You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2018/04/19 18:40:24 UTC
[cloudstack-docs-admin] branch 4.11 updated: CLOUDSTACK-10333:
Update docs per secure live VM migration (#50)
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch 4.11
in repository https://gitbox.apache.org/repos/asf/cloudstack-docs-admin.git
The following commit(s) were added to refs/heads/4.11 by this push:
new 2e1350b CLOUDSTACK-10333: Update docs per secure live VM migration (#50)
2e1350b is described below
commit 2e1350bb97e648ac5e39be6ce54f0336c30e990f
Author: Rohit Yadav <ro...@apache.org>
AuthorDate: Fri Apr 20 00:10:20 2018 +0530
CLOUDSTACK-10333: Update docs per secure live VM migration (#50)
Signed-off-by: Rohit Yadav <ro...@apache.org>
---
source/hosts.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/source/hosts.rst b/source/hosts.rst
index 4ea93ee..70d8da5 100644
--- a/source/hosts.rst
+++ b/source/hosts.rst
@@ -740,3 +740,10 @@ and space are replaced with `~`:
keystore-setup <properties file> <keystore file> <passphrase> <validity> <csr file>
keystore-cert-import <properties file> <keystore file> <mode: ssh|agent> <cert file> <cert content> <ca-cert file> <ca-cert content> <private-key file> <private key content:optional>
+
+Starting 4.11.1, a KVM host is considered secured when it has its keystore and
+certificates setup for both the agent and libvirtd process. A secured host will
+only allow and initiate TLS enabled live VM migration. This requires libvirtd
+to listen on default port 16514, and the port to be allowed in the firewall
+rules. Certificate renewal (using the `provisionCertificate` API) will restart
+both the libvirtd process and agent after deploying new certificates.
--
To stop receiving notification emails like this one, please contact
rohit@apache.org.