This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch libvirt-tls in repository https://gitbox.apache.org/repos/asf/cloudstack-docs-admin.git
commit c0a48d8648e71ba0e328698981aa49242ecf8844 Author: Rohit Yadav <[email protected]> AuthorDate: Tue Mar 27 14:11:48 2018 +0530 CLOUDSTACK-10333: Update docs per secure live VM migration Signed-off-by: Rohit Yadav <[email protected]> --- source/hosts.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source/hosts.rst b/source/hosts.rst index 4ea93ee..70d8da5 100644 --- a/source/hosts.rst +++ b/source/hosts.rst @@ -740,3 +740,10 @@ and space are replaced with `~`: keystore-setup <properties file> <keystore file> <passphrase> <validity> <csr file> keystore-cert-import <properties file> <keystore file> <mode: ssh|agent> <cert file> <cert content> <ca-cert file> <ca-cert content> <private-key file> <private key content:optional> + +Starting 4.11.1, a KVM host is considered secured when it has its keystore and +certificates setup for both the agent and libvirtd process. A secured host will +only allow and initiate TLS enabled live VM migration. This requires libvirtd +to listen on default port 16514, and the port to be allowed in the firewall +rules. Certificate renewal (using the `provisionCertificate` API) will restart +both the libvirtd process and agent after deploying new certificates. -- To stop receiving notification emails like this one, please contact [email protected].
