rohityadavcloud commented on issue #5834: URL: https://github.com/apache/cloudstack/issues/5834#issuecomment-1010256465
@pipo, while the initial config may not look optimal, by default, when you add host in CloudStack (using root user + password or ssh-public key based auth) libvirtd is reconfigured with TLS certificates from CloudStack's CA framework with listening/ports reconfigured on port 16514 on localhost. When making connection, the cloudstack-agent process talks to libvirtd over TLS/16514 (both for local-kvm/libvirt operations and for live VM migration across hosts). It is assumed that admin will put some kind of firewall configuration in production env. The host security (CA framework) is discussed here: https://docs.cloudstack.apache.org/en/latest/adminguide/hosts.html#security Pl do suggest or raise a PR here if there's any specific config we're put in the installation section: https://github.com/apache/cloudstack-documentation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
