Child pages
  • Options to Secure Libvirt Network Connections for KVM
Skip to end of metadata
Go to start of metadata

Bug Reference

CLOUDSTACK-8251

Purpose

Allow admins to secure libvirt by enabling TLS or SSH-based live migration. When this is enabled, the migration will also be tunneled through libvirt, so it is no longer required to open ports 49152 - 49216.

Architecture and Design description

Add an agent.properties parameter allowing the admin to specify whether they want to use TLS or SSH based migration connection, then use that parameter to craft the libvirt connection used for migration.

e.g.

vm.migrate.uri.type=ssh

or 

vm.migrate.uri.type=tls


additionally, support option to specify a user for ssh:

vm.migrate.ssh.user=migrateuser