cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ugo Vasi <ugo.v...@procne.it.INVALID>
Subject Re: secure hosts communications
Date Wed, 30 Jan 2019 11:17:09 GMT
Hi Rohit,
I have a 4.11.2.0 ACS infrastructure (Ubuntu 16.04 with KVM hypervisor) 
I see that all the hosts are in unsecure state from the UI and so the 
live migration don't works (we had trubles with mgmt server).

I read in the documentation that launching the provisionCertificate API 
(by pressing the appropriate button in the UI) the certificates will be 
renewed/regenerated for already connected agents/hosts.

I do not understand if provisioning should be done manually on each host 
or if the procedure should be done only once.

Do this procedure reboot the host or the instances that it contains?


Thanks



Il 27/11/18 09:49, Rohit Yadav ha scritto:
> Hi Richard,
>
>
> Please read: http://docs.cloudstack.apache.org/en/4.11.2.0/adminguide/hosts.html#security
>
>
> 4.11.2 is out, please consider using it instead of 4.11.1 as it has several bugfixes
etc.
>
> In short, with all of your KVM hosts up and connected to mgmt server, first change the
auth strictness global setting to true, then using API secure the hosts using the provisionCertificate
API. In the UI, go to your hosts that don't show up as secure and click on the key button
(a new button) to secure the host which calls the provisionCertificate API as well.
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Richard Persaud <richard.persaud@macys.com>
> Sent: Monday, November 26, 2018 8:19:56 PM
> To: users@cloudstack.apache.org
> Subject: RE: secure hosts communications
>
> Thank you, Rohit.
>
> I am using 4.11.1 with a full KVM environment. They are showing unsecure with strictness
set to true.
>
> What configuration needs to be adjusted to have the KVM hosts show secure?
>
> Regards,
>
> Richard Persaud
>
> From: Rohit Yadav <rohit.yadav@shapeblue.com>
> Sent: Saturday, November 24, 2018 2:02 PM
> To: users@cloudstack.apache.org
> Subject: Re: secure hosts communications
>
> ⚠ EXT MSG:
>
> Richard,
>
>
> Starting 4.11, agent and management servers will use an in-built CA framework to secured
hosts. Only in case of KVM hosts you may see an insecure state, otherwise all KVM hosts (agents)
and SSVM/CPVM agents will by default in Up state will be secured. There is an auth strictness
setting that should be true.
>
>
>
> - Rohit
>
> <https://cloudstack.apache.org>
>
>
>
> ________________________________
> From: Richard Persaud <richard.persaud@macys.com<mailto:richard.persaud@macys.com>>
> Sent: Saturday, November 24, 2018 4:21:24 AM
> To: users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>
> Subject: secure hosts communications
>
> Hello,
>
> Is there straight-forward to enable secure communications between the management and
the hosts?
>
> I have looked at many documentations but am still unable to get the hosts to show a "secure"
state.
>
> Regards,
>
> Richard Persaud
>
>
> rohit.yadav@shapeblue.com<mailto:rohit.yadav@shapeblue.com>
> www.shapeblue.com<https://isolate.menlosecurity.com/0/eJyrViotylGyUsooKSmw0tcvLy_XK85ILEhNyilN1UvOz1XSUSrKV7Iy1FEqyUwBqjM0MFaqBQDf4BCe>
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>
> * This is an EXTERNAL EMAIL. Stop and think before clicking a link or opening attachments.
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>    
>   
>
>
>
>


-- 

*Ugo Vasi* / System Administrator
ugo.vasi@procne.it <mailto:ugo.vasi@procne.it>




*Procne S.r.l.*
+39 0432 486 523
via Cotonificio, 45
33010 Tavagnacco (UD)
www.procne.it <http://www.procne.it/>


Le informazioni contenute nella presente comunicazione ed i relativi 
allegati possono essere riservate e sono, comunque, destinate 
esclusivamente alle persone od alla Società sopraindicati. La 
diffusione, distribuzione e/o copiatura del documento trasmesso da parte 
di qualsiasi soggetto diverso dal destinatario è proibita sia ai sensi 
dell'art. 616 c.p., che ai sensi del Decreto Legislativo n. 196/2003 
"Codice in materia di protezione dei dati personali". Se avete ricevuto 
questo messaggio per errore, vi preghiamo di distruggerlo e di informare 
immediatamente Procne S.r.l. scrivendo all' indirizzo e-mail 
info@procne.it <mailto:info@procne.it>.


Mime
View raw message