On Tue, Nov 10, 2015 at 01:52:16PM +0300, Nikolay Shirokovskiy wrote: > Hi guys. > > I have a problem getting migration traffic encrypted for some scenarios. I need to > migrate domain with non shared disks and can't use tunelled migration because of RHEL7 qemu. > Without tunnel i get both vm state and disk state traffic unencrypted between > peer's qemus. AFAIK there is a work in progress in qemu to bring TLS encryption > to all channels and eventually I get desired functionality but what are my options > now? > I thinking of forwarding ports from destination to source and use localhost in > hypervisor uri. The only problem is that port for disk migration is auto selected. > Can we add a patch to pass this port as a migration parameter? > We already have a migration URI, where you can specify the port: http://libvirt.org/migration.html#uris so working around the lack of encryption should be possible. The listen address can now also be specified if you don't want QEMU to listen on all interfaces: http://libvirt.org/html/libvirt-libvirt-domain.html#VIR_MIGRATE_PARAM_LISTEN_ADDRESS Jan
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list