puppet-nova

History

David Vallee Delisle e046a3bf63 Introducing default_tls_verify TLS client verification used to be accidentally disabled in libvirt. This was fixed in libvirt-6.10.0-1. Which means, once you're using libvirt-6.10.0-1 or higher, a client certificate is mandatory during live migration with TLS. If we simply create the client certificate, this will fix live-migration of newly created instance but will not fix already created instances. This change will allow us to keep client certificate validation disabled during the train release cycle and re-enable it from Wallaby and onward. Related-Change: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/785438/ Related: https://bugzilla.redhat.com/show_bug.cgi?id=1945760 Change-Id: I628e5ef0a50799e44145fe4ed78303d0fdbf5838 (cherry picked from commit `e28a1b8b70`)	2021-04-21 03:12:05 +00:00
..
notes	Introducing default_tls_verify	2021-04-21 03:12:05 +00:00
source	Update master for stable/victoria	2020-10-08 14:43:26 +00:00

David Vallee Delisle e046a3bf63 Introducing default_tls_verify

TLS client verification used to be accidentally disabled in libvirt.
This was fixed in libvirt-6.10.0-1.
Which means, once you're using libvirt-6.10.0-1 or higher, a client
certificate is mandatory during live migration with TLS.

If we simply create the client certificate, this will fix live-migration
of newly created instance but will not fix already created instances.

This change will allow us to keep client certificate validation disabled
during the train release cycle and re-enable it from Wallaby and onward.

Related-Change: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/785438/
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1945760
Change-Id: I628e5ef0a50799e44145fe4ed78303d0fdbf5838
(cherry picked from commit e28a1b8b70)

2021-04-21 03:12:05 +00:00

notes Introducing default_tls_verify 2021-04-21 03:12:05 +00:00

source Update master for stable/victoria 2020-10-08 14:43:26 +00:00