DaanHoogland commented on a change in pull request #2505: CLOUDSTACK-10333:
Secure Live VM Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#discussion_r179684831
##########
File path: debian/cloudstack-agent.postinst
##########
@@ -50,6 +50,13 @@ case "$1" in
mkdir /etc/libvirt/hooks
fi
cp -a /usr/share/cloudstack-agent/lib/libvirtqemuhook
/etc/libvirt/hooks/qemu
+
+ # Enable TLS enabled VM migration for libvirtd
+ if ! iptables-save | grep -- "-A INPUT -p tcp -m tcp --dport 16514 -j
ACCEPT" > /dev/null; then
+ iptables -t filter -A INPUT -p tcp -m tcp --dport 16514 -j ACCEPT
+ iptables-save > /etc/iptables/rules.v4
+ fi
+
Review comment:
Is there an alternative that will work. I would not like to see a large
devide between the amount of work to be done on rhel-like systems versus
debian-likes.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
