.com/secure-live-kvm-vm-migration-with-cloudstack-4-11-1/
Best regards,
steve.roles@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue