e28a1b8b70
TLS client verification used to be accidentally disabled in libvirt. This was fixed in libvirt-6.10.0-1. Which means, once you're using libvirt-6.10.0-1 or higher, a client certificate is mandatory during live migration with TLS. If we simply create the client certificate, this will fix live-migration of newly created instance but will not fix already created instances. This change will allow us to keep client certificate validation disabled during the train release cycle and re-enable it from Wallaby and onward. Related-Change: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/785438/ Related: https://bugzilla.redhat.com/show_bug.cgi?id=1945760 Change-Id: I628e5ef0a50799e44145fe4ed78303d0fdbf5838
6 lines
161 B
YAML
6 lines
161 B
YAML
---
|
|
features:
|
|
- |
|
|
Introducing default_tls_verify for qemu.
|
|
This effectively allows operators to enable or disable TLS client certificate verification.
|