[jira] [Commented] (CLOUDSTACK-10333) Secure VM Live migration for KVM

Thu, 29 Mar 2018 04:59:35 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-10333?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16418844#comment-16418844
 ] 

ASF GitHub Bot commented on CLOUDSTACK-10333:
---------------------------------------------

rhtyd commented on a change in pull request #2505: CLOUDSTACK-10333: Secure 
Live VM Migration for KVM
URL: https://github.com/apache/cloudstack/pull/2505#discussion_r178033101
 
 

 ##########
 File path: agent/src/com/cloud/agent/Agent.java
 ##########
 @@ -274,6 +279,19 @@ public void start() {
             }
         }
         _shell.updateConnectedHost();
+
+        // In case of software based restart, GC to remove old instances
+        _executor.submit(new Runnable() {
 
 Review comment:
   Yes @rafaelweingartner, with the feature we've introduced a background 
thread that will perform software based restart of the agent. Look at the post 
renewal restart task. With this it will be easier to restart an agent without 
actually restarting the agent JVM process. This runnable is needed to GC old 
agent instance, we can remove this as well, but keeping it ensures that old 
agent is stopped+GC-ed.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Secure VM Live migration for KVM
> --------------------------------
>
>                 Key: CLOUDSTACK-10333
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10333
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Major
>             Fix For: 4.12.0.0, 4.11.1.0
>
>
> With use of CA framework to secure hosts, the current mechanisms don't secure 
> libvirtd to use those certificates (used by agent to connect to mgmt server). 
> This causes insecure vm migration over tcp instead of tls. The aim is to use 
> the same framework and certificates to secure live VM migration. This could 
> be coupled with securing of a host and renewal/provisioning of certificates 
> to host.
>  
> FS: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+Live+VM+Migration+for+KVM



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to