add CC On 10.11.2015 14:24, Nikolay Shirokovskiy wrote: > > > On 10.11.2015 14:08, Ján Tomko wrote: >> On Tue, Nov 10, 2015 at 01:52:16PM +0300, Nikolay Shirokovskiy wrote: >>> Hi guys. >>> >>> I have a problem getting migration traffic encrypted for some scenarios. I >>> need to >>> migrate domain with non shared disks and can't use tunelled migration >>> because of RHEL7 qemu. >>> Without tunnel i get both vm state and disk state traffic unencrypted >>> between >>> peer's qemus. AFAIK there is a work in progress in qemu to bring TLS >>> encryption >>> to all channels and eventually I get desired functionality but what are my >>> options >>> now? >>> I thinking of forwarding ports from destination to source and use >>> localhost in >>> hypervisor uri. The only problem is that port for disk migration is auto >>> selected. >>> Can we add a patch to pass this port as a migration parameter? >>> >> >> We already have a migration URI, where you can specify the port: >> http://libvirt.org/migration.html#uris >> so working around the lack of encryption should be possible. > True, but I need to specify 2 ports: one for vm state migration and > one for vm disks migration (in case of non shared disks). >> >> The listen address can now also be specified if you don't want QEMU to >> listen on all interfaces: >> http://libvirt.org/html/libvirt-libvirt-domain.html#VIR_MIGRATE_PARAM_LISTEN_ADDRESS >> >> Jan >> > > -- > libvir-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/libvir-list >
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
