GitHub user dcontiveros-nf closed a discussion: Quick question about keystore 
(jks) requirement

Hello fellow cloudstack users/admins.

I had a quick question concerning JKS requirements. From what I understand, 
this is the join procedure from an agent's viewpoint:

1. The agent communicates to the management server on port `8250`,
2. A certificate sent over the handshake and entries added to `cloud.jks`.
3. Libvirt transfers will only work for this:

> Starting 4.11.1, a KVM host is considered secured when it has its keystore 
> and certificates setup for both the agent and libvirtd process. A secured 
> host will only allow and initiate TLS enabled live Instance migration. This 
> requires libvirtd to listen on default port 16514, and the port to be allowed 
> in the firewall rules

Is there a way to disable this functionality? We are in PoC stage and starting 
to fully automate a lot of these prereqs. We have some custom tooling around 
`.jks` generation, but am just wondering if this part is mandatory for 
functionality. 

Thanks!

GitHub link: https://github.com/apache/cloudstack/discussions/10784

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org

Reply via email to